Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Privacy Security Technology

Encrypted Email Is Still a Pain in 2017 (incoherency.co.uk) 216

Bristol-based software developer James Stanley, who used to work at Netcraft, shares how encrypted emails, something which was first introduced over 25 years ago, is still difficult to setup and use for even reasonably tech savvy people. He says he recently tried to install Enigmail, a Thunderbird add-on, but not only things like GPG, PGP, OpenPGP were -- for no reason -- confusing, Enigmail continues to suffer from a bug that takes forever in generating keys. From his blog post: Encrypted email is nothing new (PGP was initially released in 1991 -- 26 years ago!), but it still has a huge barrier to entry for anyone who isn't already familiar with how to use it. I think my experience would have been better if Enigmail had generated keys out-of-the-box, or if (a.) gpg agreed with Enigmail on nomenclature (is it a secring or a private key?) and (b.) output the paths of the files it had generated. My experience would have been a lot worse had I not been able to call on the help of somebody who already knows how to use it.
This discussion has been archived. No new comments can be posted.

Encrypted Email Is Still a Pain in 2017

Comments Filter:
  • mail.app (Score:2, Redundant)

    by jbolden ( 176878 )

    Giving credit where credit is due. mail.app and keychain make it a breeze. You can drag and drop public keys, sign email, use 3rd party sources or generate keys all with a gui that is rather intuitive.

    • Of course, since this is in mail.app, which I use constantly, this is the first I've heard about it.

      I wonder how many great features in Apple products people miss simply because Apple refuses to provide sensible documentation and instead relies on users to "discover" features organically or via message boards.

      -Chris

      • Re:mail.app (Score:5, Informative)

        by TheRaven64 ( 641858 ) on Monday February 13, 2017 @12:31PM (#53857531) Journal
        There's a button in the 'compose email' window to turn it on, and there's online help for how to import a signing cert. Keychain will create a cert for you and a CSR, but it's then up to you to have it signed. The most important part of the grandparent's point is nothing to do with Apple though. Thunderbird also supports S/MIME out of the box, as does Outlook. The author of TFA decided to try two third-party add-ons for encrypting his mail, instead of the industry standard one that's built into the mail client that he was using. He then discovered that it was hard and acted surprised.
        • This was my first thought when I read the summary as well. S/MIME is even built into the default mail app in iOS... not sure about Android (or any of its manufacturer variants).

          The biggest problem with S/MIME is managing the certificates. People generally won't want to deal with having a different private key on every device they use for their email... especially when you consider that doing so would require the sender to sign with the correct public key for the device the recipient wants to read it from. N

    • That's not my experience, over the last 15 years where I was required to exchange PKI encrypted emails with both DoD users and other contractors (Fortune 50 company through 1 person security consulting shop). I've had problems setting up/loading certificates, particularly handling root and intermediate certificates (from DoD PKI). When a certificate expires, Mail has real problems with the email. And recently I was sent a short encrypted message where it took order a couple of minutes to decrypt and disp

  • Tools and movements (Score:4, Interesting)

    by PeeAitchPee ( 712652 ) on Monday February 13, 2017 @11:47AM (#53857111)
    EFF has done a great job with their "Encrypt the Web" campaign and gotten a lot of big websites to switch to https as their default protocol. The difference is that people running those servers are usually more technically minded (they're admins), so the implementation goes a lot easier. When dealing with non-technical end users, you can't expect them to do anything extra to set it up for them; it's just gotta become the default and get pushed to them. Anything else is a recipe for non-adoptance.
    • by TWX ( 665546 ) on Monday February 13, 2017 @12:00PM (#53857243)
      It also has to be supportable. If joe schmoe loses all of his e-mail because of problems with remembering keys or keychain files then not only is he going to stop using it, he's going to continue to have problems with people e-mailing to him with his now-broken public key.
    • by Sloppy ( 14984 )

      You simply can't have people not do "anything extra" while also being resistance to MitM. Part of HTTPS' success story is that it's easy enough to set up, but at the cost of being extremely vulnerable (by PGP standards) to MitM. So to anyone who knows how it works, it's "insecure" but people actually bother to use it, so it's about a trillion times more secure against totally passive attacks, than plaintext is. Thus, on average for all persons, the web is more secure than email.

      PGP email needs some kind of

  • No. Really.

    The average user has difficulty clicking on a UI element that says "Generate key" and figuring out what it does.

    Let alone understanding the differences between key types, and why some are better than others. (like why you shouldn't trust the RSA algo.)

    • by wvmarle ( 1070040 ) on Monday February 13, 2017 @01:15PM (#53858003)

      Let alone understanding the differences between key types, and why some are better than others. (like why you shouldn't trust the RSA algo.)

      The end user has no need for understanding that. They even shouldn't need to care.

      The only way we'll ever see e-mail encryption if it's as transparent as WhatsApp's end-to-end encryption or https transfers. The moment you have to bother the user with manual key management there's an issue. If the user has to choose what key to use, it's a disaster. He shouldn't have to know why to trust or not to trust RSA or other key algorithms. That's for the application writer to figure out, and only offer suitable protocols to begin with. Then why ask the user about different protocols? The developers know more about that, and I trust them to be better suited to make an appropriate choice than me who knows little to nothing about encryption.

      I don't know what algorithm WhatsApp uses to encrypt my messages. I can read it, receiver can read it, no-one in between can read it. I'm good. Of course I have to trust WhatsApp to do it properly - I know there are really smart people all the time trying to break these things, and I have yet to hear about this having been broken even partly. That is enough for me as simple end user to get the feeling they've done it well. It's probably breakable, but it's for sure not easy, and they don't bother me with keyrings, secret/public keys, algorithms and other things that I know almost nothing about.

      I like computers, have a strong interest in the subject, and I'm sure I know a lot more about all this than the average person. So if e-mail encryption is hard enough to make me not even bother, a lot has to be done to make it usable for the average Joe.

    • The subject line's arrogance about non-technical users is the source of much that's wrong with computer security today.

      Computer users are not idiots, they just don't have specialized knowledge that specialists have. They should not need to have such specialized knowledge, and they're absolutely right when they think we're nuts for wanting them to obtain that knowledge.

      There are many different levels of this particular form of arrogance, too. One of my ambitions is to develop a crypto API which developer

  • by H3lldr0p ( 40304 ) on Monday February 13, 2017 @11:54AM (#53857173) Homepage

    People forget things all the time. At some point you are going to forget where or what the key is for your encrypted email, so what to do? Recovery of that key is going to be necessary. Which leads to an entire host of other problems, many of which are security related.

    So yeah, until memory becomes infallible we're stuck with encrypted emails having a certain amount of pain that comes along with them.

    • a message that can be read by somebody other than the intended recipient, is not worthy of being called secure.

      A message that can have the key derived from the data stream is a message that fails to prevent somebody other than the intended recipient from reading it.

      The two are mutually exclusive.

    • by TWX ( 665546 )
      Yeah. I'm already facing this with passwords, and ironically it's home equipment that I have the biggest issues remembering simply because I don't have to reconfigure it often.

      Some big automotive enthusiast forums company got breached and set draconian rules for passwords for the users (who themselves did nothing wrong) as a result. twelve characters, mixed case, numbers, and non-letter-number characters, must be changed monthly. Screw that. I don't need to talk about four by fours enough to bother w
      • twelve characters, mixed case, numbers, and non-letter-number characters

        Hmm, those contraints rather limit the set of possible passwords, thus weakening the security of the system.

        Ignoring the 12 character limit, would be better if mixed case, numbers, and non-letter-number characters were ALLOWED, but not required.

        As to the character limit, I think I may have used a password that short this decade by personal choice. Maybe. Of course, passwords for websites (online bill pay, that sort of thing) freque

    • That is not the pain .

      Where I work it is the clueless clients who send us (another company) encrypted emails and then demand an answer ASAP and blame IT when it doesn't work.

      Cisco iron mail is horrible! Requires outdated Java and times out on our network. MBAs have no idea the work required. Just to penelize my users if they don't respond ASAP with no warning

    • by zifn4b ( 1040588 )

      People forget things all the time. At some point you are going to forget where or what the key is for your encrypted email, so what to do?

      Use Keepass?

    • Why storing it in encrypted form? It only has to be encrypted while in transmission to be secure.

      You receive an e-mail, your client automatically decrypts it (of course at some point in time you unlocked the key with a password or so), and then stores it in your local storage unencrypted. You may of course in turn encrypt your hard disk if you want. Same for sent e-mail: the moment you press Send, the client encrypts the mail before delivering it to the SMTP server, and at the same time stores an unencrypt

    • This is why I maintain that we need identity/security providers that will manage the keys and encryption schemes for you. The real problems are:

      * Slashdot nerds (and the like) get all freaked out about the idea of a 3rd party managing people's keys. In order to be truly secure, it's necessary that only you can ever possibly get access to your keys, which means that you need to manage them yourselves. Therefore, any scheme that requires trusting a 3rd party gets rejected.
      * Each vendor/developer wants to

    • The average person doesn't think to that level. It appears to be that the reason for lack of adoption is that the average person doesn't know it's a thing, plus it's non-intuitive, and their email providers don't do it for them.

  • by david.emery ( 127135 ) on Monday February 13, 2017 @11:56AM (#53857195)

    I've had to mess with PKI encrypted email (as a job requirement) many times over the last 15 years. In my experience, the problem is the underlying PKI support. It's really hard to load & manage certificates, deal with revoked certificates (including preserving emails when a certificate expires), etc. Some of that is, I believe, due to the complexity of PKI itself, and some of it is due to poor (at least from a user experience perspective) support by the OS vendors. Much of my experience is with DoD PKI, including their huge chains of PKI certificate/trust.

    If the PKI infrastructure worked well, encrypting/decrypting email should be easy. But if the PKI infrastructure makes it really hard to manage certificates, there's nt a lot the mail user agent can do about that!

    • by sl3xd ( 111641 )

      But if the PKI infrastructure makes it really hard to manage certificates, there's not a lot the mail user agent can do about that!

      I've been using PKI infrastructure for about as long, and my experience has been very different, even with non-technical users.

      I'm curious what issues you're running into that makes it "really hard to manage certificates." Perhaps your definition of difficult differs greatly from mine..

      • I could see it being rather difficult to manage certificates if there's no assumed trustworthy central authority to manage them. It's easy for a megacorp to sign their own certs and manage them (and have others accept them), but a small shop or individual would likely run into difficulty somewhere.

      • Finding, installing, handling revocations/expiration. Loading parent/certificate chains, -particularly when the certificate chains themselves (root and intermediate) change-. In a perfect world, this would all be handled automagically. But when something goes wrong, figuring out what happened, and then trying to fix it, has been At Least One Bridge Too Far.

  • This is much easier to manage, and it is not clear that encrypting the email itself is that much better.
    • by sl3xd ( 111641 )

      You get a gold star for independently coming up with the industry standard solution!

      Encrypting the attachments is exactly what PGP/MIME and S/MIME have done for at least a decade now.

  • by mr100percent ( 57156 ) on Monday February 13, 2017 @12:14PM (#53857367) Homepage Journal

    The problem is that most of the public still uses web-based email (GMail, Yahoo, etc) and mobile. Gmail won't support even the most basic of encryption because their entire business model depends on reading other people's emails.

    What GMail COULD do is put some sort of header on GPG-signed emails saying that this is certified as from an account.

    • by b0bby ( 201198 )

      Like the author I found Enigmail on Thunderbird to be a pain. The Mailvelope plugin on gmail/Chrome is what I use when I need to use encrypted mail. It's still a bit of a pain, but not too bad.

    • What's the problem with that for gmail and other web mail services? In order to present the e-mail in a web page to the user, they have to be able to decrypt it, it's not like that can be done so easily at the user's end in the browser (how to deal with keys etc, when the user switches computers?).

  • Given up (Score:4, Insightful)

    by Rumagent ( 86695 ) on Monday February 13, 2017 @12:17PM (#53857401)

    I have given up on GPG. It is a great program and in principle it is all you need. Until you have tried setting it up for your parents, spouse or friends.

    It cannot and will not work. It is too complicated. The best solution I have come up with is using tutanota (others exists as well) . It is not perfect, but now must of my family use encryption without really realising it:)

  • Nowadays all connections between your client and your server is encrypted. And connections between email servers are encrypted as well using TLS. The only hole is if your email server uses Verizon as an ISP, because they strip the request secure transit bits [eff.org] off of the server connection. So far none of the big email providers have felt like blocking off all Verizon customers. Once that hole is plugged, there won't be a single point where an email isn't encrypted.
    • Except the part where it's stored unencrypted on every server during the trip. You don't know how long it stays on the server as there could be a long queue of outgoing mail or the receiver isn't responding. Then it could be caught up on backups. All available to be read unless you have encrypted it yourself.

    • by Chrisq ( 894406 )
      I think the point is that it is not end-to-end encryption, and it could be intercepted by mail providers either end, or by governments with access, etc.
    • You're talking about transit. Emails in transit may be encrypted but they may not be at the endpoint. It's like entering your bank details into some random site that looks like your bank with only the confidence that you're using HTTPS and without actually knowing if the other party is your bank or not.

    • by Nkwe ( 604125 )

      Once that hole is plugged, there won't be a single point where an email isn't encrypted.

      In transit perhaps, but not at rest. When your email sits in the inbox (or any folder) on your email provider's server, it is either not encrypted or your provider has the ability to decrypt it. Otherwise your email provider would not be able to display it / transfer it to you. This means that your provider can read your email, they can show it to the government, and if someone hacks your provider, the attackers and read your email as well. Unless you are running your own email server, transport protection

      • it is either not encrypted or your provider has the ability to decrypt it.

        Lots of providers do encrypt the email at rest. True, the servers will need the data in an unencrypted form at some point to serve you the data, etc. But then that gets down to how much you trust the provider. Don't trust the provider? host your own email server.

        Encryption in transit protects you a lot.

  • by reezle ( 239894 ) on Monday February 13, 2017 @12:25PM (#53857471) Homepage

    I was sent a message encrypted by https://www.virtru.com/ [virtru.com] and it wasn't a problem to open it on my end, no account required.
    I liked the idea and took about 5 minutes to get it setup on my end so I could send encrypted email, too.
    It's about the simplest setup I've seen yet, and only downside is a couple of second lag opening an email (time it takes to decrypt)

    • >"so I could send encrypted email, too"

      But that is not Email. It is web messaging with Email notifications. It requires a third party to be involved. I get that kind of stuff all the time from various sources. If you have to use a web browser, it is not Email.... Just saying.

  • DuckDuckGo (Score:5, Funny)

    by mrchaotica ( 681592 ) * on Monday February 13, 2017 @12:37PM (#53857609)

    The article says "I DuckDuckGo'd for keywords like GPG..."

    I feel like the idiom should be "I DuckDuckWent" instead.

  • by mmell ( 832646 ) on Monday February 13, 2017 @12:39PM (#53857627)
    No matter how dumbed-down you make it, ultimately security requires an intentional decision by the end user. Encryption is a highly complex subject and the instant you reveal this, nearly all end users don't just decide it's not for them, they decide it's no good at all.

    Try talking your non-techie friends into a Linux desktop. Even after you show them that the "Start button" is right where they expect it to be, and that the email and browser clients work just like they're used to and that they can do what they've been doing as easily as they've been doing it, there will be concerns. It all falls apart when they say "Can I buy a disk and install my own software?" and you say "No, but here's an easier way to install software from a vast repository of packages", they're done. They don't even ask what's available or how it works, their eyes glaze over and they hold up a CD-ROM of Cute Kitteh Pics and proclaim that they can't live without that version of that software - and it has to look exactly like they expect it to look. Anything else might require their direct attention.

    Now, back on subject - you say "encrypt your email". They say, "okay, how?". You install and configure it for them, you make sure they only have to click one button to encrypt any given email. They say "Cool! And my grandma will be able to read this, right?"

    You start explaining how this will work. Their eyes glaze over and they say they'd like to encrypt emails to their friends when they discuss their legal but oh-so-risqué lives, but if they can't email grandma it won't work. It's too late to tell them they got it wrong because their eyes have already got that hundred yard stare thing going on. You made somebody think about something and rather than believe they can understand it, they take the easier path of not even trying.

    Bottom line - you're not trying to teach a behavior, you're trying to change a behavior. I've go GPG implemented. It's completely unused because nobody I know cares. They're not afraid of the government reading their emails and they accept that Google, Apple and Microsoft won't do anything worse than target advertising at them. Even after I offer to make it one-click convenient for them, most of my associates don't want it.

    • by gtall ( 79522 )

      " You made somebody think about something and rather than believe they can understand it, they take the easier path of not even trying."

      And that, in a nutshell, is what describes people living in their interwebs echo chambers. Their beliefs are easier to understand than someone else's, and they take the easier path of not even trying.

    • It all falls apart when they say "Can I buy a disk and install my own software?" and you say "No, but here's an easier way to install software from a vast repository of packages", they're done.

      What's in a "package?" Is it ready-to-run? Where do I find clear and detailed product descriptions, reviews and screen shots?

      Steam is successful because Valve knows how to sell software on line.

    • you're not trying to teach a behavior, you're trying to change a behavior. I've go GPG implemented. It's completely unused because nobody I know cares.

      It's actually worse than that. You're not trying to change your behavior. You're trying to change everyone else's behavior. Your GPG implementation relies on everyone sending emails to you to cooperate.

  • PGP has pretty much been abandoned. The companies that need to securely deliver messages do so by sending an email with a link that requires you to authenticate and then view the actual contents in a secure browser session. I find it absolutely hilarious that Slashdot has been persistent for so many years in resurrecting this topic every so often even though it's clearly dead, Jim.
  • So, I'm thinking this through a bit further, and I'm wondering whether encrypted e-mail still makes sense...

    How many people actually-communicate via e-mail anymore? Yes, e-mail is still necessary as it's a de facto identification method - virtually every sign-up form uses e-mail addresses in this manner, but it's highly irregular that I send an e-mail to another human after I leave work. Most of that communication takes place via Facebook (known insecure) or WhatsApp/Viber/Kik/Line/BBM/SMS, and most of that

  • by thegarbz ( 1787294 ) on Monday February 13, 2017 @12:42PM (#53857667)

    The general wide spread use of email encryption lacks a use case. The situations where an ordinary person would require encrypted email is incredibly rare and it's most definitely not worth the hassle. Think of the use case for email: You're trying to send a message to someone. Like a letter it could be intercepted and read, but in general it's still just plain text. Like a letter we can take basic precautions such as encrypting attachments or sending separately documents to prevent accidental collection, but fundamentally it is still something that for the most part in general needs to be read.

    I personally wouldn't have enabled email encryption if I didn't need to on a very rare occasion have to handle sensitive information, but even then it's simply easier to often send an encrypted attachment.

  • Because end-to-end secured email is a pain, why not just use WhatsApp or one of the other messaging systems [techtimes.com] which provide end-to-end encryption?
    • Is there a good reason I should trust the authors of "WhatsApp"? And even if I did trust them, is there any measure of assurance that they couldn't be compelled to give up my data?

  • ...netcraft confirms it!

    Sorry. Flashbacks.

  • by wonkey_monkey ( 2592601 ) on Monday February 13, 2017 @02:47PM (#53859025) Homepage

    Bristol-based software developer James Stanley, who used to work at Netcraft, shares how encrypted emails, something which was first introduced over 25 years ago,

    Got enough commas in there?

    is still difficult

    Uh, what? Emails is still difficult?

    but not only things like GPG, PGP, OpenPGP were -- for no reason -- confusing

    "Not only were things like..." would've been easier to parse, though this is borderline cromulent.

    Enigmail continues to suffer from a bug that takes forever in generating keys.

    The bug takes forever "in generating" keys?

    Look, if English isn't the submitter's first language, that's no big deal. But somebody, somewhere, should be responsible for editing submissions if you want people to actually think you're a professional news aggregator.

  • I have been using GPG since 2003. That means publishing my key and making it available. The only encrypted email I have ever received in all that time is from that bastion of privacy and security.....Facebook! It's like bizarro world.

  • PGP and OpenPGP are obsolete. You should be using S/MIME - that is where all the work on getting the process right has been going on, and for that protocol the set up is accessible in anything modern.

  • Maybe it's time to stop teaching e-mail to users.

    Let's face it, users stop using e-mail anyway. Many apps which required e-mail for signup now work with a phone number alone.
    So let's stop forcing e-mail for every bit of communication.
    Use XMPP. The user likes the chat interface anyway, encryption with OMEMO (which has forward secrecy, which isn't possible with e-mail) is secure and apps like Conversations work like a charm hiding all the details with a Trust-on-first-use model, which is enough for 99% of the

  • Not sure if I'm not getting the entire story here, but how can a guy who tested one method alone (a plugin to boot) can generalize that encrypted email is still a pain?
    Encrypted messaging is also a pain if I use only SMS or smoke signals.

    I have a Protonmail account. It's encrypted during transit, and completely encrypted from Protonmail to Protonmail account, and it all works seamlessly.

  • TFA reads like a classic example of "User refuses to learn to use screwdriver, complains all fasteners are hard to use."

    * Author seems to think encryption is a simple magic bullet.
    * Author doesn't even bother reading the manual for the tool.
    * Author reviews only one tool in a large family of tools, blames the entire family of tools for his own ignorance and incompetence.
    * Author doesn't know about the problem space, has expectations that reveal a tragic level of misunderstanding.

    The bottom line is encryptio

  • openKeychan for android is stupidly easy to use.

    plaintext goes in, cyphertext comes out

    cyphertext goes in, plaintext comes out

    it even automates the sending to and grabbing from clipboard

    encryption is only hard when you use poorly made tools

    gaim-encrypt (back before it was pidgin) was easy as shit to use too, it was slow back in the days of sub ghz celerons it could freeze your whole machine and make winamp skip for a moment when a messagecame in, but it was literally easy enough for children to use.
  • Buy two of the same books. Learn how to use a one time pad.
    Take a holiday or sabbatical and give one book to the person you want to communicate with.
    Teach that person about the use of a one time pad on paper. Don't encode or decode the message on the computer.
    Take up landscape photography. Any digital camera will do.
    Include a small banner ad like landscape image with every email.
    Learn steganography and hide a short one time pad like message in every small landscape image in every normal email.
    Set s

If money can't buy happiness, I guess you'll just have to rent it.

Working...