[ubuntu-uk] OT - secure email?

Tue Sep 3 15:39:35 UTC 2013

On 3 September 2013 15:38, Jon Spriggs <jon at sprig.gs> wrote:
> On 3 September 2013 14:51, Liam Proven <lproven at gmail.com> wrote:
>> Doesn't everyone with 0.5 of a clue know this?
>
> Frankly, No. As soon as (if not before) the "NSA whistleblower is in
> Hong Kong" headlines dropped off the BBC front page, outside of those
> of us who actually care about this stuff stopped being interested, and
> went back to "sharing cat photos with my family". My wife doesn't
> care, and frankly is bored witless of me waffling on about it.
>
> <SNIP>
>
>> Scott McNeally said it in about 1996:
>>
>> "You *have* no privacy on the Internet. Get over it."
>
> It doesn't have to be like this. In code we can solve this, the
> problem is getting a usable interface, a compelling reason and a good
> marketing team to solve the last 5%. Mailpile might be able to do it,
> bitmessage could also, but all the time it's just the Tin Foil Hat
> Wearers Brigade (mine just covers the tips of my ears) and the
> Free-as-in-Freedom crowd banging on about it, the rest of the world
> won't give a flying .... Ooo, You're a kitty! (http://xkcd.com/231/)

Exactly. Your wife doesn't know and as you yourself said *doesn't care*.

The thing to do is not try to build more little isolated secure bits
of the Internet. There is absolutely no use or point to a secure email
service because as soon as you use it to email anyone else it /ceases/
to be secure. In other words, the selling point of the tool
immediately stops applying the instant that you use it.

Summary: chocolate teapot. Completely and utterly useless.

So the smart thing to do is to get the message out there and make sure
that people know that the Internet is public, what they are doing can
be observed and tracked, and if you don't want people to know or see
what you're doing online then don't do it online in the first place.

That is the /only/ real solution.

If you like, sure, start a secure email service in some jurisdiction
that permits you - i.e. not N America, the EU or much of the world -
and make it dead easy to send and receive full round-trip encrypted
email. But if the other end isn't using it too, it's useless. It'll
cost a lot to do it, and since email is now as free as air, you won't
make a penny from it unless you come up with a remarkable, fascinating
new spin on the Freemium model.

Meantime, next best thing, given we're on an Ubuntu forum?

Make it super stupid easy to do PGP email in Thunderbird. I've done it
before, for an employer who insisted on it. I'm a skilled techie with
over 2 decades' experience. It took me days of research and hours of
work. It was horrid, a nightmare.

That's the problem to fix. Not introducing new secure email protocols,
which won't do a damned bit of good.

Because http://xkcd.com/927/

You cannot "fix" the insecurity of email for unskilled users with new
tools. All the tools *already exist,* they're just too hard to use.

http://xkcd.com/1200/

http://xkcd.com/538/

http://xkcd.com/1181/

-- 
Liam Proven • Profile: http://lproven.livejournal.com/profile
Email: lproven at cix.co.uk • GMail/G+/Twitter/Flickr/Facebook: lproven
MSN: lproven at hotmail.com • Skype/AIM/Yahoo/LinkedIn: liamproven
Tel: +44 20-8685-0498 • Cell: +44 7939-087884