Slashdot Mirror

← Back to Stories (view on slashdot.org)

Do Slashdotters Encrypt Their Email?

Posted by Unknown on from the translate-it-to-navajo dept.

An anonymous reader writes "Many years ago when I first heard of PGP, I found an add-on that made it fairly simple to use PGP to encrypt my email. Despite the fact that these days most people know that email is a highly insecure means of communication, very few people that I know ever use any form of email encryption despite the fact that it is pretty easy to use. This isn't quite what I would have expected when I first set it up. So, my question to fellow Slashdotters is 'Do you encrypt your email? If not, 'Why not?' and 'Why has email encryption using PGP or something similar not become more commonplace?' The use of cryptography used to be a hot topic once upon a time."

28 of 601 comments (clear)

  1. No by Anonymous Coward · · Score: 5, Insightful

    Nor does anyone else. Unfortunate, but true.

    1. Re:No by Anonymous Coward · · Score: 5, Interesting

      I think it's largely pointless anyway...

      Most people (myself included) use a web based email client, where the plain text form of the email would be easily snatchable by the one party with any likely chance to actually intercept an email.

      Cryptographic signing has a place, but even that falls into the cryptogeek fantasy realm, but If you're into that sorta thing.. you can always join the Debian community.

    2. Re:No by ZorinLynx · · Score: 5, Funny

      "cryptogeek fantasy realm" indeed. Reminds me of this comic that tells it like it is.

      http://xkcd.com/538/

    3. Re:No by EdIII · · Score: 5, Insightful

      Most people are lazy and don't feel they have the need to encrypt their communications. If they are willing to post the shit they do on Facebook, they are already a lost cause from a privacy/anonymity viewpoint.

      Setting up email to send encrypted payloads is not easy for most people, and the people that know how, quickly lose interest after spending an hour to set up one person.

      Now, all of my emails *are* encrypted, and not just in transit. I use a special IMAP connector for Outlook that encrypts all traffic with SSL to the mail server. The web portal for my email server is encrypted with SSL as well. Where *possible* my mail server will negotiate a secure connection to a remote server, but that is pretty damn rare. On my personal computer the message store is located on a TrueCrypt drive, so if my computer is lost or stolen, I am not worried about the message store, which is temporary anyways since the email is stored on the server.

      All of it is pointless if the other party is not doing the same exact thing, which is most of the time. So I never send anything in the clear that I don't want analyzed, categorized, and used by private corporations and government.

      For correspondence that needs to remain secure I usually set up an email account on the same server. That way everything is encrypted down to the message store and emails sent between domains hosted on the same mail server are just internally routed.

      This is the same reason why truly secure phone calls are next to impossible in systems that must be able to perform call setups to any other phone. Too many intermediary points that cannot handle it. ZRTP, while interesting, is a long way from implementation, and will never address insecure endpoints like landlines and cell phones.

      It's the other end that is problem, just as you say, but it is also the points in between. As long as there are free services that won't waste the CPU cycles to negotiate encryption between mail servers, it does not make that much sense.

      Bottom line, I am secure where I need to be, not through encryption specifically, but choosing what I say, when I say it, and what communications medium I choose.

    4. Re:No by mellon · · Score: 5, Insightful

      Turns out that a lot of email leaks to typo domains. So in fact encrypting the email would have been a really good idea in these cases.

      The reason encryption hasn't taken off is that it's not done by default, and can't be enabled by clicking a checkbox.

    5. Re:No by Hadlock · · Score: 5, Interesting

      I wonder; if I am using gmail, and send an "email" to another gmail user -- both users are required to use https to connect to gmail, does that mean we're in effect using encrypted (RC4_128 according to gmail/chrome) email?

      --
      moox. for a new generation.
    6. Re:No by Vrtigo1 · · Score: 5, Informative

      Not entirely - as you pointed out SSL would secure the connection between the your computer and your server, however the connection between your server and the remote server, as well as the connection between the recipients computer and their mail server would remain unencrypted, so effectively you only have encryption on 1 of 3 links.

      Message encryption makes transport encryption unnecessary. I.E. you don't care if someone grabs the body of the e-mail because it's useless if you can't decrypt it. Although I do recognize that I, along with most of the rest of the world I think, consider e-mail an inherently insecure communication tool and treat it as such. If you need to send something secure through e-mail, throw it in a password protected rar file and send it as an attachment.

    7. Re:No by PopeRatzo · · Score: 5, Funny

      Nor does anyone else. Unfortunate, but true.

      Are you kidding? I don't even talk to my wife without a Feistel cipher. My daughter's first words were via a one-time pad.

      We're careful in my house.

      Did I ever tell my story (this part is true) about the Bletchley Park alum that my wife worked with when she first got a tenure track position? I don't want to use his name because he passed not too long ago, but when he had office hours for his students, he'd show up in pajama bottoms with burnholes from the pipe he always kept stoked in his mouth. He was a sweet old dude, but you'd wonder how he made it out of the house every morning. In his final few years he was convinced that someone was out to get him and eventually it turned into unnamed Jews who were planning his demise. He was a British subject and there were stories of the stuff he did a Bletchley during the war when he was like 17 or 18 so what do I know? Maybe the Jews were out to get him.

      Anyway, naw, I don't encrypt anything. I have a hard enough time communicating in open text. All of my passwords are my dog's name. I just say the opposite of everything I mean to throw off the New World Order. So when I email my wife, I'll write, "Don't meet me at the 5:10pm train and don't pick up my shirts at the laundry." Neat, huh?

      --
      You are welcome on my lawn.
    8. Re:No by Oswald · · Score: 5, Informative

      I believe that would be a "no" unless you consider parading your message past Google, who probably keeps a bigger file on you than any other entity, private. And it might be a worse than that--saying it's only Google that sees the message assumes that Google doesn't decrypt the message in one facility, send it from that data center to another in the clear, then re-encrypt and send to your recipient. Whose to say your mail server is in the same facility as his just because both accounts are with Google?

    9. Re:No by Anonymous Coward · · Score: 5, Funny

      Anyway, naw, I don't encrypt anything. I have a hard enough time communicating in open text. All of my passwords are my dog's name. I just say the opposite of everything I mean to throw off the New World Order. So when I email my wife, I'll write, "Don't meet me at the 5:10pm train and don't pick up my shirts at the laundry." Neat, huh?

      Same here. The only problem is that our dog does not come when I call. It seems that dogs have a problem recognizing names that are 41 random characters...

    10. Re:No by Pi1grim · · Score: 5, Interesting

      There is also that: most of people I communicate with use GMail and as the message does not leave the server and server-client communication is over ssl, so it eliminates the third, unencrypted link in the communication chain.
      As for GPG — only a small percentage of even IT inclined people I know have bothered to generate a key and setup encryption/decryption solution. Mostly those, that have to deal with very sensitive material from time to time.
      Although there is a government issued smartcard that allows for a widely adopted solution for asymmetric encryption that has software mostly on every computer, which kind of makes the situation a little better (I don't have to get into details explaining about the encryption, public and secret keys or explain how to install the software). Keys are government-issued opensc compatible crypto cards, pubkeys are available online if you know a person's name. So in case of emergency I can always encrypt files with that, given that almost everyone has them now.
      P.S. That is about Estonia.

    11. Re:No by wanzeo · · Score: 5, Insightful

      I am tired of seeing this comic used as a dismissal of encryption, it is a joke. If you actually think someone is going to drug you or hit you with a wrench, then you have reached a level of paranoia far more ridiculous than the idea of using 4096 bit encryption.

      I use the very user friendly disk encryption that the Fedora installer provides, and I feel much more at ease taking my laptop out in public.

      As for email, no I don't encrypt them, but I might be willing to learn if the summary had more info than a wikipedia article for PGP.

    12. Re:No by jakuaii · · Score: 5, Informative

      The main problem with OpenPGP on mail for me is that due to the unique key per recipient, if you add more than one recipient or cc, you have to encrypt the mail for each and every one of them. If you add some attachments it's pretty sure that you will hit the maximum allowed mail size of some mail server along the way.

      Uh, no. It's called "session keys". The content is encrypted with a random number (the session key), and this random number is in turn encrypted with the recipients' private keys. As the content is usually compressed too before encryption, the result may even be a smaller e-mail than without...

    13. Re:No by neyla · · Score: 5, Insightful

      Indeed. This argument does nothing to diminish the usefulness of crypto.

      Yes people can force you to do various things, but the likeliness of that is lower than the chance that they'll do the same thing secretly if they can get away with it.

      Just because someone can hit you with a wrench and take your card-key, it doesn't follow that locking your house is useless. Just because someone can hit you with a wrench until you give up your PIN-code, it doesn't follow that having the card be pin-protected is useless.

      That something doesn't protect against -all- threaths, doesn't make it useless. It's still useful if it protects against *some* threaths.

    14. Re:No by DarwinSurvivor · · Score: 5, Insightful

      *The old rule that if they have physical access to your machine, your software security is already nullified

      That depends on what you are trying to protect. No, software will not prevent them from controlling the machine, copying the HDD, etc, but it CAN prevent them from being able to USE any of that data. Encryption is the ONLY weapon software has against physical access, but it's a VERY effective one if used properly.

    15. Re:No by growse · · Score: 5, Insightful

      Interestingly, the comic isn't making a commentary on the usefulness (or not) of cryptography. It's making fun of people who don't properly evaluate all their threats when they design security systems.

      --
      There is nothing interesting going on at my blog
  2. well by hjf · · Score: 5, Funny

    I don't. I use GMail. I might as well use "1234" as a password.

    1. Re:well by NonUniqueNickname · · Score: 5, Funny

      May I suggest changing your password to "12345"? It is an order of magnitude safer.

    2. Re:well by s4m7 · · Score: 5, Funny

      So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!

      --
      This comment is fully compliant with RFC 527.
    3. Re:well by Haeleth · · Score: 5, Insightful

      The 4-digit PIN normally only applies to buttons that you push with your finger, where brute-force attacks are not really an option. If your bank has ATMs that permit 10,000 attempts before they swallow the card, or uses a 4-digit PIN as a password for their online services, I suggest you take your money elsewhere.

  3. No. by Alrescha · · Score: 5, Insightful

    Slashdotters who know enough to have encrypted such things simply don't send that sort of thing in email.

    A.

    --
    ...bringing you cynical quips since 1998
  4. I don't use it for the encryption by digitalderbs · · Score: 5, Insightful

    I've been using PGP for a few years, and on the odd occasion, I'll send an encrypted email to myself. Part of the problem is that no one knows how to use PHP. I've been sending email to thousands of people in an academic setting, and I've only encountered one other person using PGP.

    The reason I keep using PGP, however, is because of digital signing: there's a good guarantee that signed messages were actually sent by me. Headers are fairly trivial to spoof. With PGP, a 'hacker' can only impersonate me if they have access to the private key, which requires physical or ssh access, and he or she must be able to decrypt that key.

    That said, I wish more people would encrypt their messages. This should be a no-brainer in a lot of fields, including human rights and for health and human services, and I think the barrier to commit to email encryption is still too great.

  5. Re:Why would we? by xpwlq · · Score: 5, Insightful

    Does anyone here encipher their paper mail?

    No, but I also don't leave the envelopes unsealed either.

  6. and then.... by lkcl · · Score: 5, Insightful

    @BEGIN PGP SIGNED
    ... facebook happened.

    @END PGP SIGNED

  7. I don't by Anonymous Coward · · Score: 5, Funny

    If I encrypted it the government would start reading it.

  8. Re:No (First Post?) by flaming+error · · Score: 5, Interesting

    I was negotiating a mortgage a few years ago, and the bank happily was transitioning from faxes to email. So I sent them all the somewhat sensitive docs they requested, encrypted by hushmail/web. I sent them decryption instructions out of band.

    The pretty simple decryption procedure baffled the hell out of them, at first. Then they figured out it was a great excuse to delay the loan. After a few weeks they came back saying they couldn't follow the hushmail retrieval procedure because they had no internet access.

    Finally I just faxed everything.

  9. I DO, like every DD by GPLHost-Thomas · · Score: 5, Insightful

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160

    Like every of the ~800 Debian developer in this world, I do use
    encryption, and know how to handle PGP keys. My private key is encrypted
    in a dm-crypt partition of 2 of my laptop, and I have a revoke
    certificate handy burnt on a CD. My GPG fingerprint is also written on
    my business card, so that everyone who I met can fetch my private key
    from any of the major key servers, and check its fingerprint. My public
    key is signed by about a dozen different people, mostly other Debian
    developers, which is a strong "web of trust". If everyone was printing
    his GPG key on a business card, I could also send encrypted emails, but
    I've seen only other DDs doing it.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.10 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iEYEAREDAAYFAk7wBSAACgkQl4M9yZjvmklYVACfXYV3ncJnZuKosZJ8k0ZSzc3t
    SpQAn0eYtQCIrQeTcBgA1b+Yz58OVqCJ
    =EQHO
    -----END PGP SIGNATURE-----

  10. Very rarely, alas. by gessel · · Score: 5, Informative

    I use GPG/OpenPGP for some mail and "secure" web mail for other applications. I do not use third party web mail (such as gmail) because I can't control the dissemination or privacy (or longevity) of my mail and while my life is generally boring enough to fit within Eric Schmidt's idea of privacy ("If you have something that you don't want anyone [someone] to know, maybe you shouldn't be doing it in the first place [at least not though a google property]."), I occasionally write a personal opinion of someone I wouldn't want them to be able to Google later or share a business detail that could be economically damaging or embarrassing (or is subject to NDA) and gMail and all other web mail services are effectively public.

    I've used PGP (and eventually GPG) since about '94 and my keyring has about 20 people on it: more than 1 new key a year! Alas, 25% of those keys expired in the late 90s. My address book has about 1500 entries. Why so few keys? As the OP pointed out, it isn't all that difficult.

    The answer for me is that the model for encouraging encryption has to be more like S-WAN than GPG-like. I'd love to turn on "encrypt everything" and forget it, but I'd get an error message for 99% of my correspondents, so obviously that isn't going to happen. So I set my prefs to reply to encrypted messages with encryption, which is fine, but it means I rarely (almost never) initiate an encrypted thread.

    What I'd like is an opportunistic encryption mode where any message to an address in my keyring is encrypted by default. Any message to anyone I don't have a key for gets a nice little .sig file with a brief notice that their mail is insecure and effectively public and a link to further instructions for getting GPG set up.

    One annoying problem is that encrypted mail is not searchable. To solve that, I want my client to extract a keyword list on decryption then upload that keyword list to (my own) server as an unencrypted header to enable searching (implemented, of course, with a stop list for words you wouldn't want to appear in the clear even out of context or perhaps particularly out of context).

    For the truly paranoid, this list could be a hash list, though you could still fairly effectively dictionary hash fish, but it would provide some security and reduce the easy availability of information. In fact, all headers could be hashed and still generally be searchable (except maybe date ranges).

    I also want my server to store my public key and encrypt all incoming mail with it. Of course it is already transported in the clear, but it makes my server less vulnerable. Once the mail has had an index extracted and the body encrypted, someone cracking into my IMAP server would, at least, not find a historical trove of clear-text data. And my friends without keys would get annoying sig files evangelizing encryption.