Refer to OpenPGP instead of PGP

privacytools · Feb 29, 2020 · 2864ebf · 2864ebf
1 parent e22625d
commit 2864ebf
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 12 deletions.
diff --git a/_includes/sections/email-providers.html b/_includes/sections/email-providers.html
@@ -34,8 +34,8 @@ <h5><span class="badge badge-success">Data Security</span></h5>
     <p>ProtonMail has <a href="https://protonmail.com/blog/zero-access-encryption">zero access encryption at rest</a> for your emails, <a href="https://protonmail.com/blog/encrypted-contacts-manager">address book contacts</a>, and <a href="https://protonmail.com/blog/protoncalendar-security-model">calendars</a>. This means the messages and other data stored in your account are only readable by you. </p>
 
     <h5><span class="badge badge-success">Email Encryption</span></h5>
-    <p>ProtonMail has <a href="https://protonmail.com/support/knowledge-base/how-to-use-pgp">integrated PGP encryption</a> in their webmail. Emails to other ProtonMail users are encrypted automatically, and encryption to non-ProtonMail users with a PGP key can be enabled easily in your account settings. They also allow you to <a href="https://protonmail.com/support/knowledge-base/encrypt-for-outside-users">encrypt messages to non-ProtonMail users</a> without the need for them to sign up for a ProtonMail account or use software like PGP.</p>
-    <p>ProtonMail also supports the discovery of public keys via HTTP from their <a href="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a>. This allows users outside of ProtonMail to find the PGP keys of ProtonMail users easily, for cross-provider E2EE.</p>
+    <p>ProtonMail has <a href="https://protonmail.com/support/knowledge-base/how-to-use-pgp">integrated OpenPGP encryption</a> in their webmail. Emails to other ProtonMail users are encrypted automatically, and encryption to non-ProtonMail users with a OpenPGP key can be enabled easily in your account settings. They also allow you to <a href="https://protonmail.com/support/knowledge-base/encrypt-for-outside-users">encrypt messages to non-ProtonMail users</a> without the need for them to sign up for a ProtonMail account or use software like OpenPGP.</p>
+    <p>ProtonMail also supports the discovery of public keys via HTTP from their <a href="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a>. This allows users outside of ProtonMail to find the OpenPGP keys of ProtonMail users easily, for cross-provider E2EE.</p>
 
     <h5><span class="badge badge-success">Tor Support</span></h5>
     <p>ProtonMail is accessible via Tor at <a href="https://protonirockerxow.onion/">protonirockerxow.onion</a>.</p>
@@ -71,8 +71,8 @@ <h5><span class="badge badge-warning">Data Security</span></h5>
     <p>However, <a href="https://en.wikipedia.org/wiki/Open-Xchange">Open-Exchange</a>, the software platform used by Mailbox.org, <a href="https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book">does not support</a> the encryption of your address book and calendar. A <a href="/software/calendar-contacts/">standalone option</a> may be more appropriate for that information.</p>
 
     <h5><span class="badge badge-success">Email Encryption</span></h5>
-    <p>Mailbox.org has <a href="https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard">integrated E2EE encryption</a> in their webmail, which simplifies sending messages to users with public PGP keys. They also allow <a href="https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP">remote recipients to decrypt an email</a> on Mailbox.org's servers. This feature is useful when the remote recipient does not have PGP and cannot decrypt a copy of the email in their own mailbox.</p>
-    <p>Mailbox.org also supports the discovery of public keys via HTTP from their <a href="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a>. This allows users outside of Mailbox.org to find the PGP keys of Mailbox.org users easily, for cross-provider E2EE.</p>
+    <p>Mailbox.org has <a href="https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard">integrated E2EE encryption</a> in their webmail, which simplifies sending messages to users with public OpenPGP keys. They also allow <a href="https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP">remote recipients to decrypt an email</a> on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.</p>
+    <p>Mailbox.org also supports the discovery of public keys via HTTP from their <a href="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a>. This allows users outside of Mailbox.org to find the OpenPGP keys of Mailbox.org users easily, for cross-provider E2EE.</p>
 
     <h5><span class="badge badge-warning">Tor Support</span></h5>
     <p>You can access your Mailbox.org account via IMAP/SMTP using <a href="https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org">their Tor hidden service</a>. However, their webmail interface cannot be accessed via their hidden service, and users may experience SSL certificate errors.</p>
@@ -108,7 +108,7 @@ <h5><span class="badge badge-warning">Data Security</span></h5>
     <p>Posteo also supports the encryption of your <a href="https://posteo.de/en/site/features#featuresaddressbook">address book contacts</a> and <a href="https://posteo.de/en/site/features#featurescalendar">calendars</a> at rest. However, Posteo still uses standard <a href="https://en.wikipedia.org/wiki/CalDAV">CalDAV</a> and <a href="https://en.wikipedia.org/wiki/CardDAV">CardDAV</a> for calendars and contacts. These protocols do not support <a href="https://en.wikipedia.org/wiki/End-to-end_encryption">E2EE (End-To-End Encryption)</a>. A <a href="/software/calendar-contacts/">standalone option</a> may be more appropiate.</p>
 
     <h5><span class="badge badge-success">Email Encryption</span></h5>
-    <p>Posteo has <a href="https://posteo.de/en/site/encryption#pgp_webmailer">integrated encryption</a> in their webmail, which simplifies sending messages to users with public PGP keys. They also support the discovery of public keys via HTTP from their <a href="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a>. This allows users outside of Posteo to find the PGP keys of Posteo users easily, for cross-provider E2EE.</p>
+    <p>Posteo has <a href="https://posteo.de/en/site/encryption#pgp_webmailer">integrated encryption</a> in their webmail, which simplifies sending messages to users with public OpenPGP keys. They also support the discovery of public keys via HTTP from their <a href="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a>. This allows users outside of Posteo to find the OpenPGP keys of Posteo users easily, for cross-provider E2EE.</p>
 
     <h5><span class="badge badge-danger">Tor Support</span></h5>
     <p>Posteo does not operate a Tor hidden service.</p>
@@ -181,7 +181,7 @@ <h5><span class="badge badge-warning">Data Security</span></h5>
     <p>Disroot also uses the standard <a href="https://en.wikipedia.org/wiki/CalDAV">CalDAV</a> and <a href="https://en.wikipedia.org/wiki/CardDAV">CardDAV</a> protocols for calendars and contacts, which do not support E2EE. A <a href="/software/calendar-contacts/">standalone option</a> may be more appropriate.</p>
 
     <h5><span class="badge badge-success">Email Encryption</span></h5>
-    <p>Disroot allows for encrypted emails to be sent from their webmail application using PGP. However, Disroot has not integrated a <a href="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a> for users on their platform.</p>
+    <p>Disroot allows for encrypted emails to be sent from their webmail application using OpenPGP. However, Disroot has not integrated a <a href="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a> for users on their platform.</p>
 
     <h5><span class="badge badge-danger">Tor Support</span></h5>
     <p>Disroot does not operate a Tor hidden service.</p>

diff --git a/_includes/sections/email-warning.html b/_includes/sections/email-warning.html
@@ -2,8 +2,8 @@
 <div class="card border-danger">
   <div class="card-header text-danger"><i class="fas fa-exclamation-circle fa-fw"></i> Warning</div>
     <div class="card-body">
-      <p class="card-text text-danger">When using end-to-end encryption (E2EE) technology like <a href="https://en.wikipedia.org/wiki/Pretty_Good_Privacy">PGP</a>, email will still have some metadata that is not encrypted in the header of the email. <a href="/providers/email/#metadata">Read more about email metadata.</a></p>
-      <p class="card-text text-danger">PGP also does not support <a href="https://en.wikipedia.org/wiki/Forward_secrecy">Forward secrecy</a>, which means if either your or the recipient's private key is ever stolen, <strong>all</strong> previous messages encrypted with it will be exposed. <a href="/providers/email/#email-encryption">How do I protect my private keys?</a></p>
+      <p class="card-text text-danger">When using end-to-end encryption (E2EE) technology like <a href="https://en.wikipedia.org/wiki/Pretty_Good_Privacy">OpenPGP</a>, email will still have some metadata that is not encrypted in the header of the email. <a href="/providers/email/#metadata">Read more about email metadata.</a></p>
+      <p class="card-text text-danger">OpenPGP also does not support <a href="https://en.wikipedia.org/wiki/Forward_secrecy">Forward secrecy</a>, which means if either your or the recipient's private key is ever stolen, <strong>all</strong> previous messages encrypted with it will be exposed. <a href="/providers/email/#email-encryption">How do I protect my private keys?</a></p>
       <p class="card-text text-secondary">Rather than use email for prolonged conversations, consider using a medium that does support Forward secrecy.</p>
       <a href="/software/real-time-communication/" class="btn btn-outline-secondary">Recommended Instant Messengers</a>
     </div>

diff --git a/pages/providers/email.html b/pages/providers/email.html
@@ -42,7 +42,7 @@ <h3><span class="badge badge-info">Technology</span></h3>
       <p><strong>Minimum to Qualify:</strong></p>
       <ul>
         <li>Encrypts account data at rest.</li>
-        <li>Use of standard email access protocols such as <a href="https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol">IMAP</a>, <a href="https://en.wikipedia.org/wiki/Post_Office_Protocol">POP3</a> with <a href="https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol">SMTP</a> or <a href="https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol">JMAP</a>. Email clients allow a standardized email interface regardless of the underlying email service used. Security is improved greatly when used with E2EE such as <a href="https://en.wikipedia.org/wiki/Pretty_Good_Privacy">PGP</a>. This is because the <a href="https://en.wikipedia.org/wiki/Attack_surface">attack surface</a> is greatly reduced when <a href="https://tonyarcieri.com/whats-wrong-with-webcrypto#the-ugly-we39re-still-in-a-browser_1">compared to in-browser cryptography</a>.</li>
+        <li>Use of standard email access protocols such as <a href="https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol">IMAP</a>, <a href="https://en.wikipedia.org/wiki/Post_Office_Protocol">POP3</a> with <a href="https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol">SMTP</a> or <a href="https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol">JMAP</a>. Email clients allow a standardized email interface regardless of the underlying email service used. Security is improved greatly when used with E2EE such as <a href="https://en.wikipedia.org/wiki/Pretty_Good_Privacy">OpenPGP</a>. This is because the <a href="https://en.wikipedia.org/wiki/Attack_surface">attack surface</a> is greatly reduced when <a href="https://tonyarcieri.com/whats-wrong-with-webcrypto#the-ugly-we39re-still-in-a-browser_1">compared to in-browser cryptography</a>.</li>
         <li>Integrated webmail encryption provides convenience to users who want improve on having no <a href="https://en.wikipedia.org/wiki/End-to-end_encryption">E2EE</a> encryption.</li>
       </ul>
     </div>
@@ -51,8 +51,8 @@ <h3><span class="badge badge-info">Technology</span></h3>
       <ul>
         <li>Encrypts account data at rest with zero-access encryption.</li>
         <li>Allow users to use their own <a href="https://en.wikipedia.org/wiki/Domain_name">domain name</a>. Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad, be acquired by another company which doesn't prioritize privacy etc.</li>
-        <li>Support for <a href="https://wiki.gnupg.org/WKD">WKD</a> to allow improved discovery of public PGP keys via HTTP. <br> GnuPG users can get a key by typing: <code>gpg --locate-key example_user@example.com</code></li>
-        <li>Support for a temporary mailbox for external users. This is useful when you want to send a encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like PGP.</li>
+        <li>Support for <a href="https://wiki.gnupg.org/WKD">WKD</a> to allow improved discovery of public OpenPGP keys via HTTP. <br> GnuPG users can get a key by typing: <code>gpg --locate-key example_user@example.com</code></li>
+        <li>Support for a temporary mailbox for external users. This is useful when you want to send a encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.</li>
         <li>Availability of the email provider's services via an <a href="https://en.wikipedia.org/wiki/.onion">onion service</a>.</li>
         <li><a href="https://en.wikipedia.org/wiki/Email_address#Subaddressing">Subaddressing</a> support.</li>
         <li><a href="https://en.wikipedia.org/wiki/Email_filtering">Catch all</a> or <a href="https://en.wikipedia.org/wiki/Email_alias">aliases</a> for users who own their own domains.</li>
@@ -156,7 +156,7 @@ <h3><span class="badge badge-info">Marketing</span></h3>
     <div class="col-md-6">
       <p><strong>Best Case:</strong></p>
       <ul>
-        <li>Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, PGP, etc.</li>
+        <li>Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc.</li>
       </ul>
     </div>