Built-in encryption solution for secure emailing functionality without addons for all email services


#1

I didn’t class this as a Feature-Extension Request as I honestly don’t think it should be created as an extension and should more so be a built-in feature which is continuously improved upon in an open source sort of way and I’m certain email solutions such as ProtonMail and Tuntanota as well as others will support.

There are many encryption-on-the-fly solutions available on Firefox and Chrome which is difficult to deduce which one to trust in terms of security as the majority of them don’t seem to make any improvements and I’m sure there are more way of increasing privacy to the solutions they’ve developed but sort of neglected. I honestly don’t know what occurred to some of them when developing the same solutions

I’ve listed a series of third party email encryption solutions which I wish was really just one version of which is always optimally improved.
I figured as initially stated, if Brave would take a look at these solutions and incorporate a feature within Brave itself which offers a more practical solution for users not requiring a specific extension/addon for a particular email service and would instead be encrypted via the built-in email encrypting feature within Brave.

I personally think it is possible not that I can help in anyway but it would be unique and very privacy centric and would relate to the fundamental reason as to why you created the Brave Browser in the first place. It would be brilliant if you could contact the developers of the listed extensions regarding my suggestion.
The reason for the collaboration being that it could act similarly to VeraCrypt in that there aren’t really many free solutions that work as effectively and securely and is best considering they aren’t profiting from their developments if they could instead collaborate with the feature commendation.

Nevertheless, at the bottom I also included another possible solution for Brave to take a look at and would be interest in your views. One final thing I wanted to mention is that unlike all of the browser available in the world I you take on my suggestion I suppose Brave could also allow a BravePayments system for the free extention/addon whereby the developer can actually swiftly and anonymously get paid for their efforts. I suppose this can also encourage the developer alike to further develop their and other solutions within Brave. Thanks.

I also included a website link which maybe through financial support of the brave community or if you’ve got enough capital to fund it, the system below seems a rather simplistic solution for Brave to deploy if they allow it to be built into Brave to save time and not stressing much over improvements as they’ll take care of it.


#2

Nice suggestion @Numpty :slight_smile: I like that.

I don’t think this would be considered soon (as the team has been already focusing on other things whose priority is higher), still it will be revisited later.

Thanks


#3

There is a request for PGP Mail encryption here


and Mailvelope Extension

Mailvalope extension is already added to extensions request list

@Numpty Does either of these cover your request?


#4

They do cover my request, but wasn’t necessarily my point, the problem you’ll probably laugh at me for typing this is that they all cover my request but I’m always dubious in terms of which is the most securest, which one is the most efficient, which one is reliable meaning the developer behind it believes in the necessity of such a tool and understands that it requires updates to meet up with modern attacks and privacy degrading aspects that come to light, thus enabling me to trust it.

@sriram @suguru @cezaraugusto @ConorIA opened and requested issues relating to this discussion but please don’t think me obtuse if you think this is an open and shut case because I’ve honestly looked into this matter for quite some time having heard other companies constantly speak about it’s ease of use but they always either seem to struggle with PGP implementation or don’t dedicate the time to it. That’s why I think it needs a greater collaboration of the extension developers themselves as well as from the company services in which they’re going to be used on for a unique version as initially stated.

Not that I should be complaining about it because I can’t help whatsoever, I don’t want to sound prissy but I don’t want Brave just to adopt versions exactly like the Chrome version where it lacks in one app but is offered in another app resulting in a bloated store that have brilliant developers that offer free solutions but aren’t merited for their efforts apart from the fact of the Chrome store displaying in a small grey text the number of user downloads. I hope you take my original comments into consideration I personally think it would be best if you converse with the developers regarding this so they could help help with fixes, bugs or faults you may come across in the collaboration. Not to mention when everything goes successfully Brave could actually initialize a payment system for the Brave version for all the proprietary developers.

Also one other factor which I can’t believe didn’t occur to before is the fact that it has to be open for thorough scrutiny. I say this because if I worked for a governmental firm, if you know what I mean, PGP is most certainly something I’d tamper.

The below solutions are free:

Mailvelope 226,979 Users - Last Updated 24 February 2017

CryptUp 4,855 Users - Last Updated 21 March 2017

encrypt/secure files 332 Users - Last Updated 24 August 2016

Cryptable - Encrypt messages 410 Users - Last Updated March 2015

Cryptr 15 130 Users - December 2014

The two below aren’t entirely free as they also a paid version with features but I’ve got a brilliant idea for Brave relating this which could result in another revenue stream but I suppose you won’t want to hear about it if you don’t agree with the above sentiments.

SendSafely 1605 Users - March 8 2017

Jumble Email Encryption 903 Users - Last Updated 26 July 2016

I apologies for being laborious.


#5

I only just spotted something remarkably identical suggested by @N3tNinj4 @discourse over here and figure once you consider it, you can go through the interesting comments

The reason for the topic was because as stipulated before other companies will be willing to help because they’re too struggling to implement for PGP end-to-end as though it is occurring natively within their own systems. So once everything goes to plan, possibly an alliance of some sort seems a good idea to speed it up and figure out what the threats and solutions are.

This could also be linked to this topic Secure email functionality of ProtonMail and others


#6

I think a better solution would be to integrate services such as ProtonMail.


#7

@bobtheman I think from what I understand ProtonMail is going to come out with a desktop client of their own later on and the background browser cryptography aspect and PRNG and possibly a couple more things suffice the use of its email web service.

I only brought it up because I’ve noticed as emailing and some of it modern necessities such as PGP have been incredibly difficult for such services to implement so I wanted the above extension developers to read this topic and collaborate in bringing it natively within Brave, which seems like an excellent idea if I may say so myself rather than hoarding a whole load of PGP orientated solutions in the Brave extension preference.


#8

I think a good first step would be for the browser itself to notify the user that using services such as gmail, or yahoo mail harms/puts at risk the users privacy in the notification area.

"using this email provider contributes to the degradation of user privacy, aides companies who promote this business model, and make it very difficult for you the user to obtain and secure privacy. We strongly encourage you consider using another provider such as: protonmail. " Dismiss Learn More

something of the sorts. I am in talks with some devs to overhaul the notification area within the browser (desktop) as it needs some very serious attention … so I know the space there is already hectic. That, hopefully, will be addressed sooner or later.


#9

also, this is an attempt for users to utilize a more secure provider of email … we should acknowledge that email in itself was never designed with privacy in mind. The prior suggestion still stands, but the better alternative would be to join the rest of the tech community in agreeing that email should be abandoned for other more useful and privacy concerned communication platforms. Wire possibly, Signal.

Wire has a desktop platform, and integrating it within the browser would be possible, but it would also come at a cost of … performance. But I cannot speak objectively regarding that as its not my specialty.


#10

I couldn’t agree more.


#11

The more encryption honestly, the better

I agree brave should have one of these (or something similar)


#12

@TheRedSpy I agree with you.


Mailvelope or PGP
#13

A Fire fox addon called MailtoWebmails would be nice also, this addon fix a issue on web pages, where people is can use web e-mail instead of desktop apps like outlook and others when see a link to click on to e-mail people.


#14

@SSmaster open up a new topic, enter request extension feature, and paste the link below, otherwise it may be missed seeing as how you pasted this comment suggestion below.

One other thing I’d personally like to know is how this helps you and are you coherently using it?

https://addons.mozilla.org/en-GB/firefox/addon/mailtowebmails/


#15

Hello. I hope what I am posting is not too off topic.
The focus for a lot of people is encryption and that’s fine. For people like myself I see using services like gmail, yahoo and others to be future hostage takers of your online ID. You need an email address to be verified or do any basic banking, online and IRL, or to register to a simple forum. We have many examples of people being banned or locked out of some social platforms because of their speech. Your government requires you to have a valid email address. It is not optional.

Eventually a “Brave Email” will have to be invented. It does not need to be fully encrypted at first and it does not need to have a massive amount of storage. The service could start with very little storage (text only less than 10 MB of storage) and grow over time.
No one will be able to shut it down.

A @brave.com email service Brave browser users would be proud of using and paying for.


#16

HI @DbythnU

I understand where you’re coming from but these are two completely different solutions - Security/Privacy based email service and Security/Privacy/technologically enhanced browser.

However, what you’re asking is shared by many a people and such solutions have been in development for quite some time for similar and greater resons.

https://tutanota.com/ and https://protonmail.com/ are two brilliant modern emailing services if you didn’t know about them already which truth be told compete with well know email services and continue to get better.


#17

I’ll def check them out! Thank you.:sunglasses:


#18

I totally agree. Brave will be much better if plugins like flowcrypt were avaliable. I’m not stoping using Chrome unless I can use those extensions. Would also love to see an extention which would aes encrypt my messages over facebook


#19

Yes, I think that’s what they’ll end up doing. A built-in encryption method may be too out of scope, I don’t why I though of it a plausible feature as one of the engineers has implied that they’ll mostly likely bring over a couple if not a handful of solution over to the future BraveStore rather than the ever growing extensive pgp solutions, some of which aren’t maintained anymore and other that may be dubious.