Ask HN: Practical way to use encrypted email?
I am thinking of a solution that is easy to set up and feels clean, transparent and "mainstream", so that my contacts can use and trust it.
I am not worried about using the most sophisticated algorithm (we can switch later to a better one).
Motivation:
1. We are still sending our email in plain text. We know that our information is systematically stored and analyzed by companies and other organizations and used in ways that we cannot control.
2. We know that there are ways to encrypt stuff (http://xkcd.com/1181/) but not really acting on that knowledge. Forum threads about encryption are often concerned with the relative merits of different encryption algorithms, not practical solutions.
3. We are in a way responsible to inform, and to provide the necessary tools for our fellow citizens to protect their information and communication, just like we would hold doctors responsible to warn us of health risks in our everyday lifes.
4. Few community figures, including security experts, seem to be promoting the actual use of encryption at the moment. (An exception would be Carl Sassenrath (http://www.sassenrath.com/), who seems to prefer a "private chat" solution for communication).
Maybe you've already hesitated a little before revealing certain information in an email, Skype conversation or Facebook chat?
But let's reserve the discussion of real and imagined problems and their philosophical implications for another thread - I would hope that this thread will not be derailed or hijacked by accident.
Instead, I would like to know what is your recommendation for an easy to use, safe and practical way to encrypt my email communication that I can set up right now?
7 comments
[ 3.2 ms ] story [ 22.8 ms ] threadA related point is that as long as the majority of people remain happy with such services, there is little push to make encryption easier. After all, if you've already basically made you email public, why would anyone think that you want to encrypt it? The popularity of Gmail and similar services is proof that there is no demand for such things.
There used to be a nice Firefox extension called FireGPG. It integrated with Gmail. I think it had a lot of potential but it died.
I would, however, recommend adopting PGP, as that seems the simplest route to go.
You may need to pay for certificates, though CACert or maybe StartSSL will give you free ones.
None. Although, thinking about it right now, it might be possible to develop a simple Chrome extension/userscript to provide easy encryption/decryption for clients using PGB or some other method. One could have it plug straight into gmail (or any other client) and decrypt on demand / encrypt.