[liberationtech] 15 years later, why can't Johnny still not encrypt?

[coderman]

On Thu, Jan 16, 2014 at 4:36 AM, Mick Fuzz <mickfuzz at clearerchannel.org> wrote:
> ... try this out, it's as close as I could replicate the
> experience of talking someone through it.
>
> https://p2pu.org/en/groups/encrypt-and-sign-your-email/
>
> other version as 'work book on http://flossmanuals.net/thunderbird-workbook/

this looks useful and interesting; i'll continue to review as time permits!



> The key is that you get a chance to download and send an email to a real
> human (me) and get a reply saying it worked.

this helped in some but not all (specifically not two) experience i've
had performing same over a voice, screencast, or video conference
system.


as an experiment in the other direction, i attempted to make sending
an encrypted mail as difficult and confusing as possible.

i made a key:
- with a creation date that was clearly invalid
- with an identifier not tied to any email address or stored in any keyserver
- with a cipher suite known to cause compatibility issues (3k DSA)
- with a comment that would do nothing except leave you head scratching...
 , and requested an encrypted email to it for chance at bitcoins.

results:
- 63 successful players
- 3 failed attempts
- 1 anon recipient! (extra credit :)

however, zero successes from few who attempted to reply to a reply.
almost every email client tested will reply to a previously encrypted
message in plain-text without any obvious indicators if the recipient
key does not match one previously stored. see above-^


best regards, and thank you for your efforts improving privacy! you
should create a coin tipjar or donation address :)