[liberationtech] The quest to make encryption accessible to the masses (Wired UK)

Sat Dec 14 22:11:09 PST 2013

http://www.wired.co.uk/news/archive/2013-12/13/cryptography

The quest to make encryption accessible to the masses

13 DECEMBER 13  by CHRIS BARANIUK

It's been two years since Nadim Kobeissi unleashed his user-friendly,
feline-themed chat software, Cryptocat. At the time, Kobeissi felt
that there wasn't exactly a great deal of enthusiasm for his program.
"Two years ago not a lot of people cared," he comments. But times have
changed. "Now a lot of people care."

Kobeissi's challenge, to make encrypted online messaging
user-friendly, has long been a bugbear of the crypto community.
Apaper, written in 1999, demonstrated that the encryption program PGP
completely baffled most users in a series of tests. The study, now
fourteen years old, is still frequently cited today as a
long-unanswered call to arms.

And even though the level of security offered by PGP is slowly
becoming more accessible thanks to initiatives like the Enigmail
Project, for most people it's still too esoteric and finicky. The
challenges for making encryption more user-friendly are often referred
to as UX headaches which many view as being more or less
insurmountable. Indeed, those who publicly advocate better interfaces
for encryption feel that they represent a small minority within the
wider crypto community.

Meanwhile, Cryptocat is booming and has recently been joined by new
services like private social network Syme and Android apps such as
TextSecure and RedPhone.

A market for this stuff is clearly burgeoning. That web users worry
about their privacy is something that's frequently picked up in
studies, such as this one, published last month by the European
Commission. For example, 70 percent of respondents were, "concerned
that their online personal information is not kept secure by
websites".

Could encryption offer better peace of mind? Kobeissi says that
Cryptocat is now clocking 16,000 users per day and over the last two
years he claims to have received countless stories from non-expert
computer users who tell him they've benefited from his software.

"There's a person who sent me an email to say that they used Cryptocat
to talk to their parents, who are in Iran," he explains. "They said
that they think Cryptocat is the only way that they can communicate
with their parents, but sadly it has just been banned in the country
-- which is kind of nuts."

The software's success is all despite a serious bug in the encryption
algorithm which was discovered over the summer. "That was really bad,"
admits Kobeissi, but he assures Wired.co.uk that subsequent audits of
the program have affirmed its integrity.

[...]