allow users to opt-out of sharing pubkey to attester during setup #760
Description
Hi,
I am setting up encrypted email and came across Flowcrypt for Android.
It seems to be a good app, but there is one MAJOR flaw: email addresses
and public keys should not be sent to the server by default. Yes I am
aware that "public" keys are just that, but because they contain my
email address (not this one, another private one) I only hand them out
to my contacts. I should not have to "dismiss" the key, it should not be
sent by default. If you want to have the option for users that want it,
that's great, but let me OPT-IN if I so choose.
Other than that, I like what I see so far.
Thanks,
My response:
great majority of our users would not be able to use encryption if you asked them to share public keys with contacts manually. The premise of our app is that you should be able to use encryption the same way you would use normal email, so that everyone's grandma can use it too, almost like WhatsApp.
But I do understand what you mean. We may, at the very least, give you an option to opt-out during setup, like we do on browser extension (the Android app is newer, so it doesn't yet have all of these options). People like you who know exactly what they are doing will notice this, and the rest of our users will not come flooding our support email not knowing what to do.
Metadata
Metadata
Assignees
Labels
No labels