Add note about OpenPGP public key being included in all outgoing messages

Zocker1999NET commented 6 months ago

Checklist

[X] I have used the search function to see if someone else has already submitted the same bug report.
[X] I will describe the problem with as much detail as possible.

App version

6.802

Where did you get the app from?

F-Droid

Android version

LineageOS 20.1 (Android 13)

Device model

Fairphone 4

Steps to reproduce

add a account as usual
enable OpenPGP on that account by selecting a key
- do not change any other settings concerning OpenPGP / Autocrypt
- (esp. "Autocrypt mutual" should be disabled)
send a new (unencrypted & unsigned) mail to yourself
open the newly received mail & check the headers

Expected behavior

IMO it is reasonable to expect that this mail does not contain an AutoCrypt header with my configured OpenPGP key. I think so because K9-Mail does not declare that additional data might be shared, hence (at least in the EU regarding GDPR) it should only share data which is technically required to send that mail. As that mail is not encrypted & not signed and as mutual encryption was disabled, K9-Mail is not technically required to submit my public key.

Actual behavior

The sent mail contains an Autocrypt header containing the configured OpenPGP key.

Additional Info

Issue #4836 already reported this misbehavior, but that issue was mostly ignored and did not discuss the potential legal issue arising from that behavior. Because this report is from ca. 4 years ago, I decided to open a new issue.

I understand that it is useful to automatically attach the public key to all outgoing mails, I see following problems in the current implementations:

The current behavior is neither explained to the user nor can it be specifically disabled. And IMO there are use cases for using OpenPGP without Autocrypt.
The current behavior can result in a leak of personal data, especially in combination with the multiple identities feature. E.g. if a user does want to send a mail from an anonymous alias and its provider allows this by simply using a different FROM address, K9-Mail can leak the identity of that user. Or that users PGP key might contain additional information they do not want to share with every mail (e.g. secondary mail addresses).
IMO the current behavior is illegal under GDPR, because that behavior is non-optional, not explained to the user and not technically required for the service the users are expecting (sending an unencrypted, unsigned mail).

cketti commented 6 months ago

We can add a message to the settings screen stating that enabling encryption will include the public key in all outgoing messages. Would this be clear enough?

Note: K-9 Mail implements the Autocrypt standard and includes your OpenPGP public key in all outgoing messages.

I don't think the GDPR applies here since we're not collecting any information about the user.

Zocker1999NET commented 4 months ago

I think a message on the settings screen should be enough for upcoming users. And I think your proposed message should be good enough.

I don't think the GDPR applies here since we're not collecting any information about the user.

Technically the GDPR does not talk about collecting information, but about processing information, which includes forwarding user data to third parties without collecting it yourself. However to be clear, I have not heard yet about a court deciding if an open-source non-cloud app, like K-9 Mail, is required to follow the GDPR. But in most open-source non-cloud apps, most processing of user data is obvious and sometimes even technically required OR is explicitly requested by the user (e.g. by appending a file). I think that is why there are no famous cases about that.

thunderbird / thunderbird-android