[liberationtech] A guide to Email Self-Defense, from the Free Software Foundation

Jonathan Wilkes jancsika at yahoo.com
Thu Jun 5 23:51:46 PDT 2014 

On 06/05/2014 06:19 PM, Zak Rogoff wrote:
> Hi all,
>
> https://EmailSelfDefense.fsf.org
>
> We just released this guide to GnuPG with Enigmail and are quite happy
> with it. Thanks to all of you who gave feedback on the draft. More is
> welcome :).

I appreciate clear guides like this one.

I have one criticism and one comment.

Criticism:
You do not adequately warn current webmail users about the inconvenience 
of pinning the content of their encrypted messages to a single machine.  
Every encrypted message they send or receive is a message they cannot 
access on their other devices.  This could lead to a self-defeating 
process where the more work a non-technical (or not very technical) user 
does to encrypt the content of their messages, the harder it becomes for 
them to generally access or manage their data.  And because the setup 
doesn't protect them from metadata surveillance (and even leaks data 
through the subject line as you point out), there is likely to be a 
fairly low threshold before the user just abandons the setup altogether.

I read Richard Stallman's recent blog, I would agree that inconvenience 
is clearly a separate and less pressing issue than oppression.  
Nevertheless, there ought to be a clear warning that following this 
guide _will_ degrade the very ease of access which popular cloud 
services provide.  Without that, users of the system will suffer undue 
frustration.  Non-technical users-- even ones who fully grasp the wide 
chasm between inconvenience and oppression-- don't know how difficult it 
is to do decentralized and secure syncing of their data.  All they will 
know is that it looks and feels more and more constrained, like using 
the internet a decade ago (you even use the word "desktop" in one of the 
initial paragraphs).

Comment:
It would be neat if you encouraged the users to exchange keys with 
someone who is already using a PGP key in a free software community 
(Debian, etc.).  Like a reverse outreach program:

Dear Expert,
Greetings!  I just read a tutorial on using PGP for encrypted mail, and 
I heard from a friend that you know a lot about computers.  I read in 
the news that the internet is sorta broken atm, so if you wouldn't mind 
helping me use my computer safely and securely until y'all get this mess 
fixed I'd sure appreciate it.  Let's get together and exchange keys.
Best,
Normal Person

-Jonathan

More information about the liberationtech mailing list