
What will it take to get people using PGP for email? - plg
I work at a large organization (thousands of individuals). I wonder what would happen if on July 1st I adopted a new email policy, that any non-encrypted email sent to me would be automatically deleted (and an automated reply sent to the sender, containing instructions for how to use PGP).<p>I can&#x27;t encrypt all email I&#x27;m sending out, unless I have the recipient&#x27;s public key ... and if they don&#x27;t use PGP then they won&#x27;t have one ... and I can&#x27;t exactly do it for them. I suppose I could send them an unencrypted email saying &quot;I have a message for you, please send me your public key so I can encrypt it&quot;) but my guess is that they would simply ignore it if it involves more than 3 seconds of extra &quot;work&quot;.<p>My prediction is that probably it would have no effect, people would just behave as before and would start to complain that I don&#x27;t respond to emails.<p>So what would it take to get people --- not just at my company, but in the wider world --- to use encryption?<p>Is there a single organization out there that everyone corresponds with, that could spark the change, if they abruptly (but with warning) adopted an encrypted-only policy? Maybe banks? Or governments (eg to file tax returns you need a public&#x2F;private key pair)?<p>Is there some way to gamify this so that there is an incentive for people to encrypt?<p>What about a white-hat hacking approach whereby people are shown what is world-readable (and by whom) when they send email unencrypted?<p>Gmail seems like an obvious entry point ... but it would go against their business model (they could no longer mine your emails).<p>Is there any hope?<p>I would still like to try my experiment ... but I also want to avoid becoming the tinfoil-hatted long-bearded crank of my organization.
======
Sae5waip
Here are some problems, from the top of my head, in no particular order:

    
    
      - Subjects can't be encrypted.
      - Encrypted mailing lists are complicated. Do you reencrypt in the middle?
        What software do you use? The mailing list manager you use right now probably doesn't support it.
      - Enigmail still doesn't support storing e-mails decrypted*. As a consequence, full-text search doesn't work.
      - There's also S/MIME.
      - Theres no software to manage public/private keys enterprise-wide.
      - Legitimate server-side email retention requirements for enterprises
      - Many people are quite alright with "most other people won't be able my email; maybe governments can".
      - Most emails quite simply aren't that important.
      - How do you deal with lost keys?
      - Webmailers
      - Often, as a sender at a company, you can not afford to inconvenience contacts.
      - No easy way to synchronize keyrings.
      - Server side spam filtering not possible
      - Out-of-office auto-forwarding
      - The other side uses gmail.
      - Your mother keeps asking why you aren't on Whatsapp.
      - The "metadata" (who mail whom? when? how long are the emails?) is quite telling.
    

Please solve all of these.

Sorry for the unreadable list. Thank pg for the shitty markup format.

------
weland
My highly cynical take: education. It will fucking take education.

All this "oh my god but PGP is _so complicated_ , how can a regular user be
expected to use all this?" thing is crap we use to delude ourselves into
ignoring the fact that most e-mail users are too ignorant to understand _why_
invasions of their privacy are so dangerous, let alone that it can be done or
how.

Seriously, it's not complicated. There are a ton of everyday tasks that are
far more complicated than setting up and using Enigmail, and yet average users
do them every day. If people can set up a fucking network printer with HP's
crapware, they can most certainly use a PGP plug-in for their e-mail client of
choice.

PGP does have a lot of problems, from unencrypted subjects to usability
problems with mailing lists and stuff. But it's still better than nothing, and
if poor usability were such an important factor, Altair 8800 would have been
the first and last PC.

But even if all these problems were to be solved, we'd still face the fact
that the vast majority of e-mail users don't even know what a mail client is,
don't understand just how widely-available the contents of their messages are,
and don't really understand the far-reaching implications of them being
available pretty much in the open.

And even _after_ that, we'd have to face the even sadder reality that this is
but a really tiny win in terms of privacy, because convincing people to use
PGP is _nothing_ compared to convincing people to stop using Facebook, Google
and webmasters to stop using the tracking shit that fills 90% of the post-web
2.0 pages.

~~~
Karunamon
Difficulty is problem #0.

PGP is fucking complicated, annoying, and non-user-friendly to use _as a
computer literate individual that codes for a living_. How do you expect the
chain-email-forwarding-toolbar-installing-click-here-for-free-smileys average
person to understand it, with the knowledge that screwups in encryption land
have the very real possibility to render all that work useless?

The average person doesn't see the value proposition for going through all
that effort. Shouting "GOVERNMENT SCARY" at them isn't going to work.

Solving problem 0 would be a massive net benefit for society. You need a cross
platform and cross client tool that looks good, is easy enough for my gran to
understand, and that does the encryption right.

There is no such tool that exists today.

The Catch-22 is problem #1, after problem #0.

You can encrypt your own stuff all day long, but you aren't emailing encrypted
stuff to anyone until a critical mass of people have also gotten past problem
#0 long enough to have avoided saying "fuck it" and have distributed their
public keys to everyone they know.

On top of all this, you're pushing encryption as a philosophical measure
rather than a practical one. For more on how pure philosophy holds up when
practicality intrudes, look at the free software movement.

~~~
weland
> PGP is fucking complicated, annoying, and non-user-friendly to use as a
> computer literate individual that codes for a living.

I really don't think it is. Yes, it took me two days or so of reading stuff
and chaining commands when I was using mutt. Enigmail is literally point and
click. You follow a wizard with three screens or so to set up and all you need
to learn after that is how to do the whole web of trust thing. It takes about
as much time as it takes to learn Word's stupid track changes mode.

Don't get me wrong, I'd _love_ to see it even easier to use, but it's in a
state where it's pretty much useable without being a hacker.

> Shouting "GOVERNMENT SCARY" at them isn't going to work.

Not only government scary. People don't understand that snooping e-mail isn't
done only by the government, it's also done e.g. by, and for the benefit of,
media agencies. The combination of Gmail and Google's bubble alone is enough
to limit everyday choices for them, like purchasing things, learning about
controversial matters and planning a holiday. Even in the post-Snowden world,
most people don't understand that there is a huge audience for personal data
besides the NSA, and it has an impact on everyday life beyond scary slogans
like surveillance state.

> On top of all this, you're pushing encryption as a philosophical measure
> rather than a practical one.

The same can be said of many things that otherwise look idealistic. People are
also pushing for widely-available education, or research in fundamental topics
like particle phsyics, for what look like "philosophical" reasons rather than
practical ones. The gap between "philosophical" and "practical" seems to be
one of volume: it's "philosophical" when few enough people understand why it's
practically necessary. It's a trait of perception, not an inherent trait of
the object, which is why I think it's a matter of education. 30 years ago
there seemed to be very little practical value in PCs, too, and anyone pushing
for widely available computer use was, at the time, as much philosophical as I
am about this today :-).

Edit: not that I am denying the gap that exists between implementing purely
philosophical principles and implementing purely philosophical principles _in
a practical way_. Linux is, in many ways, less "free" in terms of philosophy
than GNU Hurd is. I'll gladly buy a gallon of beer for anyone reading and
replying to this post from a computer that runs GNU Hurd.

------
napoleond
As someone who's spent a lot of time and money trying to solve this problem, I
will say that the biggest impediment is usability, and the largest technical
hurdle on that front is key management (general users will never, ever take
the time to understand what they're supposed to do with their keys). Beyond
those problems, though, are the other problems mentioned elsewhere on this
page; the inherent weaknesses in email that PGP can't circumvent (specifically
the meta-data leaks--who is sending messages to whom). I think Adam Langley's
Pond[0] is the most interesting candidate for an email replacement, although
it's not yet ready for prime-time (and even further from a level of usability
that could reach mass appeal).

[0] [https://pond.imperialviolet.org](https://pond.imperialviolet.org)

------
jccooper
The only way to get people to encrypt their email will be to make them want to
encrypt their email enough to overcome whatever hassle it takes to do so.

Most people seem focused on making the second part of that equation (the
hassle) small. Which is great. But even if you can somehow get it to 0, that
may not be enough to get it over the hill.

That leaves making people want to encrypt their email. And abstract notions
like the NSA aren't going to be enough. It needs to be personal and immediate.
So: if you really want to encourage secure email, start intercepting clear
email and responding to it. The surprise introduction of a third party in the
email conversation will cause most people to realize their email is not secure
(which almost everyone doesn't know) and create an impetus for action.

Now, this is a pretty nefarious scheme (grey-hat at best) and extremely
dangerous due to the inevitable legal freak-out, and I'm not going to be doing
it, but if I wanted to encourage the world to move to secure email, it's how
I'd do it.

------
taeric
I think the sad truth is that not only is encryption inconvenient for most
emails from most users. It is just not even necessary. So, you are trying to
decrease convenience for...?

It is worse in the web world. I _want_ someone to be able to index my emails.
As I do actually search on them rather often.

Unless there is a homomorphic technology I'm not aware of (very possible) to
allow searching over encrypted emails, then I don't know how you can get
around the fact that there is a third party that has access to the
unencrypted. Once that happens, game is over. Right?

~~~
eof
well, you could keep a copy/index locally and just search through that..

~~~
taeric
Right, a fairly massive decrease in convenience. And renders search for email
rather worthless on my phone. (Which, to be fair, is already rather crappy.)

------
kenjackson
Make email work exactly as it does now, but it is encrypted -- then people
will use it. If you make it more inconvenient then it is a non-starter as
email privacy from Google or the NSA just isn't a concern for 99.9% of people
(stat made up).

~~~
DanBC
Google is a great example. People were warned about severe privacy risk of
using GMail, but Google made it really easy to use, has amazing spam
filtering, and gave away 1 GB of storage.

~~~
mpyne
I read an article the other day about how jihadist software developers were
complaining that higher-up leaders in their terrorist organization refused to
switch away from GMail. And this from the very groups that should have known
better!

I can only assume that problem has been fixed after Snowden leaked PRISM, but
it illustrates the mentality you speak of quite vividly.

------
shawkinaw
It seems to me that S/MIME has a better chance for wide adoption due to it
being built in to many email clients (Mail on OS X/iOS at least.) However it's
still up to the user to get a certificate, which is a barrier. But I'm curious
what others think, as I haven't seen S/MIME brought up in the recent encrypted
email threads.

~~~
plg
It's true, S/MIME would seem to be a more convenient method for wide
adoption...

~~~
Sae5waip
The problem with S/MIME is that it is strictly hierarchical. That already
hasn't worked well for TLS.

The aim of email encryption is in a large part to prevent government-level
parties from reading the emails. It doesn't really make sense to then go back
to a system controlled by the very same parties.

OpenPGPs web-of-trust model seems more appropriate.

But both approaches share a significant number of problems, so...

------
rbcgerard
I think it's a great question.

When I think about why I don't use pgp personally, and why I don't encourage
others to use it (besides the fact that no else uses it) it's a functionality
issue. I need to be able to access my email via my computer, phone, AND web
browser (potentially not on a computer I own/control). My understanding is
that is not easy to accomplish - maybe I've been misinformed. Until then, it's
hard to start using pgp.

To answer your question, a good place to start might be a company like Good
Technology - given their involvement in email solutions for so many large
corporate customers.

------
pedrocr
Here's a scheme I've been thinking about. It's an opportunistic PGP setup:

1) Whenever you want to send an email you look up the PGP certificate for the
domain (yes domain) you are sending it to in some central keyserver. If you
find it pin that certificate for future use and sign and encrypt the email. If
you don't find it just send a normal email, possibly still signing it.

2) For a sysadmin to start using the scheme just publish a public PGP key in
the central keyserver and when you receive an email that's encrypted with your
domain key decrypt it and deliver it to your user.

This buys you a few things. For large hosting providers (say Gmail) you get a
little better security than the current SSL between mailservers setup because
it's harder to MitM and can be relayed between mailservers without security
issues. You also get a PGP signature attesting that the email does indeed come
from @gmail.com and isn't spoofed. Individual users that care can then use
this scheme to get user-level encryption by having email in their own domain
@myname.net. You could even outsource the @myname.net mail server to a normal
POP/IMAP provider and publish the PGP key to the central server yourself. The
provider then gets the encrypted mail and you decrypt it locally in your mail
software.

But maybe relaying doesn't really happen these days and fixing STARTTLS would
give you most of this with SSL certificates instead.

~~~
napoleond
_Buy maybe... fixing STARTTLS would give you most of this with SSL
certificates instead._

Bingo.

~~~
pedrocr
The only thing TLS in the mail server can't give you is a way to outsource the
running of your domain's MX server without trusting that server with your SSL
key. If the sending server PGP encrypts instead you can decrypt it later.

That would make running your own mail a little easier. Use any normal
SMTP/POP/IMAP email service to handle the network side and then
encrypt/decrypt locally. You only have to trust your own mail user agent
running on your own hardware. As it stands right now to run my own email
(something I've been contemplating) I have to either put my SSL key in a
machine I don't control (e.g. Linode VPS) or try to run a mail server on a
residential internet connection. Neither seems a good option.

------
rakoo
I thinnk PGP can't have a widespread adoption on its own. We need to piggy-
back it on another network of trust.

Here's a scheme for such an application:

\- By default, if the person you're communicating with is not in the network,
you're out of luck. Maybe send a message along these lines: "I'd like to
communicate with you but you don't have a secretcommunication key. Could you
please create one so we can have some privacy ?"

\- On first launch, you create a PGP pair and send the public key to networks
you trust: Facebook, G+, HN, reddit, whatever. By "trust" I mean "you trust
the network to give you the correct identity of your contacts": you've
befriended that Maria on Facebook, so you can trust it to give you the correct
public key that Maria created on her machine

\- When you want to send an email to maria, your application fetches the
public key on either network (if it doesn't have it already) and uses it to
encrypt your communication. Note that the application MUST NOT sign the
identity for you; it should just raise no warning. It MUST always be up to the
user to sign these.

In a very broad sense, that's what keybase.io is doing: instead of being yet
another provider of trust, it re-uses the trust you have already built in
other networks.

The number 1 problem to tackle is make sure anyone who wants to create an
account will also create a PGP key.

------
hershel
> Gmail seems like an obvious entry point ... but it would go against their
> business model (they could no longer mine your emails).

A few ideas why google won't mind encryption that much:

[http://www.reddit.com/r/tech/comments/278cze/google_launches...](http://www.reddit.com/r/tech/comments/278cze/google_launches_chrome_extension_endtoend_for/chyftx9)

> Is there any hope?

TextSecure is already offering a secure communication service(that in my view
could be a decent replacement for email). They will also release a browser
extension in the future. Those(and the fact google's involved) are good signs
for google's encryption project , at least technically.

And assuming the technical infrastructure for easy encryption does exist, i
can see some sort of hybrid model[1] becoming popular and/or mandated in some
groups, and growing from there.

[1]For example, textSecure/redPhone's model lets you send sms to everybody,
but if it detects the other side has encryption , it encrypts it. There's also
an easy to use method for out-of-band key verification.

------
salemh
When people/media/govt/everyone is/are still arguing whether the surveillance
state is merited or not, whether Snowden is a traitor or not, a technical
solution is meaningless. The argument over whether it needs a solution needs
to be "solved" or at least agreed on enough that their is an "issue" to be
"solved" anyway.

------
roedog
In a large company, such a change only has a chance if it is mandated from the
top and then the mgmt team is very committed to push the change through for as
long as it takes. Without both pieces it will get killed by apathy at the
middle management layer and below. Without that support the technical
solutions will gain no foothold.

------
drdaeman
First, somehow make popular email software developers (Thunderbird, Mail.app,
etc.) to include OpenPGP support out-of-the box and make it easy to use. I.e.
not a scary-looking interface hidden beneath 4+ clicks deep in settings, but a
simple-to-get "security" button and an unobtrusive suggestion to generate or
import a keypair on account creation. This is an absolute necessity. For
webmail providers ask them to at least provide signature verifications for
PGP-signed mail - that should be acceptable even for Gmail-like ad-based mail-
sniffing business model.

Then, just start using OpenPGP. For every recepient with a known key encrypt
the message, for others - sign it. Users will notice your emails have some
fancy security-related icons and curiosity will eventually prevail.

Almost works with S/MIME for me (but since obtaining a certificate is not
trivial - only "almost", not really).

~~~
plg
"Users will notice your emails have some fancy security-related icons and
curiosity will eventually prevail."

I wish this were true

~~~
bostik
There's a precedence: browsers and their green URL bar blocks for secured
connections.

------
cantrevealname
I'm going to suggest a compromise way to get wide scale email encryption
rolling out: The key benefits are that (1) the user doesn't have to do
anything at all and (2) it prevents mass surveillance and recording of email,
but with a downside that it's not authenticated. There's significant benefit
even when it's non-authenticated.

These days I get email from the other side of the Earth in several seconds. So
adding a few more seconds to delivery shouldn't be a deal breaker on what I'm
about to suggest.

Let every email client do opportunistic _non_ -authenticated encryption with
every other email client. That way, the user doesn't have to do a damn thing.

Example: Alice wants to send an email to Bob. Before sending the real email,
Alice's email program sends an ephemeral public-key to Bob's email program --
hoping that Bob's email will promptly reply with its own ephemeral public-key.
If Alice gets a reply within, say, 20 seconds, great. They can now send
encrypted but non-authenticated email to each other. If Alice receives no
reply or an error message, then her email program sends the email the usual
way (as plaintext).

At this point, most readers will yell "man-in-the-middle attack." Bear in mind
that this can be built upon and improved. The advantage is that it requires
_nothing_ at all from the user; the user might not even realize the email is
being encrypted and decrypted. It requires only that the email client
developers agree on the handshake mechanism.

But importantly, this thwarts the problem that we're most worried about, which
is mass NSA surveillance. Yes, the NSA or others can still do targeted MITM
attacks, but they are unlikely to do a MITM on every email exchange. And if
they did, it would be detected and _provable_ , and result in a backlash
demand for authenticated encryption. Furthermore, clandestine wholesale
recording of your emails is useless because the keys are ephemeral.

~~~
napoleond
Using Gmail (or any SSL-enabled mail server) already affords you those
protections. (I'm not trying to be a naysayer, just that the protections PGP
provides specifically go a step beyond what you're describing, which we
essentially already have.)

~~~
cantrevealname
> _Using Gmail (or any SSL-enabled mail server) already affords you those
> protections._

It absolutely does not.

What I'm suggesting is end-to-end. With Gmail or with SSL-enabled connections,
the host (Google in your example) can read your email; the encryption there is
only between you and Google.

I'm saying that the key exchange should be from your email client
(Thunderbird, Outlook, a browser) to the other person's client. I think it
could be made to work even with Gmail if the functionality was built into the
browser.

~~~
napoleond
I didn't read your parent comment as a suggestion for peer to peer ephemeral
exchange. In that case you would be correct, but negotiating server less peer
to peer key exchange (especially on mobile devices) isn't currently practical.

EDIT: s/parent comment/your parent comment

------
cliveowen
You could adopt a company policy that mandates PGP for everyone as it's not
that difficult to create, distribute and revoke public keys for your
employees. Problems arise when you try to apply this process to the larger
public, as that means having people self-sign their certificates for their
public keys or having one user vouch for another. But that's where security
breaks. Even with CAs on the internet you're never 100% sure you're talking to
a legit entity; any scenario where CA aren't even present is just a nightmare
that doesn't improve security by one bit. It's not just about making sure
nobody except the recipient can read emails it's also about making sure that
the recipient is legit, and that's the problem.

------
pjc50
Suppose, hypothetically, that there was some kind of ultra-phishing virus that
resulted in a 1/100 chance of _losing money_ as a result of sending
unencrypted email ... people still wouldn't use PGP. They'd switch to facebook
messenging or SMS or something.

It's just too much hassle. People don't use it unless they absolutely need to.
_Signing_ is slightly more common, and might be easier to bootstrap.

Start by signing your mail. We might be able to persuade banks and other
phishable businesses (e.g. Paypal) to start signing mail too. That gets the
keys in place.

You mention gamification; some sort of automated system that hands out rewards
or does something useful if you send it a PGP-signed mail might be a way to do
this.

------
schrodingersCat
The problem will all come down to UX.

* Key generation and exchange is a challenge. Most people I have taught how to use gpg / pgp can't seem to figure out how to publish there keys, send or receive keys.

* Entering your password often is a pain. Most people I have taught have given up using this on a day-to-day basis because its just such a pain.

As an aside, there's the problem of improper use. Right now there are too many
choice as to how you can setup pgp leading to the problem of people using it
wrong. And don't get me started on private key security. Most people _do NOT
want to think about this_. Quite honestly, I agree. Something needs to be done
to make it very hard to compromise your own private key.

------
lone
Addresimg the issue of key availability could be perhaps achieved by OS
compatibility. Eg. If two Mac users send each other an email to iCloud
addresses it can be encrypted by default and have iCloud manage the key
exchange. This is just a thought on using the cloud as a part the key
management similar to what Exchange does. It does not mean that is not
hackable since compromising iCloud would compromise both clients but it could
be a good start. Encryption by default among same cloud users.

------
hiddentao
I agree with the points people here have brought up. For my part, I think it
would be good to at least have a seamless OpenPGP interface with at least
signing enabled for all mails (if encryption not always possible), and I'm
working on [https://autonomail.com](https://autonomail.com) to that end. Other
folks (like [https://whiteout.io](https://whiteout.io)) are also working on
similar solutions.

------
1337biz
You already identified the "usability" issues. It would need to be a system
that required people to just get once a "code" for their computer. And then
another systems auto detect if the recipients has also a "coded" machine.

Encryption is just inconvenient for the average user and doesn't provide some
immediate benefit ("My bank needs encryption but I don't need to encrypt my
funny cat pictures").

------
d64f396930663ee
You can make a seamless experience so that people don't even realize that
their email is encrypted, but then the problem becomes: if their computer
crashes and they lose their private key, they have now lost access to every
previous email ever written. That's just unacceptable. I closely guard several
backups of my private key, but most people aren't going to create an enormous
single point of failure like that.

~~~
drdaeman
Backups can be seamless, too.

Just a tiny unobtrusive icon "hey, your key wasn't backed up, want to fix
that?" would probably do the trick.

And with a proper passphrase I think one can even backup to the cloud(tm)
without much worries.

------
gregmorton
About usability. Well, I'm not an expert but runbox.com (with their roundcube
interface) or unseen.is let you use gpg keys in a really easy way. They
generate (or you can import) a pair of keys in the browser so they never have
access to them. The only catch is that if you erase your cache or their
cookies, you lost your keys and have to import them again. By default, runbox
sends your public key as an attachment.

------
bostik
While I understand Sae5waip's list of put-me-downs, I can't really sympathise
with it. A lot of the usability problems boil down to two things, namely

    
    
      * UI/UX, along with proper client integration
      * Discoverability and bootstrapping of the web of trust
    

Make it easy to discover users' PGP/GPG keys, and trivially easy to use them.
Integrate GPG-agent or something with similar functionality so users do not
have to type their passphrases _all the time_.

Then start with sign-by-default policy for all outgoing mail, and add a simple
way to show the distinction in the mail client UI. Remember when browsers
started to show the green locks in URL bars? It wasn't a panachea, but it at
least made things less awful.

Now... I'm not saying it would be easy, and I certainly don't have enough
hubris to claim that I could be able to design a solid, end-user friendly PGP
system by myself. But I sure as hell would love to be involved in building
one.

I try to imaging what the world would be if Google provided a globally
reachable and easily integrated (on client side) PGP key server pool.

EDIT: bulletpoint appearance

------
Create
PGP cannot encrypt the _“subject”_ header or metadata like the “timestamp”,
“to” and “from” fields.

[https://www.gnu.org/philosophy/no-word-
attachments.html](https://www.gnu.org/philosophy/no-word-attachments.html)

------
diasp
As an interim solution you can setup a secure contact form on your company
website like [https://encrypt.herokuapp.com/](https://encrypt.herokuapp.com/)
\- it encrypts the message before sending it to you.

------
loteck
From the perspective of this sysadmin: get Microsoft to build PGP into
Exchange, and integrate the functionality into Outlook. It would be the
tipping point you seek, perhaps the only one that exists.

------
dalek_cannes
We have had a similar discussion in the past:
[https://news.ycombinator.com/item?id=6663098](https://news.ycombinator.com/item?id=6663098)

------
nroose
IMO, the issue is that real security is inconvenient, and my email is just not
that secret.

------
bane
Absolutely streamlined interface where they have to do pretty much nothing for
it to work.

------
a3n
What it would take is to not have to know that you're doing it.

