

I just had a revelation about email encryption... - Ixiaus

This may be old news to some, but I've been pondering <i>why</i> it is so annoyingly difficult to get anyone other than my computer literate friends/acquaintances to use PGP email encryption for important transmissions. There are obvious chicken and egg arguments about why, but I think it is slightly deeper.<p>The situation reminds me of the earlier Renaissance period when the intellectual elite (Da Vinci et al.) devised simple encryption schemes for writing correspondance. Or the mirror writing technique...<p>It's always been this way; and always will be. The layman will simply <i>never</i> use the tools (even though they are remarkably simpler and more straightforward than they were in the 1800's) available to them because they aren't convenient and it requires an investment in learning to use those tools and the nomenclature associated with it...
======
anigbrowl
I disagree - you are right that convenience is the issue, but wrong to assume
that will never change.

What's needed is that Alice, who knows nothing of crypto, gets mail from Bob.
It's encrypted, but there is a reassuring icon of a padlock or something along
with a simple plaintext message from Bob, a la 'Hi Alice - Bob here. I've
decided to start encoding my email to keep it secure from prying eyes on the
internet. I use a reliable free service called (something cool). You can
install it in about a minute by clicking on the icon, and after that
everything is automatic. If you're not sure, just give me a call and I'll
confirm it's legit. your friend, Bob'.

People are _totally_ willing to install stuff and recommend it to their
friends as long as it's simple and transparent in operation. Most encryption
systems haven't been, because most crypto nerds are skeptical of anything that
doesn't expose its functionality...whereas most ordinary people don't want to
know how it works, they just want to know that it does and that it's safe.
Frankly that's why I don't bother using crypto right now, my academic interest
in it peaked when PGP was new and I was passing the code around and joking it
was classified as a munition. but since nobody has broken into my mailbox in
the last 20 years, I can't be arsed to stick public key blocks at the end of
every message and have people assume I'm paranoid or, to do tech support for
my relatives.

If you like crypto and think more people ought to use it (which I agree with),
maybe a gmail extension would find an audience.

------
jwegan
I think it is also about the fact people already feel their email is secure
enough. To get to your email a hacker would already have to break into gmail
or your network (or one of the servers your email passes through).

Also email has been around a long time, but the main way of getting someones
email is still break into someone account by phishing for their passwords. If
the attacker logs in to gmail using your own password, encryption is not going
to help (assuming you're envisioning a gmail that does automatic encryption of
email and must decrypt it when you view your emails in your browser).

~~~
Ixiaus
It is less about a hacker breaking into my account and more about protecting
sensitive transmissions from _all_ prying eyes; including those that are an
occurrence of government subpoenas/warrants.

------
inerte
It's really not about email encryption only. None will ever do anything if the
reward is not sufficient.

~~~
Ixiaus
True.

