Calls: Send in your ideas. Deadline October 1st, 2022.

Message sent

Thank you for getting in touch with us. If all is well, your message safely arrived on our server. Of course our humans have to still read it and respond. In case of an emergency, you can contact us in other ways too.

Fun fact: because you do not block Javascript on our site we encrypted your message — on your own computer. We did so using an internet standard called OpenPGP. OpenPGP is a cryptographic protocol that offers Pretty Good Privacy.

How does it work?

Of course the basis is a standard web form in HTML, as you've seen in the previous page. We embed a small, portable open source javascript application based on OpenPGP.js into the page in question. This takes our so called public key, picks up the text you entered into the webform and mangles the text with mathematical operations — before it leaves your computer and is sent to a server. Once the cryptography has done its work, it can only be read by the people in our organisation which have access to the corresponding secret — the so called "private" key.

An encrypted message looks something like:

INSERT_TABLE_HERE

In fact, that is exactly what your message looks like right now! What is neat is that no matter where or to whom this message gets sent, or via what channel, noone but the intended readers will be able to read it — not even you (unless you cheat and use the back button).

Someone that would gain access to a mailbox with this message (say, a nosy system administrator or a foreign intelligence agency harvesting data from some cloud provider) still would not be able to get meaningful data from it (thanks to OpenPGP). Such "end to end encryption" is ideally suited for for instance discussing personal matters or disclosing a sensitive security issue (a so called "responsible disclosure"). And all that invisible to users!

So, why not use it for your own site?

We really think client-side OpenPGP encrypted forms are a current best practise from both a privacy and security perspective. Everybody should be doing this, especially those folks that operate their site with a cloud provider or use a third party hosted email. We warmly encourage you to take our code and run with it — and implement this or something similar in any website(s) you may operate yourself. The software itself runs entirely in the browser of the user, and it is open source. You don't need a special server or content management system for this, you should be able to just copy a few (static) files to your current webserver, and connect it to your existing contact form. Of course, add your own public key — since we don't hand out the private keys corresponding to our public key you'd never be able to read what people sent to you. Of course this only works in cases where Javascript is available, be sure to provide a good fallback.


Note that while we still have your attention: we would actually recommend to look into browser security and plugins like NoScript and JShelter because that would really help to structurally improve your online safety. Don't worry, our site would still work just fine without Javascript; and of course you can also use your own mailclient and encrypt messages with our public key.

If you experience any technical problems, please contact the webmaster.