In this age of brazen, warrantless wiretaps and never-ending data breaches, you'd think email encryption would be considered de rigueur. Alas, even among the digerati it's rarely given the time of day because encryption is seen as an exotic undertaking that brings more hassle than benefit. To be sure, incorporating a robust …
Good article but ....
While I am a big fan of email encryption to retain one's privacy, in the current climate here in the UK it is surely the quickest way to draw attention to yourself and potentially get slapped with the RIP Act 2000 (landing you in prison unless you hand over the keys).
It'll never work
Nice advert. However just as all the other times it's been tried it'll never work.
Simply because it requires everyone to upgrade at once.. and that's never going to happen.
If you send a mail to someone that doesn't understand encryption with this system they can't read it. x509 signed email is *much* easier for people to setup as it's built into outlook - and in the expermiments I tried people just assumed the email was broken when they saw the decrypt icon... 'something new to press' means 'broken' to non-technical people.
PGP encryption requires them to download something extra.. and again that isn't going to happen.. if it doesn't ship with the OS it doesn't exist for well over 90% of users.
What is taking off somewhat is having individual email servers communicating over SSL. I can see a day when that starts to become mandatory, thus solving the privacy issues.. but even that's years away.
It's too bad you did this article using GPG. The SSL solution is superior. GPG doesn't use a trusted third party (such as Thawte or VeriSign) to verify your identity. SSL is ultimately easier and more professional; you don't have to attach any funky-looking public keys to every message. With SSL, you get a certificate that most (if not all) contemporary e-mail clients know how to handle.
One of the reasons for slow up-take of email encryption is the mess of competing standards. PGP/GPG has proliferated plenty, but most major vendors support S/MIME. That gets no mention here ...
If it takes pages to explain how to use, no one is gunna use it. All the PGP stuff is just too complicated for most; even if you do pay loads of money for it.
Any how, how come PGP gets the free plug for their software? I'm sure that there are other folks out there with different competitive products.... Dan, you didn't get a little something on the side for this one did you?.... ;-)
Is that it is a two way street. Not only do you need the people you send emails to to encrypt them, you need them to be able to decrypt yours. As much as I'd love all my casual emails to be encrypted - the people I'm sending them too don't know anything about encrypting.
if you use linux
chances are you don't need a guide to use gpg. from what i remember, it's practically built in to most distros, because it's the kind of thing f4nb01s like. meh.
Nice article, simple article. Although I guess mentioning "checking MD5 sums" so cursorily in an article meant for newbies was a little problem.
"Jon Callas, CTO of encryption software provider PGP, likens encrypting email to wearing a seatbelt, which a few decades ago was so unpopular that many people only did when they were required by law to do so."
Yeah, except encryption is "harder". Wearing the seatbelt? One can just do it regardless of what other people do. Encryption, you got to make other people play along, you don't "just do it". It would be, stretching the seatbelt analogy, like having two cars going on a trip, and neither car being able to move until the drivers of both cars have their seatbelt on.
Finally an article on it :)
I have been giving out my public key for years now, and not one person has taken me up on it :)
It is in all my emails, it is on my website, I am kind looking forward to seeing what happens when someone does bother to encrypt to me or sends a public key so I can encrypt to them.
I think I have a couple of them, would be nice to get it signed one day as well, but hey I can wait.
Encryption does need to become the norm, it is a little hassle to setup but not too hard if you follow directions, and more importantly it is fun,
Why install anything?
You can get a Freemail certificate from Thawate which works out of the box with almost any e-mail clients. Even people stuck using IT managed computers can usually send encrypted e-mail with no more effort than receiving a signed e-mail from you.
The first key step is SSL or preferably TLS (SSL3.1+) for your data connections ([e]ssmtp, spop3, imap4 over TLS).
Implementation often only requires 'ticking the box' in account settings and it will protect you from casual traffic snooping.
no trusted third party and GPG malware presentation
GPG == no trusted third party for keys == security theater.
Leave GPG for hobbyists, and students of information assurance.
Good article. Want to use GPG? Good! There has been malware waiting for your keys for at least 9 years!
My coat is the one with the Alfred E. Newman GPG key pair in the pocket.
Enable STARTTLS In Public-Facing MTAs
You should find that a number of hosts, especially M$ Exchange, are by default attempting STARTTLS against hosts they find it advertised on. So, if you run an MTA and happen to have a certificate in use likely to be trusted by M$'s highly-paying customers (I.E. the certificate issuers they've let into their OS) then go ahead and enable STARTTLS and present it. (Enabling STARTTLS without such a certificate isn't advised because you risk losing mail from such mailers - they'll try STARTTLS, fail, then bounce; other hosts may or may not yield to failed verifications, and many may include the lesser known certificate issuers like cacert.org where M$ do not.) That should facilitate transparent cross-border encryption and verification without end-user help.
7 bloody pages?! Do you really think I can be bothered?!
Email getting "lost" is one of those things talked up by security companies to sell products, not something that happens all the time.
Email clients that self sign messages by default would at least be a start.
Companies are going to have to start doing this internally before the masses start doing it.
Mine is the one with the 10251 bit key
Oh dear lord ...
So ... after studying the basic principles of security, and considering RIPA and the rest you decided:
"The best idea is to save the key to a USB thumb drive and then stash it in a secure lockbox (along with your passphrase written out)."
Umm .. color me stupid ... but of all the possible things in the world you might want to store with a copy of your private key is your passphrase?
I was wondering if it was the worst possible thing to do, but, after a few moments thought, I decided storing the passphrase in a planintext file somewhere on disk would be dumber .. but 9/10 for finding the 2nd worst idea right off the bat :)
Paris. because only she would be dumb enought to write down her passphrase.
Trusted who now?
I had a good laugh at Toby Richards' post about GPG not having trusted third-parties like Verisign! If you trust Verisign then you may as well give up now.
Any system which depends on the integrity of a third-party - especially one motivated by profit - is of no interest to me.
If you want secure and mass-level communication then you need something better than is currently available. As things stand you need to decide who you're communicating with and make special arrangements with them individually - preferrably involving face-to-face contact at some point.
If you want "securish" then there's lots of systems which will do it, including SSL and GPG.
7 pages of advertising
I can't be bothered to read 7 pages of anything, let alone something that starts out sounding like advertising.
All of my email servers support starttls and tlsmta (for OE users on port 465).
I tried s/mime years ago and sent an encrypted message to a technical colleague who responded with something along the lines of "I didn't know what that icon was for... I assumed you'd sent me a dodgy attachment"... I figured that if that's a techy persons response, the great unwashed masses don't stand a chance!
Treat email like postcards and you'll be fine. If you want to send something confidential or secure, use something designed for it (VPNs through to _encrypted_ CDs by courier)
mailserver domain based pgp please
Shame I can't find server based pgp with a cert for the domain and messages encrypted/decrypted at the final server. One key for a whole domain/subdomain will do for business users - at least to start with.
The problem with pgp adoption for business users is the overhead, management for each user and internal archiving/search issues. Internal openness is ok and in most cases a necessity to getting work done.
One of many nay sayers:
"Is that it is a two way street. Not only do you need the people you send emails to to encrypt them, you need them to be able to decrypt yours. As much as I'd love all my casual emails to be encrypted - the people I'm sending them too don't know anything about encrypting."
The point is that if you have anything you want kept secret, you wouldn't tell some people if they had access to the best coding machinery going. If you need to keep your business private you will only be sharing passwords and keys with people who are like minded.
A man would be a fool to do other than meet face to face to exchange such details as are required to decrypt any such messages. And as for trusting third party sites, would you trust the government?
Not many would but plenty would trust a third party?
email in Welsh.
@TLS - absolutely
It was one of my projects at a major software company, getting TLS set up from our domain to all the outsourced services domains (payroll, P11d's, benefits, for all employees as well as commercial relationships). In the end it was quicker, cheaper and easier for ALL email from our domain to be enctypted en-route to the partners (and back), than individual smartcard certificates working reliably between individuals. This way we had to trust the internal networks as non-hostile, and just the internet leg of the journey as hostile, which is the most likely scenario, after all.
It wasn't nearls as straight-forward (sadly) as just ticking a couple of boxes, partly down to the way the company was structured, and having to get techies from both companies talking and agreeing, and working across multiple technical platforms - but absolutely worth it. I was stunned at how 'cutting edge' this was considering this really really ought to have been done once and for all 10 years ago...
The real solution
Setting up encryption for email is just too difficult today. This means most people will not do it which means you will not be able to send encrypted messages to them. How can this problem be solved?
Use TrulyMail instead of email. To encrypt your messages you just add encryption to your account and then every recipient can receive and read your encrypted messages.
It must be this easy for the public at large to start using encryption.
Passwords and encryption
I recently had to send some data out from work. Due to the nature of the data, the ZIP was encrypted with 256 bit AES, and was password protected. This e-mail was then promptly stopped by the IT department for contravening IT e-mail policy by containing a file that was either encrypted, or password protected.
I don't know why I bother.
Beth sy problem gyda e-bostio yn Gymraeg?
Dw i'n mynd o pwb nawr am un cwrw, ond pump.
Never put anything in an email you wouldn't want your mama to read and never put anything in an email you wouldn't want published in every rag (hard copy or cyberprint) for the world to see.
Same goes for wireless communication come to think of it.
It's a tough life requiring others to compensate for irresponsible behaviors.
And this is why so few people use encryption
A simple 7 page tutorial on how to set up and send encrypted email? No, a "simple" tutorial is 1 page.
The problem is another application needs to be installed, a plugin needs to be installed, and these need to be understood to use them.
When Thunderbird is supplied out-of-the-box with email encryption, and it's a click box item to use it, it will get some mileage. Until then, it's definitely a niche thing. I speak from experience having used this setup before. It's a pain to use. Not difficult, just a pain.
So you start from the premise that it isn't really a hassle and then take seven pages to explain it, which invalidates that original argument.
The best advice is not to send anything even approaching the confidential by email. There are other much more secure ways of transferring confidential information these days.
Have to agree - it's too complex
I've just tried installing GPG on a new Linux box, I followed the instructions and what happens? The make file doesn't - well - make. The error is unintelligible to me, I have absolutely no idea how to fix the problem and so my machine goes without protection.
The suggestion above that Thunderbird needs to ship with this sort of security out of the box is an excellent one. Install it (preferably with a click interface) then follow the one-off wizard to set up protection.
What a bunch of moaning minnies
the good man from sanfran takes time out to write an interesting article, and it is just complaint, after complaint.
I don't know, obviously not into secure comms now are we.
And Dennis with his omen of doom, well as they say round here; put up or shut up, let's see this mythical GPG 'malware' then.
@AC: "What a bunch..."
In response to: "And Dennis with his omen of doom, well as they say round here; put up or shut up, let's see this mythical GPG 'malware' then."
Next time, please do some cursory research before flaming.
First, actually click on the link in the comment before writing your own comment.
Second, I would recommend using Google to search for relevant keywords.
If your searches are thorough, you should come up with some interesting stories surrounding the recent Chinese cyber activity against the Falon Gong and Tibetans.
Otherwise, nice use of a semicolon.
Send paper mail...
Great info, but only for the geeks
It's hard enough getting the casual internet user to setup a POP3 account, let alone encrypt their email.
Far better to encourage people to be discreet and treat email as if it was a public discussion.
If you could hammer home to casual net users that their email is more akin to talking in a crowded room than a private conversation, perhaps they would get the message.
If you want to send sensitive information to someone, take a leaf from the governments book and send it on disc via the Post Office.
I don't understand all these dudes dissing on PGP/GPG. The damn standard has been around for so long it is pretty much used in most sensible secure apps. If you wanted, you could also get your PGP public key signed by a CA and get your own X.509 cert. Hell, I think the OpenPGP standard even predates all those other implementations!
Hushmail uses the OpenPGP standard. If I want to do secure e-mail with Hushmail users, I need to use that.
And PGP Desktop isn't that hard to use for the Windows sheeple. Just buy, download, install; the Outlook plugin is included. It is really more about how much users care about privacy; those who don't care, well, they deserve getting their e-mail read.
Did any of you actually READ the article?
Whine whine, moan moan, I have to read more than a few paragraphs, it's too hard, oh boo hoo sob sob. My edjukayshun was poor and my brane hurtz0rz.
Seriously. I hadn't really gotten into PGP or encryption in emails, and this made me start thinking. So I read it (all seven pages! Gasp!). You know, they're quite short pages, with only a little text, and I'm sure mostly broken up because of the HUGE FUCKING OBVIOUS GRAPHICS. Knowing that, I'm sure that a few of you could go back and maybe struggle through those seven entire pages. It'll be hard on your little minds, but I'm sure you'll manage somehow.
Seriously folks, coming from a background of not having used this, I read (quite quickly) through ALL SEVEN PAGES DEAR GOD and got it working. Ten minutes later and I've got the option to send and receive PGP encrypted email. I know it's not everyone's cup of tea, and there are other options available, but seriously, all this fuss, particularly over the structure of the article? Pathetic.
It ain't gonna happen
Like others have said, non-technical users aren't going to manage all this stuff. I avoid sending sensitive stuff by email, much as I avoid sending cash in the post. If I really have to send something sensitive by email, I Zip it and then phone the recipient to give them the Zip password.
Missing the point.
I use GPG on Thunderbird (via EnigMail) for one simple reason: I need to be able to *sign* some emails.
Couldn't be bothered encrypting them, though; what I have to say isn't that "hush-hush", but it has to be able to be authenticated.
No title require - just a few thoughts ;-)
I am in two minds regarding email encryption. I sometimes think of email in the same way that I do of the telephone. When I make a call, I know that my call is not encrypted and that anyone with the proper authority or equipment can listen in. But I still use the phone every day. Why? Because I know that just about any conversation that I have on the phone will be of little interest to anyone.
Same with my emails - routine, day to day emails that I send contain precious little that would be of interest to anyone, other than the recipients.
But, as we all know, times they are a changing. From what has been happening in the UK and elsewhere it is evident that your daily mundane, inconsequential emails are almost as likely to be read and stored as those emails being sent from the middle east to the UK, complete with references to explosives, weapons etc ;-)
So, what to do? AC's initial point about drawing attention to oneself is valid and doesnt require expanding upon. I like the idea of the dead letter drop. :) It has a certain romanticism about it, that we dont get in sending encrypted emails. Or perhaps and Ipaq-rock, like the one busted in Moscow ;)
I used to work on the crypto side of things years ago for the army. I find the subject fascinating. I read the very short 7 page description hhere and within 10 mins was up and running. Now, all I have to do is 1. find a reason for using encryption in my emails and 2. find a friend who uses encryption.
Email encryption - its a double edge sword for the ordinary user.
probs with GPG + Enigmail
Installed it a couple of years ago. Found its behaviour confusing and it would pop up baffling questions now and again which I couldn't understand. Will try it again, but it wasn't fun.
I set GPG up some time ago but I've yet to find anyone outside my technical acquaintances who either a) noticed or understood the public key, or b) cared.
This is going to take time. Quite a lot of time.
Why should I trust thawte or verisign? I can promulgate my public key my self.
That said, my Mom and Dad and two of my siblings would have a hard time dealing with GPG or the KDE and Gnome and Windows front-ends' 'accept key' dialogs.
Fundamentally the problem is education.
Any article that promotes encrypted mail gets my vote in this snoop on thy neighbour, privacy challenged age. That said, I've had PGP installed for what seems like forever and very, very rarely does it get an outing, due to the incomprehension from my less tech savvy contacts. Sadly, it's just not going to happen until it's actually built in to email clients and enabled by default. And I really can't see government leaning on MS etc to encourage that.
Still sending naked emails?
I'm not sure but I do know that I'm not receiving enough!
Re: Bad Analogy?
Too true, but I don't think you've gone far enough.
To me this reads like that, but you then find that the seatbelts are provided in a box in the boot and you're expected to provide your own spanners, in Whitworth sizes, to fit them first.
Oh and the Outlook plugin only works with 2003? That one's where the Ford seatbelts only fit MKIII Cortinas. Epic FAIL.
Oh and German only manuals? How risible. You want takeup? Try getting to a release quality product first.
To the best of my knowledge, I have never used a seat belt that only works if every passenger on the road is also wearing one.
Thanks for the article
I've been meaning to write something similar for friends, practical, step-by-step and idiot-proof. Instead I think I'll just link to this one.
Do people even know how insecure email is? I think with the recent talk of a government database for everyone's email, people are more open to taking these precautions.
Even if you don't think you'll use it, it's polite, innit? If someone wants a discreet word with you, you don't loudly refuse to move from your open plan cubicle to a private room, do you?
And how on earth can you "advertise" programs that *cost* *nothing*?! GPG, Thunderbird, Enigmail are all free and make a pretty winning and easy-to-use combination, in my experience.
PS watch for a key-signing party in Glasgow early next year :)