[liberationtech] 15 years later, why can't Johnny still not encrypt?
Julian Oliver
julian at julianoliver.com
Wed Jan 15 11:30:10 PST 2014
..on Wed, Jan 15, 2014 at 06:54:49PM +0000, Tempest wrote:
> Lars Luthman:
> >
> > I don't think it's about UI issues anymore, simply about the lack of a
> > critical mass and the move to webmail. Webmail operators, who by and
> > large are also ad mongers, have zero interest in providing tools for
> > client-side encryption since that would prevent them from analysing the
> > message content and use it for targeting ads.
>
> that may be part of it. but, when i do have to walk new users through
> getting gpg and enigmail up and running, they often complain about it
> and would otherwise give up if i didn't insist. whether that speaks to
> the tech itself or the desire for instant gratification by users is a
> matter for debate.
True. I wonder if it's then better to get a little forceful with email security.
Afterall, we don't complain about being asked to set a password when setting up
a computer or new OS install. Perhaps we wouldn't either when setting up
security for email..
Webmail aside (a tricky one indeed..) mail client vendors could integrate PGP
into their email account setup process, asking for a passphrase and generating
keys in the background. It could even opt to export those keys to a keyserver.
Once their email account is set up, the user is prompted to encrypt or sign
their emails each time they are about to send them, unless explicitly choosing
to disable that warning (just like we see with 'Remember this password?' in
Firefox).
This of course would make GnuPGP etc a dependency for installing that particular
mail client. It would be great to see Mozilla take this on with Thunderbird.
Cheers,
--
Julian Oliver
PGP 36EED09D
http://julianoliver.com
http://criticalengineering.org
More information about the liberationtech
mailing list