Encrypted Email Is Still a Pain in 2017

Bristol-based software developer James Stanley, who used to work at Netcraft, shares how encrypted emails, something which was first introduced over 25 years ago, is still difficult to setup and use for even reasonably tech savvy people. He says he recently tried to install Enigmail, a Thunderbird add-on, but not only things like GPG, PGP, OpenPGP were -- for no reason -- confusing, Enigmail continues to suffer from a bug that takes forever in generating keys. From his blog post: Encrypted email is nothing new (PGP was initially released in 1991 -- 26 years ago!), but it still has a huge barrier to entry for anyone who isn't already familiar with how to use it. I think my experience would have been better if Enigmail had generated keys out-of-the-box, or if (a.) gpg agreed with Enigmail on nomenclature (is it a secring or a private key?) and (b.) output the paths of the files it had generated. My experience would have been a lot worse had I not been able to call on the help of somebody who already knows how to use it.

Re:Low Interest In The Public

[ruir]

The concept of using PGP is privacy in your private messages. That concept goes out of the window once google is managing your keys.

It's a pain because recovery has to be an option

[H3lldr0p]

People forget things all the time. At some point you are going to forget where or what the key is for your encrypted email, so what to do? Recovery of that key is going to be necessary. Which leads to an entire host of other problems, many of which are security related.

So yeah, until memory becomes infallible we're stuck with encrypted emails having a certain amount of pain that comes along with them.

Re:Tools and movements

[TWX]

It also has to be supportable. If joe schmoe loses all of his e-mail because of problems with remembering keys or keychain files then not only is he going to stop using it, he's going to continue to have problems with people e-mailing to him with his now-broken public key.

Given up

[Rumagent]

I have given up on GPG. It is a great program and in principle it is all you need. Until you have tried setting it up for your parents, spouse or friends.

It cannot and will not work. It is too complicated. The best solution I have come up with is using tutanota (others exists as well) . It is not perfect, but now must of my family use encryption without really realising it:)

Security requires personal attention.

[mmell]

No matter how dumbed-down you make it, ultimately security requires an intentional decision by the end user. Encryption is a highly complex subject and the instant you reveal this, nearly all end users don't just decide it's not for them, they decide it's no good at all.

Try talking your non-techie friends into a Linux desktop. Even after you show them that the "Start button" is right where they expect it to be, and that the email and browser clients work just like they're used to and that they can do what they've been doing as easily as they've been doing it, there will be concerns. It all falls apart when they say "Can I buy a disk and install my own software?" and you say "No, but here's an easier way to install software from a vast repository of packages", they're done. They don't even ask what's available or how it works, their eyes glaze over and they hold up a CD-ROM of Cute Kitteh Pics and proclaim that they can't live without that version of that software - and it has to look exactly like they expect it to look. Anything else might require their direct attention.

Now, back on subject - you say "encrypt your email". They say, "okay, how?". You install and configure it for them, you make sure they only have to click one button to encrypt any given email. They say "Cool! And my grandma will be able to read this, right?"

You start explaining how this will work. Their eyes glaze over and they say they'd like to encrypt emails to their friends when they discuss their legal but oh-so-risqué lives, but if they can't email grandma it won't work. It's too late to tell them they got it wrong because their eyes have already got that hundred yard stare thing going on. You made somebody think about something and rather than believe they can understand it, they take the easier path of not even trying.

Bottom line - you're not trying to teach a behavior, you're trying to change a behavior. I've go GPG implemented. It's completely unused because nobody I know cares. They're not afraid of the government reading their emails and they accept that Google, Apple and Microsoft won't do anything worse than target advertising at them. Even after I offer to make it one-click convenient for them, most of my associates don't want it.

Re:Only difficult because computer users are idiot

[wvmarle]

Let alone understanding the differences between key types, and why some are better than others. (like why you shouldn't trust the RSA algo.)

The end user has no need for understanding that. They even shouldn't need to care.

The only way we'll ever see e-mail encryption if it's as transparent as WhatsApp's end-to-end encryption or https transfers. The moment you have to bother the user with manual key management there's an issue. If the user has to choose what key to use, it's a disaster. He shouldn't have to know why to trust or not to trust RSA or other key algorithms. That's for the application writer to figure out, and only offer suitable protocols to begin with. Then why ask the user about different protocols? The developers know more about that, and I trust them to be better suited to make an appropriate choice than me who knows little to nothing about encryption.

I don't know what algorithm WhatsApp uses to encrypt my messages. I can read it, receiver can read it, no-one in between can read it. I'm good. Of course I have to trust WhatsApp to do it properly - I know there are really smart people all the time trying to break these things, and I have yet to hear about this having been broken even partly. That is enough for me as simple end user to get the feeling they've done it well. It's probably breakable, but it's for sure not easy, and they don't bother me with keyrings, secret/public keys, algorithms and other things that I know almost nothing about.

I like computers, have a strong interest in the subject, and I'm sure I know a lot more about all this than the average person. So if e-mail encryption is hard enough to make me not even bother, a lot has to be done to make it usable for the average Joe.

Re:Low Interest In The Public

[Kjella]

So really what you're saying is that the whole Web-of-Trust support needs a little more automation

No, he wants to scrap it. Completely. You just automatically swap keys and display it so you could verify it out-of-band or in-band and warn if it changes. And by in-band I mean that if you say something like "middle three of second group is the http code for file not found, please post it back to me" you need an exceptionally good AI or a live agent there to censor/rewrite it on the fly to match the MITM key even if it's technically not secure. Maybe you know each other in real life and you'll compare keys or make a phone call to confirm the code. Maybe you just agree to both tell a third party part of the code, that would still be hell to catch in an automated fashion. Basically, you'll do more if and only if it's important for you.

The point is, your opponent doesn't know if it's important for you. Your opponent doesn't know whether you have verified it. Your opponent doesn't know whether a new key will set off big red flags. You've made the bar to entry so low as possible, for the people who just click yes yes yes to every security dialog it won't really have any security. But if you're doing mass surveillance you don't know who the 99% who won't notice or care and the 1% that will notice and care are. The only way to avoid being caught regularly would be to not do it on a mass scale. And that's the battle we'd like to win. Activists and such that genuinely need a key vetting procedure, third party verifications and all that can still use GPG. But then the other 99% use no encryption at all.