Ask HN: Practical way to use encrypted email?

2 points by UweSchmidt ↗ HN
I am looking for a practical way to do encrypted email and want to start phasing it in with friends, family and business partners (whenever possible) during the next few days.

I am thinking of a solution that is easy to set up and feels clean, transparent and "mainstream", so that my contacts can use and trust it.

I am not worried about using the most sophisticated algorithm (we can switch later to a better one).

Motivation:

1. We are still sending our email in plain text. We know that our information is systematically stored and analyzed by companies and other organizations and used in ways that we cannot control.

2. We know that there are ways to encrypt stuff (http://xkcd.com/1181/) but not really acting on that knowledge. Forum threads about encryption are often concerned with the relative merits of different encryption algorithms, not practical solutions.

3. We are in a way responsible to inform, and to provide the necessary tools for our fellow citizens to protect their information and communication, just like we would hold doctors responsible to warn us of health risks in our everyday lifes.

4. Few community figures, including security experts, seem to be promoting the actual use of encryption at the moment. (An exception would be Carl Sassenrath (http://www.sassenrath.com/), who seems to prefer a "private chat" solution for communication).

Maybe you've already hesitated a little before revealing certain information in an email, Skype conversation or Facebook chat?

But let's reserve the discussion of real and imagined problems and their philosophical implications for another thread - I would hope that this thread will not be derailed or hijacked by accident.

Instead, I would like to know what is your recommendation for an easy to use, safe and practical way to encrypt my email communication that I can set up right now?

7 comments

[ 3.2 ms ] story [ 22.8 ms ] thread
S/MIME or PGP or GPG. There's no golden, pain-free email crypto at this time, unfortunately.
This statement is incredibly disappointing, given how much effort is done with other kinds of apps. How can encrypted communication not be a worthwile, and potentially lucrative niche?
I don't understand it either. The lack of easy email encryption effectively makes it impossible for me to use any at all, because no one else wants to take the effort to set it up (or is even capable of doing so) on their end.
I think the stagnation has something to do with the fact that some of the most popular email providers need to access their users' emails for marketing information. If Google got behind making PGP available for every Gmail account, there would be big progress but big popular providers have no incentive.

A related point is that as long as the majority of people remain happy with such services, there is little push to make encryption easier. After all, if you've already basically made you email public, why would anyone think that you want to encrypt it? The popularity of Gmail and similar services is proof that there is no demand for such things.

There used to be a nice Firefox extension called FireGPG. It integrated with Gmail. I think it had a lot of potential but it died.

The problem is that it is doable to create an encrypted email client, but the problem is how does one then send this off encrypted to a gmail account? There's no practical solution to handle that unless you want everyone to be on the same server, which then makes email pointless since there would be better solutions. But, unless google and the other big players adopt encryption, there's really no real way to do it streamlined.

I would, however, recommend adopting PGP, as that seems the simplest route to go.

Alternatively, you can look at using X.509 certificates. Most of the major and commercial dedicated email clients support this (even the one on iPhone). Though you are SOL if you use GMail's web browser interface.

You may need to pay for certificates, though CACert or maybe StartSSL will give you free ones.

"Instead, I would like to know what is your recommendation for an easy to use, safe and practical way to encrypt my email communication that I can set up right now?"

None. Although, thinking about it right now, it might be possible to develop a simple Chrome extension/userscript to provide easy encryption/decryption for clients using PGB or some other method. One could have it plug straight into gmail (or any other client) and decrypt on demand / encrypt.