• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
Restore Privacy

Restore Privacy

Resources to stay safe and secure online

  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact
  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact

Let PGP Die: Why We Need a New Standard for Email Encryption

March 23, 2019 By Sven Taylor — 5 Comments

Let PGP Die

Since publishing the secure email guide, I’ve had some interesting exchanges with Tutanota staff about encrypted email and their unique solution to the challenges involved. In order to further clarify Tutanota’s rationale for going PGP-free, Matthias Pfau, cofounder of Tutanota, wrote this article exclusively for Restore Privacy readers.

PGP – the most widely used email encryption software – is still only a niche product: Only a fraction of the billions of emails sent every day are secured with PGP encryption. While security experts around the world have done their best to add PGP support to all kinds of email applications for decades, it is time to realize that PGP is simply too complex for mainstream adoption.

3 Reasons Why PGP Must Die

1. PGP was invented almost 30 years ago by Phil Zimmermann. However, even Phil Zimmermann, the inventor of PGP, doesn’t use it. The reason: It is too complicated to install PGP plugins for all your email applications: desktop clients, web clients, mobile clients. While you might still be able to use PGP on desktops and in web clients, the mobile world remains inaccessible to most people. This was also what stopped Phil Zimmermann. Today he mainly uses email on his phone – where PGP encryption is really hard to get.

2. Cryptography experts like Bruce Schneier understand that the most secure system can only be used securely if the user is capable of using it without making any mistakes. Unfortunately, this is not the case with PGP. In many email clients it is very easy for the user to send confidential emails with encryption turned off, so send unimportant emails with encryption turned on, or to accidentally send an encrypted email with the wrong key. Security expert Bruce Schneier concludes:

I have long believed PGP to be more trouble than it is worth. It’s hard to use correctly, and easy to get wrong. More generally, e-mail is inherently difficult to secure because of all the different things we ask of it and use it for.

Filippo Valsorda gives a very good explanation for PGP’s usability weakness:

I haven’t done a formal study, but I’m almost positive that everyone that used PGP to contact me has, or would have done (if asked), one of the following:

  • pulled the best-looking key from a keyserver, most likely not even over TLS
  • used a different key if replied with “this is my new key”
  • re-sent the e-mail unencrypted if provided an excuse like I’m traveling.”

3. OpenPGP projects (Gmail, Yahoo) were doomed and are now dead

A couple of years ago, Gmail tried to hop on the privacy-friendly bandwaggon – and Yahoo later joined in – by developing a Chrome plugin that was supposed to automatically encrypt emails between Gmail – and Yahoo – users with PGP. Soon after, Google stopped this end-to-end encryption project for Gmail.

PGP used to be great

PGP was a great invention, and it is still great for people who are capable of using it correctly. And while the technology of PGP has evolved, user-friendliness has not.

The biggest problem with PGP to this day is its complexity. “It’s a real pain,” says cryptography expert Matthew Green. “There’s key management – you have to use it in your existing email client, and then you have to download keys, and then there’s this whole third issue of making sure they’re the right keys.”

PGP is not fit for the future

On top of that, however, PGP has some inherent security weaknesses, which can not easily be fixed:

1. PGP does not support forward secrecy (PFS).

Without forward secrecy, a breach potentially opens up all your past communication (unless you change your keys regularly). It’s rumored that the NSA stockpiles encrypted messages in the hope of gaining access to the keys at a later date.

This risk is exactly why Valsorda is giving up on PGP: “A long-term key is as secure as the minimum common denominator of your security practices over its lifetime. It’s the weak link.”

Adding forward secrecy to asynchronous offline email is a huge challenge that is unlikely to happen because it would require breaking changes to the PGP protocol and to clients.

2. PGP does not encrypt the subject.

There is no possibility to add the option to encrypt or hide the metadata (sent from, sent to, date) with the PGP protocol.

3. PGP is not always compatible with PGP.

There are so many implementations of PGP that interoperability is not always a given. In addition, if you update your PGP key e.g. from RSA 2048 to RSA 4096, you need to decrypt your entire data with your old private key and re-encrypt it with your new private key.

4. PGP can only be used for email communication.

The encryption method can not be transferred to other systems like encrypted notes, chat, calendar.

EFfail and what comes next

In 2018 researchers from Munster University of Applied Sciences published the EFail vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails. The exploit uses a piece of HTML code to trick certain email clients, including Apple Mail, Outlook 2007 and Thunderbird, into revealing encrypted messages.

While the issue is not with the PGP protocol itself, but with the way it has been implemented, this still shows the inherent complexity of doing security right. While email – and PGP for that matter – are praised for being universally interoperable, EFail shows that this also poses a severe security threat. While one person in a conversation may be using a non-affected implementation of PGP, the other person might not.

Even though, vulnerabilities are found and patched – usually rather quickly – there is no knowing that your counterpart is using the updated, patched software or an old, outdated version.

All of this does not help in convincing people to start using end-to-end encryption for emails. What we need in the future is an easy-to-use version of end-to-end encryption, a solution that does not put the user at risk due to its complexity, but something that takes care of the security for the user – no matter where, when or with whom one is communicating.

The new approach must be as easy as it is already implemented in lots of messaging apps like Signal and even WhatsApp.

Future requirements for email encryption

To keep email encryption easy and secure for everybody, the model of the future can not depend on PGP for several reasons:

  • Key management must me automated.
  • It must be possible to automatically update encryption algorithms (e.g. to make the encryption resistant against quantum computers) without the need of involving the user.
  •  Backward compatibility must be stopped. Instead, all systems must update within a very short time-frame.
  • Forward secrecy must be added to the protocol.
  • Metadata must be encrypted or at least hidden.

This is what we at Tutanota have been working on these last couple of years: An easy-to-use email client that has baked encryption into the software and that lets users easily encrypt any email end-to-end.

When we started building Tutanota, we deliberately opted against using PGP. We chose a subset of the PGP’s algorithms – AES 128 and RSA 2048 – but with our own open sourced implementation. This allows us to encrypt subject lines, upgrade the algorithms, and add Forward secrecy. This gives us the great advantage that we can fix – and have in parts already – fixed the described weaknesses in PGP.

  1.  Tutanota already encrypts subject lines. We plan to also hide the metadata in the future.
  2. Key management and key authentication is automated in Tutanota, which makes it very easy to use.
  3. Tutanota encrypts and decrypts the users’ private key with the help of the users’ password. This enables the user to access their encrypted mailbox and to send encrypted emails on any device. Whether people use their encrypted mailbox with the web client, with the open source apps or with the secure desktop clients, Tutanota makes sure that all data is always stored encrypted.
  4. Encryption algorithms can be updated in Tutanota. We plan to update the algorithms used to quantum secure ones in the near future.
  5. We plan to add Forward secrecy to Tutanota.
  6. The encryption algorithms used in Tutanota can be applied to all kinds of data. The Tutanota mailbox already encrypts all data stored there, including the entire address book. We plan to add an encrypted calendar, encrypted notes, encrypted drive – all secured with the same algorithms.

Easy email encryption is already available. Now we must spread the word so that everybody understands that it is no longer necessary to allow Google, Yahoo and others to harvest our data. We can simply use encrypted emails so that nobody can spy on our private data.

We’d be happy to hear your feedback on Tutanota and what you would like to see included in an encrypted email client.

About Sven Taylor

Sven Taylor is the lead editor and founder of Restore Privacy, a digital privacy advocacy group. With a passion for digital privacy and accessible information, he created RestorePrivacy to provide you with honest, useful, and up-to-date information about online privacy, security, and related topics.

Reader Interactions

Comments

  1. Freddie

    February 9, 2022

    The first P stands for Pretty, not Perfect 🙂

    Reply
  2. JS

    November 28, 2021

    There’s a lot here that scares me. Keeping Keys encrypted on a server, as well as ‘secure’ desktop apps. In the past, Hushmail was required by court order to put a backdoor into their desktop encryption applet. Rolling your own encryption is likewise dangerous and should be vetted.

    While I always welcome a new standard, If people truly have a need for strong security, they should take the time learn how to use PGP correctly.

    -JS

    Reply
  3. Mike Fisher

    November 21, 2021

    I use PGP to sign things, mostly git-commits, source tarballs and packages. While there were some incidents (I wasn’t able to find them, sorry), signing with PGP still seems pretty robust. For signing I want my key to live a long time. Of course automated systems for building and distributing software-packages could probably update the signing key often or use some complicated protocol like messengers are using, I can’t see the benefit of that, but that is just me not knowing enough about these protocols. I use a hardware crypto device, it has many modules and it seems that OpenPGP is the easiest to use and the widest spread: git supports it, so do github and gitlab and many other git platforms. I can also authenticate with SSH using the OpenPGP module on the device. The name of PGP is definitely wrong, privacy is pretty (very) bad and in combination with email it is catastrophic. The use-casa I described is almost the opposite of privacy.

    If I want good encryption and privacy I use signal.

    Reply
    • Sav

      May 14, 2022

      Would you mind sharing what hardware cryptographic device you use? I’m interested in doing this too, thanks.

      Reply
      • Not the OP

        December 5, 2022

        Not the OP but I use Yubikeys for that.

        Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Sidebar

Digital Privacy Essentials:
Secure Browsers
Private Search Engines
Secure Email
Best Password Managers
Secure Messaging Services
Best Ad Blockers
Best VPN Services
Secure Cloud Storage

Privacy & Security Guides:
Privacy Tools
Alternatives to Google Products
Firefox Privacy Modifications
Five Eyes, 9 Eyes, 14 Eyes Spying
Browser Fingerprinting
Is Tor Safe?
Alternatives to Gmail
VPN vs Tor
Alternatives to WhatsApp
Is Your Antivirus Spying on You?
Controlling Communication Channels is Crucial for Privacy
Anonymity Networks: VPNs, Tor, and I2P
How to Really Be Anonymous Online
Private and Anonymous Payments

Secure Email Reviews:
ProtonMail Review
Tutanota Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
CTemplar Review
Temporary Email Services
Encrypted Email

Password Manager Reviews:
Bitwarden Review
LastPass Review
KeePass Review
NordPass Review
Dashlane Review
1Password Review
Best Password Managers

Secure Messaging App Reviews:
Wire Review
Signal Review
Threema Review
Telegram Review
Session Review
Wickr Review

Secure Cloud Storage Reviews
Tresorit Review
MEGA Cloud Review
Sync.com Review
Nextcloud Review
IDrive Review
pCloud Review
SpiderOak Review
NordLocker Review

How To Guides
How to Encrypt Files on Windows
How to Encrypt Email
How to Configure Windows 10 for Privacy
How to use Two-Factor Authentication (2FA)
How to Secure Your Android Device for Privacy
How to Secure Your Home Network
How to Protect Yourself Against Identity Theft
How to Unblock Websites
How to Fix WebRTC Leaks
How to Test Your VPN
How to Hide Your IP Address
How to Create Strong Passwords
How to Really Be Anonymous Online

About RestorePrivacy

Contact

Restore Privacy Checklist

  1. Secure browser: Modified Firefox or Brave
  2. VPN: NordVPN (68% Off Coupon) or Surfshark
  3. Ad blocker: uBlock Origin or AdGuard
  4. Secure email: Mailfence or Tutanota
  5. Secure Messenger: Signal or Threema
  6. Private search engine: MetaGer or Brave
  7. Password manager: NordPass or Bitwarden

About

Restore Privacy is a digital privacy advocacy group committed to helping people stay safe and secure online. You can support this project through donations, purchasing items through our links (we may earn a commission at no extra cost to you), and sharing this information with others. See our mission here.

We’re available for Press and media inquiries here.

Restore Privacy is also on Twitter

COPYRIGHT © 2023 RESTORE PRIVACY, LLC · PRIVACY POLICY · TERMS OF USE · CONTACT · SITEMAP