> I'd like to, but the people I email don't know how to (or won't) use encryption.
The situation today is even less conducive to getting the people I email to use encryption than it was 10 years ago. In the past there was maybe a chance I could convince people to install a plugin, or in the case of family members I could set it up myself when visiting. But now everyone uses Gmail, and often uses it from multiple devices, which makes that difficult. There are browser plugins that will try to do GPG in Javascript, but they seem to break routinely with Gmail changes, and the one that used to be most used (FireGPG) was discontinued. And the Gmail app on mobile devices doesn't support such extensions anyway.
It's not just that people are using webmail that's preventing PGP adoption - it's that PGP, specifically, is orthogonal to usability and convenience of email.
I, for example, am capable of encrypting my email but I actively don't care to. I'm in the "I don't, because the content of my email is just not that important." on the poll.
Webmail's prevalence may make PGP adoption more difficult, but I want more webmail prevalence and I don't care about PGP adoption and I'm pretty confident that's the way the world's going to go. Someday there will be something webmail-like which has encryption anyway and that might catch on - I'd even use it. In the meantime? People who need it can use special tools.
You may not think that your email's that important but your unwillingness to care means you've inadvertently extended that judgement to everyone else who may want to correspond with you. This effect worries me the most about our modern, connected world.
NB: Just to be absolutely clear, I'm not picking on you specifically (and I suspect there are many people who hold the same opinion as you). I'm just trying to point out what I see as a problem with the "my email isn't important" argument.
I don't really see email as any more secure than snail mail right now (which can be taken from your mailbox and read, albeit with stiff legal threats if anyone catches you). There wasn't an appropriate poll option for "I don't care because I don't think email can be both effective and secure in the near future and I prefer effective".
People who need encrypted email will figure out how to do it and I think that's enough for now. I don't think lamenting how slow PGP adoption is makes sense, though - it will never, in its current form, be mainstream.
I personally consider webmail to be way inferior to any decent standalone client. I only use it out of necessity, when no other option is available. Thudnerbird with Enigmail and IMAP+SMTP do their job just fine otherwise. But the fact that many people have no clue about encryption makes it harder to use.
I don't think PGP is complicated. I think the implementations are subpar (mainly due to lack of interest toward encryption and thus "good enough" generally won)
Even the command line gpg options aren't quite right..
gpg4win[0] works -- or it did the last time I used it anyway (several years ago) -- and from a quick search I found "Outlook Privacy Plugin"[1] (for 2010 and 2013).
Unfortunately, the best solution I've found for Windows is the commercial PGP product[2]. It's not free or open source but it does work and it configures itself for opportunistic encryption, so that's a plus.
People who use Gmail can use Thunderbird with Enigmail. It works very well and there are detailed tutorials available. I agree though, it's still not as easy as it should be.
K-9 mail still only works with inline PGP though, not with PGP/MIME. K-9 Mail is so close to being the perfect mobile email client IMO. Open source, decent UI, fast, fully featured, but it's half-finished PGP implementation is so frustrating.
Also, APG it's self still lacks a bunch of features, and it seems to have been abandoned.
I want a Firefox OS phone, but until there is an email client which supports PGP, it will be useless to me.
> And the Gmail app on mobile devices doesn't support such extensions anyway.
It should be easy to do such things using Substrate. (I'd even argue easier than via JavaScript, as backend logic code and variables cannot be hidden and protected inside of closures.)
I don't if its borne more out of cynicism or laziness, but I feel as though if a shadowy government organization has the ability to peer into every major facet of the Internet, me encrypting my email isn't going to do much to stop them from getting whatever they want to know about me.
(Put another way: I'm more embarrassed about the subreddits I browse than the emails I send.)
> (Put another way: I'm more embarrassed about the subreddits I browse than the emails I send.)
That is probably true for a lot of people. I hope reddit admins shed some light on this: how long are the logs identifying users stored for? What is the chance that they can be stolen, or given up en masse to the authorities? Roughly what number of IP's have been requested by the authorities -- hundreds of them? thousands? Or?
> encrypting my email isn't going to do much to stop them from getting whatever they want to know about me
Overused analogy: if a burglar wants to break into your {car,house,...} bad enough, they eventually will. Do you make it easier on them by leaving your windows open and doors unlocked?
One thing being left out of this discussion so far is signing, which is arguably just as important in many cases as encryption. There are a fair number of situations where you don't care all that much who can see the data, but you care a lot that it comes from the person you think it does. I think it's worth mentioning, since encryption and signing generally go hand in hand.
That's really interesting. I wonder though if signing would have a negative effect in terms of privacy?
i.e with message signing, a third party can prove that a message was sent by you.
Whereas with an unsigned email, you'd at least be able to plausibly deny that you sent it. You could claim it was forged.
But then again, with secret and silent data collection systems you're not really in a position to deny anything anyway.
I have a feeling you'd have a hard time denying an unsigned email with your name on it to a court if it came to that.
a couple of years ago i started signing my emails.
unfortunately a lot of my mails got deleted by the recipients, because there were "some very strange things" (the signature) at the end of my mails and they were afraid of malware like viruses or trojans.
i wanted to increase the level of trust in my messages and achieved the complete opposite.
i stopped signing my mails a couple of weeks later, after a clients secretary phoned me to inform me "i had a virus on my computer".
Reminds me of the time I emailed a HN discussion to a friend in an adjacent room in the office. She hit the link and then closed it in a panic as soon as she noticed the word "Hacker" in the tab title.
If you don't want to confuse people when you sign your e-mail, make sure you're using PGP/MIME not inline signing. I've been signing my mail for years and had almost zero problems doing this.
Using GPG, I encrypt sensitive e-mail, such as e-mails that include credentials for another system. However, I do not encrypt all e-mail, even to recipients who use GPG.
The bottom line is this: the user interface of GPG is awful--among the worst this side of Git. "Barely usable" is the briefest way I can describe it.
And it's not the key exchange that makes it so bad; exchanging keys is the easy part. My gripe is with the routine UI clunkiness of GPG. For example, it's not possible to paste into or use Keepass' "auto-type" feature to type my passphrase into the GPG dialog. So I have to manually type my sequence of 50 random letters, numbers, and symbols nearly every time I receive an encrypted e-mail. It's so bad that unless an encrypted e-mail is urgent, I'll defer it until I'm in the mood to look up and type my passphrase.
I could have typed this comment. I'm glad I'm not the only one to work that way and think that way.
Note: it's possible to hack in a pinentry program that is compatible with "what you want" (pretty sure it's doable for keepass). Easier than emulating gpg-agent and/or more convenient than using a smartcard.
You may consider a smart card or a different mail client/UI if/when you need to make use of encrypted mail. I use mutt as my mail client and I could easily paste in my passphrase if I wanted to.
I'd use encryption and try to convince others to as well, but I rely on email search too much. I'm sure a lot of people don't bother to 'tag' or 'label' their email, but instead rely on search to find messages with certain content in them. Maybe I'm wrong, but I don't see a way to have both with the server being unable to read the contents of the email to build a search index.
Search index could be protected to some extent by using a bloom filter.
This way attacker could only recover unordered list of dictionary words that were in the message and the list would contain false positives (they could tell whether you write love letters or bomb threats, but couldn't get your password reset URLs).
I just tried GPGTools[1]; I generated a key and set it as default in Preferences. I sent a test email with the "OpenPGP" button glowing. I'm prompted for the password, yet it's still sent as plaintext - it only adds a signature to the bottom of the email. Why doesn't it encrypt the text? Does it have to be email?
I also can't use S/MIME even though I got a certificate, I don't know how to use it.
This is expected behaviour, you're just "signing" the message with your key at this stage. You need to import someone else's public key before you can send an encrypted message /to them/.
You need the public keys of your contacts before you can send them encrypted messages, so encryption is normally enabled on a per contact or per message basis. I think the signature is there to provide a level of assurance to your PGP enabled contacts.
You might find it interesting/useful to read about:
steganography[1], anonymous remailers[2] (particularly the Mixminion[3] type), the Paranoid Security Guide[4] (which was on HN today[5]), and a nice talk on privacy and anonymity options[6][7]
There were also a couple of lists of darknets on HN recently, but I can't find them right now.
I actually had a few of my friends using OTR, until they realized that
- it's extremely buggy between software (e.g. Jitsi + Gibberbot)
- it's a huge hassle to use on multiple devices
Then PRISM came out and... they didn't care.
Email is the same way: give me a way to, without spending much extra time, use encrypted email on my phone and any computer I come across, and I'll use it. Otherwise, it doesn't seem worth it.
The best thing I can come up with is js based encryption, where the server stores my private key, encrypted. For widespread adoption, though, you'd still need an Android app, an iPhone app, and a Windows 8 app, and it goes without saying that browser-based encryption in js is subject to a myriad of attacks.
Yeah.. OTR implementations generally succeeded being more painful to use than PGP/GPG. Aaaand they don't even have the trust model of PGP... too much to sacrifice for the forward secrecy and what not.
I haven't had any trouble with OTR, and this is the first I've heard of interoperability problems (but I haven't gone looking for information on them before). I wonder if it's due to a lack of client diversity among my contacts. Most of us use either Adium (which has OTR built in) or Pidgin with the OTR plugin, and they seem to interoperate ok.
i've tried, and you seriously have a snowflake's chance in hell of convincing any "regular" users of email to bother with encryption, they always look at me like i'm some kind of tinfoil hat nutter.
Really? For some reason I guess I didn't see it on the list.
The only people I email back and forth with that have a GPG key are privacy aware people. Even in light of recent events; it's still very hard to convince people that they should be using encryption to protect their communications!
Email encryption, I think, has the social stigma of being associated with a paranoid state of mind when it really should be associated with the human right to privacy and protection people feel when they lock the door at night or set their house alarm system.
So to find out how hard this was I recently tried to setup smime, and it actually isn't really that hard. No plugins required and fully integrated with Mall.app on mac, and my iOS devices. For easy steps on how to do this see here:
What make s/mime easy to use is that those who receive the smime attachment on compatible software can see and validate signatures even without setting up their own s/mime identity. They can also accept your public key so when they do setup s/mime they are ready to encrypt message to you just using the signature attachment on one of your messages.
So s/mime at least has an intermediate value even if you are the only one of your friends using it. You can sign things and they can confirm your signature.
Also gpgtools (https://gpgtools.org) just released a new version that has a plugin for the latest Mail.app. However, public key infrastructure is a little more complicated process, and you'll have to explicitly acquire each person's key, and a signatures can not be validated until the recipient also has gpgtools installed.
As an ex cypherpunk, s/mime seems to have a number of security issues with it. First is how it is generated. When I got my cert from COMODO as outlined above the file was saved from the web browser to my downloads file. This struck me as odd. Does this mean they could have copy of my cert? This is convenient, but keys should be generated securely by the user on their own machine.
Also there is the issue of security in terms of how does the signature work. Does it sign then encrypt, or encrypt then sign, or sign then encrypt then sign again? See the non accepted answer by Adam Liss for a discussion of the security issues of this here:
Nevertheless s/mime works well in many tools and on iOS devices, and is not nearly as hard as most people think. Someone who wants to sell certs could make a video that even grandma could follow.
> When I got my cert from COMODO as outlined above the file was saved from the web browser to my downloads file. This struck me as odd. Does this mean they could have copy of my cert?
There are client-side APIs (e.g. Blob+<a download> or FileSaver.js) for saving locally generated files from JS, though I have no idea if COMODO uses them.
In an enterprise environment (in other words, Active Directory, Exchange, and Outlook), e-mail encryption (S/MIME) can even be rolled out and centrally managed with zero effort from an end user.
In the scenario you describe above, the unencrypted contents of your email are now generally stored on at least 4 machines (maybe 3 depending on what the recipient's POP settings are), with only one most likely being under your control (the client you wrote the mail on).
The benefits of encrypting the message as well as the transport are mostly for dealing with that fact.
you generally only know about the crypto on the first smtp hop. SMTP crypto is fail-open, unauthenticated and not end to end. it's transport only, decrypted on each SMTP hop.
mail-transfer-agents are configured fail open by default. There is nothing about SMTP that requires fail open. You can configure postfix to require TLS for all destinations or for specific domains if you want to:
This is a bad poll. I use TLS for all my imap and internal smtp, and prefer using tls for anyone externally, but don't enforce tls or do cert checking for external mail.
I use PGP infrequently, but for sensitive things; for anything routine and sensitive (passwords), OTR over XMPP chat is easier to set up with most people.
I guess in this poll that's "regularly encrypt most but not all of my email"?
I only rarely encrypt email messages themselves, mostly because few (if any) of their recipients have personal certificates. Of my encrypted messages, most aren't sent using S/MIME or whatever we are calling the standard these days - recipients get a link to a web site, where they have to register an account, authenticate, and view the message. That's not only cheating; it's also pretty weak in terms of assuring confidentiality. To be honest I think the point of the web site is that it lets you send large files to people, not strong crypto.
All of the email servers I operate support STARTTLS. Transport-layer security is just as important to me as message integrity/confidentiality/authenticity. If I could get away with it, I would force all SMTP traffic over TLS, just like I already do with my web sites (even my intranet sites are HTTPS-only). As with my human correspondents, many of the MTAs out there don't support SMTP encryption.
I sign every email I send from my computer, thanks to my client's use of smartcards for employee badges. Windows and Outlook both make this really easy to do. Mac OS X, BSD Unix, and Linux? Not a great user experience there. And smartphones? I don't know if accessing a smartcard is even possible. I wouldn't mind putting certificates on my phone as long as accessing them would still require a PIN, but my client's enrollment process doesn't encompass smartphones yet, plus I sincerely doubt that they are as difficult to compromise as my smartcard.
At one point, I was able to get an S/MIME setup going in Mail.app, and it would automatically encrypt emails sent to others whom had previously sent me a signed message.
Unfortunately, there were tons of mailing lists and clients that would choke even on the signed messages, plus renewing the certificate and all that was too time consuming.
I'd like to, but it's too much trouble and noone else doesn't so it's pointless..
To echo some of the comments here, I think the main factors making this (PGP, GPG usage) unfeasible at the moment is:
1) Too hard for casual users (=others don't use it)
2) PGP/GPG is ridiculously difficult when using webmail or mobile email clients.
3) Your email usabiliy suffers. With this I'm referring to your ability to search your emails. Once you are using encryption, you can't find anything in it, unless the email is decrypted and saved plain in your email storage.
The usability part is actually forgotten quite a few times in discussion, but I think it's a big problem. If you opt to decrypt and save it, this would be ok, if it happens on your client (local db), but not stored remotely (eg. webmail/imap box). This problem comes with a whole lot of issues attached.
The results of this thread are disheartening.
That said, the majority of technical people in my professional and social circles do not use any form of email encryption.
I think it comes down to a combination of how few people use it and how much more work is required. The only people I know who use it are exactly the ones you'd expect: those who do things like go to DEFCON every year.
That's not to say that my other friends aren't sometimes cautious with some of their data, they just go to the length of doing face-to-face sharing of physical media and not having intensely private/personal conversations over the phone. Basically they (we?) all just assume that there's no way to protect it once it's on the wire, so "why bother?".
I can't stress enough how important holding/going-to a CryptoParty (or similar) is.
At work, we use mail-system based encryption like Zix, IronPort or Voltage. Those solutions provide guaranteed encrypted transit to the recipients public network boundary. Depending on the content, the system either just ensures that messages travel via TLS or requires explicit authentication via a web interface.
In my personal life, I haven't used mail encryption since my college days with some crypto geek friends. I do have an OpenGPG card and public key published, but I mostly use it to encrypt data at rest on cloud storage platforms or USB keys.
Even if you think that your email is unimportant and you've got nothing to hide, you probably still don't want people being able to use your email account to take over your other accounts (password reminders) if they get access to it.
I honestly encrypt email far more often in my government job than I do outside of work. Everything at my job is streamlined to support it, outside I'd have to convince people to install S/MIME or PGP for any one of numerous email clients. And mailing lists would be a whole 'nother separate ball of wax.
I don't think I've encrypted an actual email even once.
However, I do encrypt attachments or drop-box blobs from time to time. E.g., I might make a self-extracting PGP archive of a directory of tax info encrypted with a symmetric key, put it on Google Drive, and send the link to my accountant, having shared the key out of band.
I'd like to mention that a good part of my (professional) social network switches to retroshare. And I'm forced to go with them if I want to stay in touch. :)
The situation today is even less conducive to getting the people I email to use encryption than it was 10 years ago. In the past there was maybe a chance I could convince people to install a plugin, or in the case of family members I could set it up myself when visiting. But now everyone uses Gmail, and often uses it from multiple devices, which makes that difficult. There are browser plugins that will try to do GPG in Javascript, but they seem to break routinely with Gmail changes, and the one that used to be most used (FireGPG) was discontinued. And the Gmail app on mobile devices doesn't support such extensions anyway.