you generally only know about the crypto on the first smtp hop. SMTP crypto is fail-open, unauthenticated and not end to end. it's transport only, decrypted on each SMTP hop.
mail-transfer-agents are configured fail open by default. There is nothing about SMTP that requires fail open. You can configure postfix to require TLS for all destinations or for specific domains if you want to:
In the scenario you describe above, the unencrypted contents of your email are now generally stored on at least 4 machines (maybe 3 depending on what the recipient's POP settings are), with only one most likely being under your control (the client you wrote the mail on).
The benefits of encrypting the message as well as the transport are mostly for dealing with that fact.
> I'd like to, but the people I email don't know how to (or won't) use encryption.
The situation today is even less conducive to getting the people I email to use encryption than it was 10 years ago. In the past there was maybe a chance I could convince people to install a plugin, or in the case of family members I could set it up myself when visiting. But now everyone uses Gmail, and often uses it from multiple devices, which makes that difficult. There are browser plugins that will try to do GPG in Javascript, but they seem to break routinely with Gmail changes, and the one that used to be most used (FireGPG) was discontinued. And the Gmail app on mobile devices doesn't support such extensions anyway.
It's not just that people are using webmail that's preventing PGP adoption - it's that PGP, specifically, is orthogonal to usability and convenience of email.
I, for example, am capable of encrypting my email but I actively don't care to. I'm in the "I don't, because the content of my email is just not that important." on the poll.
Webmail's prevalence may make PGP adoption more difficult, but I want more webmail prevalence and I don't care about PGP adoption and I'm pretty confident that's the way the world's going to go. Someday there will be something webmail-like which has encryption anyway and that might catch on - I'd even use it. In the meantime? People who need it can use special tools.
You may not think that your email's that important but your unwillingness to care means you've inadvertently extended that judgement to everyone else who may want to correspond with you. This effect worries me the most about our modern, connected world.
NB: Just to be absolutely clear, I'm not picking on you specifically (and I suspect there are many people who hold the same opinion as you). I'm just trying to point out what I see as a problem with the "my email isn't important" argument.
I don't really see email as any more secure than snail mail right now (which can be taken from your mailbox and read, albeit with stiff legal threats if anyone catches you). There wasn't an appropriate poll option for "I don't care because I don't think email can be both effective and secure in the near future and I prefer effective".
People who need encrypted email will figure out how to do it and I think that's enough for now. I don't think lamenting how slow PGP adoption is makes sense, though - it will never, in its current form, be mainstream.
I personally consider webmail to be way inferior to any decent standalone client. I only use it out of necessity, when no other option is available. Thudnerbird with Enigmail and IMAP+SMTP do their job just fine otherwise. But the fact that many people have no clue about encryption makes it harder to use.
I don't think PGP is complicated. I think the implementations are subpar (mainly due to lack of interest toward encryption and thus "good enough" generally won)
Even the command line gpg options aren't quite right..
gpg4win[0] works -- or it did the last time I used it anyway (several years ago) -- and from a quick search I found "Outlook Privacy Plugin"[1] (for 2010 and 2013).
Unfortunately, the best solution I've found for Windows is the commercial PGP product[2]. It's not free or open source but it does work and it configures itself for opportunistic encryption, so that's a plus.
People who use Gmail can use Thunderbird with Enigmail. It works very well and there are detailed tutorials available. I agree though, it's still not as easy as it should be.
K-9 mail still only works with inline PGP though, not with PGP/MIME. K-9 Mail is so close to being the perfect mobile email client IMO. Open source, decent UI, fast, fully featured, but it's half-finished PGP implementation is so frustrating.
Also, APG it's self still lacks a bunch of features, and it seems to have been abandoned.
I want a Firefox OS phone, but until there is an email client which supports PGP, it will be useless to me.
> And the Gmail app on mobile devices doesn't support such extensions anyway.
It should be easy to do such things using Substrate. (I'd even argue easier than via JavaScript, as backend logic code and variables cannot be hidden and protected inside of closures.)
I'd like to mention that a good part of my (professional) social network switches to retroshare. And I'm forced to go with them if I want to stay in touch. :)
I'd use encryption and try to convince others to as well, but I rely on email search too much. I'm sure a lot of people don't bother to 'tag' or 'label' their email, but instead rely on search to find messages with certain content in them. Maybe I'm wrong, but I don't see a way to have both with the server being unable to read the contents of the email to build a search index.
Search index could be protected to some extent by using a bloom filter.
This way attacker could only recover unordered list of dictionary words that were in the message and the list would contain false positives (they could tell whether you write love letters or bomb threats, but couldn't get your password reset URLs).
One thing being left out of this discussion so far is signing, which is arguably just as important in many cases as encryption. There are a fair number of situations where you don't care all that much who can see the data, but you care a lot that it comes from the person you think it does. I think it's worth mentioning, since encryption and signing generally go hand in hand.
That's really interesting. I wonder though if signing would have a negative effect in terms of privacy?
i.e with message signing, a third party can prove that a message was sent by you.
Whereas with an unsigned email, you'd at least be able to plausibly deny that you sent it. You could claim it was forged.
But then again, with secret and silent data collection systems you're not really in a position to deny anything anyway.
I have a feeling you'd have a hard time denying an unsigned email with your name on it to a court if it came to that.
I just tried GPGTools[1]; I generated a key and set it as default in Preferences. I sent a test email with the "OpenPGP" button glowing. I'm prompted for the password, yet it's still sent as plaintext - it only adds a signature to the bottom of the email. Why doesn't it encrypt the text? Does it have to be email?
I also can't use S/MIME even though I got a certificate, I don't know how to use it.
You need the public keys of your contacts before you can send them encrypted messages, so encryption is normally enabled on a per contact or per message basis. I think the signature is there to provide a level of assurance to your PGP enabled contacts.
This is expected behaviour, you're just "signing" the message with your key at this stage. You need to import someone else's public key before you can send an encrypted message /to them/.
a couple of years ago i started signing my emails.
unfortunately a lot of my mails got deleted by the recipients, because there were "some very strange things" (the signature) at the end of my mails and they were afraid of malware like viruses or trojans.
i wanted to increase the level of trust in my messages and achieved the complete opposite.
i stopped signing my mails a couple of weeks later, after a clients secretary phoned me to inform me "i had a virus on my computer".
If you don't want to confuse people when you sign your e-mail, make sure you're using PGP/MIME not inline signing. I've been signing my mail for years and had almost zero problems doing this.
Reminds me of the time I emailed a HN discussion to a friend in an adjacent room in the office. She hit the link and then closed it in a panic as soon as she noticed the word "Hacker" in the tab title.
I don't if its borne more out of cynicism or laziness, but I feel as though if a shadowy government organization has the ability to peer into every major facet of the Internet, me encrypting my email isn't going to do much to stop them from getting whatever they want to know about me.
(Put another way: I'm more embarrassed about the subreddits I browse than the emails I send.)
> (Put another way: I'm more embarrassed about the subreddits I browse than the emails I send.)
That is probably true for a lot of people. I hope reddit admins shed some light on this: how long are the logs identifying users stored for? What is the chance that they can be stolen, or given up en masse to the authorities? Roughly what number of IP's have been requested by the authorities -- hundreds of them? thousands? Or?
> encrypting my email isn't going to do much to stop them from getting whatever they want to know about me
Overused analogy: if a burglar wants to break into your {car,house,...} bad enough, they eventually will. Do you make it easier on them by leaving your windows open and doors unlocked?
At one point, I was able to get an S/MIME setup going in Mail.app, and it would automatically encrypt emails sent to others whom had previously sent me a signed message.
Unfortunately, there were tons of mailing lists and clients that would choke even on the signed messages, plus renewing the certificate and all that was too time consuming.
I actually had a few of my friends using OTR, until they realized that
- it's extremely buggy between software (e.g. Jitsi + Gibberbot)
- it's a huge hassle to use on multiple devices
Then PRISM came out and... they didn't care.
Email is the same way: give me a way to, without spending much extra time, use encrypted email on my phone and any computer I come across, and I'll use it. Otherwise, it doesn't seem worth it.
The best thing I can come up with is js based encryption, where the server stores my private key, encrypted. For widespread adoption, though, you'd still need an Android app, an iPhone app, and a Windows 8 app, and it goes without saying that browser-based encryption in js is subject to a myriad of attacks.
Yeah.. OTR implementations generally succeeded being more painful to use than PGP/GPG. Aaaand they don't even have the trust model of PGP... too much to sacrifice for the forward secrecy and what not.
I haven't had any trouble with OTR, and this is the first I've heard of interoperability problems (but I haven't gone looking for information on them before). I wonder if it's due to a lack of client diversity among my contacts. Most of us use either Adium (which has OTR built in) or Pidgin with the OTR plugin, and they seem to interoperate ok.
i've tried, and you seriously have a snowflake's chance in hell of convincing any "regular" users of email to bother with encryption, they always look at me like i'm some kind of tinfoil hat nutter.
Really? For some reason I guess I didn't see it on the list.
The only people I email back and forth with that have a GPG key are privacy aware people. Even in light of recent events; it's still very hard to convince people that they should be using encryption to protect their communications!
Email encryption, I think, has the social stigma of being associated with a paranoid state of mind when it really should be associated with the human right to privacy and protection people feel when they lock the door at night or set their house alarm system.
I honestly encrypt email far more often in my government job than I do outside of work. Everything at my job is streamlined to support it, outside I'd have to convince people to install S/MIME or PGP for any one of numerous email clients. And mailing lists would be a whole 'nother separate ball of wax.
Using GPG, I encrypt sensitive e-mail, such as e-mails that include credentials for another system. However, I do not encrypt all e-mail, even to recipients who use GPG.
The bottom line is this: the user interface of GPG is awful--among the worst this side of Git. "Barely usable" is the briefest way I can describe it.
And it's not the key exchange that makes it so bad; exchanging keys is the easy part. My gripe is with the routine UI clunkiness of GPG. For example, it's not possible to paste into or use Keepass' "auto-type" feature to type my passphrase into the GPG dialog. So I have to manually type my sequence of 50 random letters, numbers, and symbols nearly every time I receive an encrypted e-mail. It's so bad that unless an encrypted e-mail is urgent, I'll defer it until I'm in the mood to look up and type my passphrase.
I could have typed this comment. I'm glad I'm not the only one to work that way and think that way.
Note: it's possible to hack in a pinentry program that is compatible with "what you want" (pretty sure it's doable for keepass). Easier than emulating gpg-agent and/or more convenient than using a smartcard.
You may consider a smart card or a different mail client/UI if/when you need to make use of encrypted mail. I use mutt as my mail client and I could easily paste in my passphrase if I wanted to.
This is a bad poll. I use TLS for all my imap and internal smtp, and prefer using tls for anyone externally, but don't enforce tls or do cert checking for external mail.
I use PGP infrequently, but for sensitive things; for anything routine and sensitive (passwords), OTR over XMPP chat is easier to set up with most people.
I guess in this poll that's "regularly encrypt most but not all of my email"?
97 comments
[ 2.8 ms ] story [ 170 ms ] threadI feel about as strongly about encrypting email as I do (did) about encrypting snail mail - not at all.
PGP gives you end-to-end encryption, which starts from your computer and ends at the computer of the recipient.
It will be a wonderful day when the RFCs are updated to require TLS for SMTP.
http://www.postfix.org/TLS_README.html#client_tls_encrypt
Depending on your environment you could also do the same thing and require DANE:
http://www.postfix.org/TLS_README.html#client_tls_dane
I am sure exim has an equivalent setting (maybe not for DANE).
The benefits of encrypting the message as well as the transport are mostly for dealing with that fact.
The situation today is even less conducive to getting the people I email to use encryption than it was 10 years ago. In the past there was maybe a chance I could convince people to install a plugin, or in the case of family members I could set it up myself when visiting. But now everyone uses Gmail, and often uses it from multiple devices, which makes that difficult. There are browser plugins that will try to do GPG in Javascript, but they seem to break routinely with Gmail changes, and the one that used to be most used (FireGPG) was discontinued. And the Gmail app on mobile devices doesn't support such extensions anyway.
The webmail problem is probably the biggest barrier to PGP adoption right now, even above the issues with understanding PGP itself.
I, for example, am capable of encrypting my email but I actively don't care to. I'm in the "I don't, because the content of my email is just not that important." on the poll.
Webmail's prevalence may make PGP adoption more difficult, but I want more webmail prevalence and I don't care about PGP adoption and I'm pretty confident that's the way the world's going to go. Someday there will be something webmail-like which has encryption anyway and that might catch on - I'd even use it. In the meantime? People who need it can use special tools.
NB: Just to be absolutely clear, I'm not picking on you specifically (and I suspect there are many people who hold the same opinion as you). I'm just trying to point out what I see as a problem with the "my email isn't important" argument.
People who need encrypted email will figure out how to do it and I think that's enough for now. I don't think lamenting how slow PGP adoption is makes sense, though - it will never, in its current form, be mainstream.
Unfortunately, the best solution I've found for Windows is the commercial PGP product[2]. It's not free or open source but it does work and it configures itself for opportunistic encryption, so that's a plus.
[0]: https://www.gpg4win.org/ [1]: https://code.google.com/p/outlook-privacy-plugin/ [2]: https://www.symantec.com/desktop-email-encryption
User studies of PGP:
Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0 (http://www.gaudior.net/alma/johnny.pdf)
Why Johnny Still Can't Encrypt: Evaluating the Usability of Email Encryption Software (http://cups.cs.cmu.edu/soups/2006/posters/sheng-poster_abstr...)
On Android you can use K9 Mail [1] with your email and it will automatically decrypt PGP messages using keys within APG [2].
[1] https://code.google.com/p/k9mail/
[2] http://www.thialfihar.org/projects/apg
Also, APG it's self still lacks a bunch of features, and it seems to have been abandoned.
I want a Firefox OS phone, but until there is an email client which supports PGP, it will be useless to me.
Mobile PGP. So frustrating.
It should be easy to do such things using Substrate. (I'd even argue easier than via JavaScript, as backend logic code and variables cannot be hidden and protected inside of closures.)
I'd use encryption and try to convince others to as well, but I rely on email search too much. I'm sure a lot of people don't bother to 'tag' or 'label' their email, but instead rely on search to find messages with certain content in them. Maybe I'm wrong, but I don't see a way to have both with the server being unable to read the contents of the email to build a search index.
This way attacker could only recover unordered list of dictionary words that were in the message and the list would contain false positives (they could tell whether you write love letters or bomb threats, but couldn't get your password reset URLs).
i.e with message signing, a third party can prove that a message was sent by you. Whereas with an unsigned email, you'd at least be able to plausibly deny that you sent it. You could claim it was forged.
But then again, with secret and silent data collection systems you're not really in a position to deny anything anyway. I have a feeling you'd have a hard time denying an unsigned email with your name on it to a court if it came to that.
I also can't use S/MIME even though I got a certificate, I don't know how to use it.
[1] https://gpgtools.org/
At least Thunderbird and Evolution are being steadily developed now![I jest!]
unfortunately a lot of my mails got deleted by the recipients, because there were "some very strange things" (the signature) at the end of my mails and they were afraid of malware like viruses or trojans.
i wanted to increase the level of trust in my messages and achieved the complete opposite.
i stopped signing my mails a couple of weeks later, after a clients secretary phoned me to inform me "i had a virus on my computer".
If you don't want to confuse people when you sign your e-mail, make sure you're using PGP/MIME not inline signing. I've been signing my mail for years and had almost zero problems doing this.
(Put another way: I'm more embarrassed about the subreddits I browse than the emails I send.)
That is probably true for a lot of people. I hope reddit admins shed some light on this: how long are the logs identifying users stored for? What is the chance that they can be stolen, or given up en masse to the authorities? Roughly what number of IP's have been requested by the authorities -- hundreds of them? thousands? Or?
Overused analogy: if a burglar wants to break into your {car,house,...} bad enough, they eventually will. Do you make it easier on them by leaving your windows open and doors unlocked?
Unfortunately, there were tons of mailing lists and clients that would choke even on the signed messages, plus renewing the certificate and all that was too time consuming.
- it's extremely buggy between software (e.g. Jitsi + Gibberbot)
- it's a huge hassle to use on multiple devices
Then PRISM came out and... they didn't care.
Email is the same way: give me a way to, without spending much extra time, use encrypted email on my phone and any computer I come across, and I'll use it. Otherwise, it doesn't seem worth it.
The best thing I can come up with is js based encryption, where the server stores my private key, encrypted. For widespread adoption, though, you'd still need an Android app, an iPhone app, and a Windows 8 app, and it goes without saying that browser-based encryption in js is subject to a myriad of attacks.
So, I encrypt my email whenever I'm sending to someone with a key. I sign important emails.
i've tried, and you seriously have a snowflake's chance in hell of convincing any "regular" users of email to bother with encryption, they always look at me like i'm some kind of tinfoil hat nutter.
The only people I email back and forth with that have a GPG key are privacy aware people. Even in light of recent events; it's still very hard to convince people that they should be using encryption to protect their communications!
Email encryption, I think, has the social stigma of being associated with a paranoid state of mind when it really should be associated with the human right to privacy and protection people feel when they lock the door at night or set their house alarm system.
The bottom line is this: the user interface of GPG is awful--among the worst this side of Git. "Barely usable" is the briefest way I can describe it.
And it's not the key exchange that makes it so bad; exchanging keys is the easy part. My gripe is with the routine UI clunkiness of GPG. For example, it's not possible to paste into or use Keepass' "auto-type" feature to type my passphrase into the GPG dialog. So I have to manually type my sequence of 50 random letters, numbers, and symbols nearly every time I receive an encrypted e-mail. It's so bad that unless an encrypted e-mail is urgent, I'll defer it until I'm in the mood to look up and type my passphrase.
Note: it's possible to hack in a pinentry program that is compatible with "what you want" (pretty sure it's doable for keepass). Easier than emulating gpg-agent and/or more convenient than using a smartcard.
I use PGP infrequently, but for sensitive things; for anything routine and sensitive (passwords), OTR over XMPP chat is easier to set up with most people.
I guess in this poll that's "regularly encrypt most but not all of my email"?