What will it take to get people using PGP for email?
I can't encrypt all email I'm sending out, unless I have the recipient's public key ... and if they don't use PGP then they won't have one ... and I can't exactly do it for them. I suppose I could send them an unencrypted email saying "I have a message for you, please send me your public key so I can encrypt it") but my guess is that they would simply ignore it if it involves more than 3 seconds of extra "work".
My prediction is that probably it would have no effect, people would just behave as before and would start to complain that I don't respond to emails.
So what would it take to get people --- not just at my company, but in the wider world --- to use encryption?
Is there a single organization out there that everyone corresponds with, that could spark the change, if they abruptly (but with warning) adopted an encrypted-only policy? Maybe banks? Or governments (eg to file tax returns you need a public/private key pair)?
Is there some way to gamify this so that there is an incentive for people to encrypt?
What about a white-hat hacking approach whereby people are shown what is world-readable (and by whom) when they send email unencrypted?
Gmail seems like an obvious entry point ... but it would go against their business model (they could no longer mine your emails).
Is there any hope?
I would still like to try my experiment ... but I also want to avoid becoming the tinfoil-hatted long-bearded crank of my organization.
51 comments
[ 4.9 ms ] story [ 92.0 ms ] threadEncryption is just inconvenient for the average user and doesn't provide some immediate benefit ("My bank needs encryption but I don't need to encrypt my funny cat pictures").
It is worse in the web world. I want someone to be able to index my emails. As I do actually search on them rather often.
Unless there is a homomorphic technology I'm not aware of (very possible) to allow searching over encrypted emails, then I don't know how you can get around the fact that there is a third party that has access to the unencrypted. Once that happens, game is over. Right?
When I think about why I don't use pgp personally, and why I don't encourage others to use it (besides the fact that no else uses it) it's a functionality issue. I need to be able to access my email via my computer, phone, AND web browser (potentially not on a computer I own/control). My understanding is that is not easy to accomplish - maybe I've been misinformed. Until then, it's hard to start using pgp.
To answer your question, a good place to start might be a company like Good Technology - given their involvement in email solutions for so many large corporate customers.
I can only assume that problem has been fixed after Snowden leaked PRISM, but it illustrates the mentality you speak of quite vividly.
https://www.gnu.org/philosophy/no-word-attachments.html
Sorry for the unreadable list. Thank pg for the shitty markup format.
Then, just start using OpenPGP. For every recepient with a known key encrypt the message, for others - sign it. Users will notice your emails have some fancy security-related icons and curiosity will eventually prevail.
Almost works with S/MIME for me (but since obtaining a certificate is not trivial - only "almost", not really).
I wish this were true
Just a tiny unobtrusive icon "hey, your key wasn't backed up, want to fix that?" would probably do the trick.
And with a proper passphrase I think one can even backup to the cloud(tm) without much worries.
The aim of email encryption is in a large part to prevent government-level parties from reading the emails. It doesn't really make sense to then go back to a system controlled by the very same parties.
OpenPGPs web-of-trust model seems more appropriate.
But both approaches share a significant number of problems, so...
It's handy too, as I can sign emails using my iPhone just by importing my p12.
All this "oh my god but PGP is so complicated, how can a regular user be expected to use all this?" thing is crap we use to delude ourselves into ignoring the fact that most e-mail users are too ignorant to understand why invasions of their privacy are so dangerous, let alone that it can be done or how.
Seriously, it's not complicated. There are a ton of everyday tasks that are far more complicated than setting up and using Enigmail, and yet average users do them every day. If people can set up a fucking network printer with HP's crapware, they can most certainly use a PGP plug-in for their e-mail client of choice.
PGP does have a lot of problems, from unencrypted subjects to usability problems with mailing lists and stuff. But it's still better than nothing, and if poor usability were such an important factor, Altair 8800 would have been the first and last PC.
But even if all these problems were to be solved, we'd still face the fact that the vast majority of e-mail users don't even know what a mail client is, don't understand just how widely-available the contents of their messages are, and don't really understand the far-reaching implications of them being available pretty much in the open.
And even after that, we'd have to face the even sadder reality that this is but a really tiny win in terms of privacy, because convincing people to use PGP is nothing compared to convincing people to stop using Facebook, Google and webmasters to stop using the tracking shit that fills 90% of the post-web 2.0 pages.
PGP is fucking complicated, annoying, and non-user-friendly to use as a computer literate individual that codes for a living. How do you expect the chain-email-forwarding-toolbar-installing-click-here-for-free-smileys average person to understand it, with the knowledge that screwups in encryption land have the very real possibility to render all that work useless?
The average person doesn't see the value proposition for going through all that effort. Shouting "GOVERNMENT SCARY" at them isn't going to work.
Solving problem 0 would be a massive net benefit for society. You need a cross platform and cross client tool that looks good, is easy enough for my gran to understand, and that does the encryption right.
There is no such tool that exists today.
The Catch-22 is problem #1, after problem #0.
You can encrypt your own stuff all day long, but you aren't emailing encrypted stuff to anyone until a critical mass of people have also gotten past problem #0 long enough to have avoided saying "fuck it" and have distributed their public keys to everyone they know.
On top of all this, you're pushing encryption as a philosophical measure rather than a practical one. For more on how pure philosophy holds up when practicality intrudes, look at the free software movement.
I really don't think it is. Yes, it took me two days or so of reading stuff and chaining commands when I was using mutt. Enigmail is literally point and click. You follow a wizard with three screens or so to set up and all you need to learn after that is how to do the whole web of trust thing. It takes about as much time as it takes to learn Word's stupid track changes mode.
Don't get me wrong, I'd love to see it even easier to use, but it's in a state where it's pretty much useable without being a hacker.
> Shouting "GOVERNMENT SCARY" at them isn't going to work.
Not only government scary. People don't understand that snooping e-mail isn't done only by the government, it's also done e.g. by, and for the benefit of, media agencies. The combination of Gmail and Google's bubble alone is enough to limit everyday choices for them, like purchasing things, learning about controversial matters and planning a holiday. Even in the post-Snowden world, most people don't understand that there is a huge audience for personal data besides the NSA, and it has an impact on everyday life beyond scary slogans like surveillance state.
> On top of all this, you're pushing encryption as a philosophical measure rather than a practical one.
The same can be said of many things that otherwise look idealistic. People are also pushing for widely-available education, or research in fundamental topics like particle phsyics, for what look like "philosophical" reasons rather than practical ones. The gap between "philosophical" and "practical" seems to be one of volume: it's "philosophical" when few enough people understand why it's practically necessary. It's a trait of perception, not an inherent trait of the object, which is why I think it's a matter of education. 30 years ago there seemed to be very little practical value in PCs, too, and anyone pushing for widely available computer use was, at the time, as much philosophical as I am about this today :-).
Edit: not that I am denying the gap that exists between implementing purely philosophical principles and implementing purely philosophical principles in a practical way. Linux is, in many ways, less "free" in terms of philosophy than GNU Hurd is. I'll gladly buy a gallon of beer for anyone reading and replying to this post from a computer that runs GNU Hurd.
A few ideas why google won't mind encryption that much:
http://www.reddit.com/r/tech/comments/278cze/google_launches...
> Is there any hope?
TextSecure is already offering a secure communication service(that in my view could be a decent replacement for email). They will also release a browser extension in the future. Those(and the fact google's involved) are good signs for google's encryption project , at least technically.
And assuming the technical infrastructure for easy encryption does exist, i can see some sort of hybrid model[1] becoming popular and/or mandated in some groups, and growing from there.
[1]For example, textSecure/redPhone's model lets you send sms to everybody, but if it detects the other side has encryption , it encrypts it. There's also an easy to use method for out-of-band key verification.
It's just too much hassle. People don't use it unless they absolutely need to. Signing is slightly more common, and might be easier to bootstrap.
Start by signing your mail. We might be able to persuade banks and other phishable businesses (e.g. Paypal) to start signing mail too. That gets the keys in place.
You mention gamification; some sort of automated system that hands out rewards or does something useful if you send it a PGP-signed mail might be a way to do this.
* Key generation and exchange is a challenge. Most people I have taught how to use gpg / pgp can't seem to figure out how to publish there keys, send or receive keys.
* Entering your password often is a pain. Most people I have taught have given up using this on a day-to-day basis because its just such a pain.
As an aside, there's the problem of improper use. Right now there are too many choice as to how you can setup pgp leading to the problem of people using it wrong. And don't get me started on private key security. Most people do NOT want to think about this. Quite honestly, I agree. Something needs to be done to make it very hard to compromise your own private key.
1) Whenever you want to send an email you look up the PGP certificate for the domain (yes domain) you are sending it to in some central keyserver. If you find it pin that certificate for future use and sign and encrypt the email. If you don't find it just send a normal email, possibly still signing it.
2) For a sysadmin to start using the scheme just publish a public PGP key in the central keyserver and when you receive an email that's encrypted with your domain key decrypt it and deliver it to your user.
This buys you a few things. For large hosting providers (say Gmail) you get a little better security than the current SSL between mailservers setup because it's harder to MitM and can be relayed between mailservers without security issues. You also get a PGP signature attesting that the email does indeed come from @gmail.com and isn't spoofed. Individual users that care can then use this scheme to get user-level encryption by having email in their own domain @myname.net. You could even outsource the @myname.net mail server to a normal POP/IMAP provider and publish the PGP key to the central server yourself. The provider then gets the encrypted mail and you decrypt it locally in your mail software.
But maybe relaying doesn't really happen these days and fixing STARTTLS would give you most of this with SSL certificates instead.
Bingo.
That would make running your own mail a little easier. Use any normal SMTP/POP/IMAP email service to handle the network side and then encrypt/decrypt locally. You only have to trust your own mail user agent running on your own hardware. As it stands right now to run my own email (something I've been contemplating) I have to either put my SSL key in a machine I don't control (e.g. Linode VPS) or try to run a mail server on a residential internet connection. Neither seems a good option.