Connect with us

Communication

Making Encrypted Email Usable

Published

on

When Edward Snowden reached out to Glenn Greenwald and Laura Poitras he insisted they use specific encryption methods. The two journalists required quite a bit of assistance from Micah Lee in order to communicate safely using Pretty Good Privacy, an email encryption standard which has been around twenty years.

The dance required is simply too complex for the average user, who doesn’t want cryptography; they just want to communicate safely. @SwiftOnSecurity, Twitter’s self appointed Information Security Thought Princess, recently summed up the issues in a single tweet.

But I’m Using SSL to Read my Encrypted Email

@SwiftOnSecurity Knows PGP

@SwiftOnSecurity Knows PGP

The only place where cryptography is universally available and generally used is within browsers, via a method that we continue to refer to as SSL. That is short for Secure Sockets Layer, which was replaced by Transport Layer Security, a newer standard that addresses some conceptual problems with the original method. When you log into your email account with Gmail or Yahoo, somewhere on your browser there is a small padlock icon that turns green, indicating a safe connection.

That padlock turns green because your browser shipped with a number of X.509 certificates, issued by certificate authorities, trusted companies like Verisign and CAcert. Their root certificates are used to sign the certificate of the email server, providing a ‘chain of trust’ that ends at your browser.

And all that you have accomplished is protecting you from someone between you and your email provider reading your traffic off the wire. The service provider itself can read your messages unless you take similar steps to encrypt the text, which is where PGP comes into play. As you know, assuming you clicked through to the story about Lee helping Greenwald and Poitras, this wasn’t a trivial process for them.

Things have gotten a tiny bit easier on this front, thanks to a tool called Mailvelope. This browser extension, available for both Chrome and Firefox, replaces the cumbersome combination of standalone mail client and standalone PGP program. If you have never used PGP before you should be able to install the plugin, generate a public/private key pair for yourself, and be sending encrypted emails within about fifteen minutes.

Who Would You Email?

The biggest problem with encrypted email is that it is a ‘complex social contagion’. People don’t catch the encrypted email bug from a friend, usually they catch it from a group. Unless you join a circle of individuals already using PGP, you are unlikely to find much cause to use it even if you did complete the simple Mailvelope install.

The PGP documentation suggests that users will attend ‘signing parties’ where they will meet each other and validate their contacts keys. This may have happened at MIT, where PGP was developed, but in the real world things have progressed differently. There are some industries where PGP fingerprints on email signatures are as common as cell phone numbers, but those are generally very technical audiences. Encrypted email uptake is either near universal or almost entirely absent.

A notable effort to solve the initial introduction problem is happening at Keybase, founded by Chris Coyne and Max Krohn, names you might recognize from their very successful dating site, OkCupid. Artist and designer Caroline Hadilaksono rounds out the site’s leadership. Keybase’s features are amazing, as they’ve produced a slick, pleasant to use web site and paired this with a set of command line tools that will put a smile on the face of the pickiest of Unix system administrators.

Right now Keybase is invite only, and it’s on the march through the existing territory where PGP is used. When this is made broadly public, which appears to be scheduled for early 2015, email privacy is going to take a massive step forward.

But then You Walk Out the Door

Mailvelope is a browser extension. Keybase is a web site and some Linux command line utilities. Once you walk out the door with either Android or iPhone you’re back to the same problem that’s bedeviled PGP from its inception. Select and install an email client. Select and install a PGP package. Move your keys from Mailvelope to the new program.

There are a lot of good things happening for mobile devices, in particular the addition of Whisper Systems secure SMS tools to Android alternative CyanogenMod, which instantly added ten million users of encrypted text messages. Given how smooth Keybase is they no doubt have a plan for mobile users, but there isn’t even a hint of when this might happen.

Preparing for 2015

The problem of securing email communications over the wire, on the server, and on your mobile device will be solved in 2015. Thanks to Edward Snowden, the pressure to innovate is enormous, so much so that the work will be done before the U.S. Congress can get under foot with burdensome regulations meant to protect a surveillance dragnet that is neither effective nor constitutional.

If you’ve never touched PGP, Mailvelope is a good way to get some experience. Given Keybase‘s smooth implementation and solid backers, it’s liable to be the defining application in that space. Unfortunately, unless you know one of the crypto boffins with early invites, all you can do for the moment is watch and wait for general availability.

Images from Twitter and Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...





Feedback or Requests?

Communication

San Bernadino iPhone Case: Major Press Agencies Are Suing the FBI

Published

on

The Associated Press, Gannett, and VICE Media are suing the FBI to know more details about the agency’s hack of the San Bernadino killer’s iPhone.

(more…)

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

5 stars on average, based on 2 rated postsP. H. Madore has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and has made technical contributions on a number of other cryptocurrency projects. In spare time, he recently began a more personalized, weekly newsletter at http://ico.phm.link




Feedback or Requests?

Continue Reading

Communication

Toward Unbreakable Quantum Encryption for Everyone

Published

on

Hacked recently covered the efforts of the Chinese government to build unbreakable quantum communication networks. According to analysts, quantum communications networks are so expensive that they could have a “recentralizing effect,” enabling states to recover the ground that they have lost to decentralizing digital technologies. But what if ultra-secure quantum cryptography could be made available to everyone at low cost?

(more…)

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

Giulio Prisco is a freelance writer specialized in science, technology, business and future studies.




Feedback or Requests?

Continue Reading

Communication

The Chinese Quantum Satellite QUESS: Toward Unbreakable Quantum Networks

Published

on

One year ago Hacked covered the race between the US and China to develop “military super-powers” by harnessing quantum science, and noted that Chinese scientists were developing quantum communication satellites that support unbreakable encryption. A few weeks ago, China launched its first quantum satellite.

(more…)

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

Giulio Prisco is a freelance writer specialized in science, technology, business and future studies.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending