Signing of all e-mails would be very nice and appreciated. In addition to that, it would also be nice if users could upload their own public keys in the app to optionally enable encryption in addition to signing.

@fkrone#157921 Theoretically speaking, added security can indeed benefit and protect users from phishing attacks. But practically implementing it is another ball game. There are a quite a few disadvantages of using PGP/GPG or S/MIME from bunq's perspective.

1. Managing the keyrings will be a headache. Even if bunq signs its email with the private key and sends the public key to the user beforehand, a lot will rely on the fact that everybody - I mean everybody - needs to save that pubkey in their keyring and verify the signature with it. Even if one person does not, this will not work.
2. Key revocation will be an issue. You need to periodically revoke the keys, and again do the process from the start - which again relies on every user doing their part.
3. The drawbacks are significant if you broaden the scope to include users of mail clients that do not have native support.if you have a PGP key but are unable to use a PGP/MIME aware mail client for whatever reason (work supplied laptop, no Internet outside of Internet cafés etc.), then you will not easily be able to receive and decrypt PGP/MIME attachments, even if you have GnuPG installed, because if you download the raw encrypted payload for processing offline, then after decryption you end up with a fragment of MIME and tools for working with such fragments barely exist outside the world of development tools (downloading the raw message source and manually feeding that to mutt, after manually adding the leading 'From ' delimiter is absolutely possible, but is not something you can expect a normal user to do, and not something a techie would enjoy doing on a regular basis).
4. Right now, for a new age fintech startup, it does not look good if they use an old encryption standard, perhaps a more post quantum standard would be ideal to their image ;)
5. If it is phishing you are worried about, it is a lot easier to check the email address of the sender than actually verifying signatures.

Still there are a few alternatives out there to securely communicate. A few banks use secure messages inside their application as the only way to communicate with the bank, that might still be a more secure solution IMO.

@Sayon#157961 These are not hard problems. Encrypting emails per user that wants them encrypted with a key is not hard. If a user revokes a key, they can remove the public key from the app or can not be able to read the email, that’s their choice.

Facebook can do this, I’ve done this for apps. Sending encrypted emails isn’t hard, making sure all the systems sending emails use the same system ... now that’s hard.

@Robert-Cyan-Butterfly-3517244523#157990 If we talk specifically about signing (not encrypting) s/mime includes an option to just include the certificate in the mail. The mail will be plain text, only a signature that can either be verified or ignored. Everyone can use this.

However Gmail doesn't include smime verification afaik. And if we live in a app-centric world the value of signatures become limited of the default phone email application doesn't support it.

That said, I think am inbox in the bunq app with push notifications would be nice

@Victor-Turquoise-Lion#158005 I was thinking of PGP. S/mime support sucks everywhere :)

In app inbox really makes the most sense to me too!

@Victor-Turquoise-Lion#158005 I agree with this. I know a few banks who already does this - sending secure emails inside apps. Would make more sense and easier to implement. And no additional effort from the user's perspective.

They could probably use announcements through the current in-app support chat for that.

I think some people are conflating signing with encrypting here. Just signing e-mails (wether it be with S/MIME or PGP or whatever else) doesn't lead to any user having to manage any keys or having to set up anything. Of course, if they don't check if the signature is correct, it doesn't lead to any security advantages, but it also doesn't make anything worse.

Encrypting e-mails is another ballgame. But there are banks out there that allow you to upload your private key and it can work fine. It's not for every user out there, but for some people it might be very good. We don't need post-quantum encryption right now. We have a CA infrastructure, so I don't see how key revocation etc. is a big issue. Maybe you don't trust that infrastructure, but then you probably also don't trust any website out there. (In case of PGP, key trust issues can be shifted to HTTPS by just publishing valid keys and revoked keys on a well-known website. Maybe not the best solution, but practical.)

@Victor-Turquoise-Lion#158005 Gmail does include S/MIME verification. As does Outlook/Hotmail/Live, but only in Windows using Edge facepalm. Moreover, all decent mailclients support it.

I had already suggested implementing this last year, they said no. Don’t think they’ll change their minds.