*Email privacy and security survey*

[app103]

After a number of recent discussions about email privacy and security, I decided to ask this question here and elsewhere, as I am curious as to the responses among DC members and the general public.

[Edvard]

Yes, I know what it is, and I also know the Gnu version, GPG, and about the OpenPGP standard.
Do I use it for email?  No.  Why, if I was whining so loudly about my beloved Lavabit shutting down?
Because 1- I just don't go emailing around sensitive information that would require it.  I'm not that important and neither are my email messages to friends and family.  My primary concern was to prevent "casual hacking" which might reveal passwords or other information I had stored in email (not smart, I know, and I started using POP3 instead of IMAP after someone apparently brute-forced my password to start sending out spam.  *sigh* Different story.)
2- I would have to teach my brothers, mother, grandmother, cousins and aunts/uncles and friends all about how to use it and why they can't read emails from me unless they did.  No thanks.

In my post about Lavabit shutting down, I described my very simple reason for using an email service that was encrypted, and it was about simple prevention of "casual hacking" which might reveal passwords or other information I had stored in email (not smart, I know, and I started using POP3 instead of IMAP and erasing messages from the server after someone apparently brute-forced my password to start sending out spam.  *sigh* Different story.)

Anyways, I do use GPG to encrypt my password vault, does that count?

[40hz]

Like Edvard, I'm up on it, have GPG installed, but only rarely use it for much the same reasons he gave.
 

[rgdot]

Same as above.
I use encryption locally (via TrueCrypt) more than any other form.

[Jibz]

I know what it is, but I am not using it. The problem I see with GPG/PGP for e-mail is that, unless you are mailing somebody involved in linux development, chances are they don't have anything installed that can check/decrypt it. This sums it up nicely:

http://xkcd.com/1181/

A polished solution for this should have been part of thunderbird for a decade instead of relying on clunky plugins or obscure tools if it should have had any chance.

[Stoic Joker]

I know what it is, but I am not using it.

-Jibz (August 16, 2013, 12:25 PM)

+1 - Because all encrypted communications do is draw unnecessary attention to your activities, and regardless of what you use it's not going to stop an elite focused (governmental...) attack. So the bulk of it strikes me as a waste of (cycle) time.

[app103]

I know what it is, but I am not using it.

-Jibz (August 16, 2013, 12:25 PM)

+1 - Because all encrypted communications do is draw unnecessary attention to your activities, and regardless of what you use it's not going to stop an elite focused (governmental...) attack. So the bulk of it strikes me as a waste of (cycle) time.

-Stoic Joker (August 16, 2013, 01:57 PM)

I don't think it would be a waste of time if one were a business and it was used for securely transferring password information between you and a client, but in the case of businesses that deal with common people that don't have any clue what PGP or an alternative is, or don't have what they need to use it installed, then it certainly makes things much more difficult to transfer that type of information securely (which is a problem I am facing right now, and to which I have not found a free easy moron-proof cross-platform solution)

[skwire]

Like others, I'm very familiar with what PGP/GPG is, have it installed, but rarely use it.

[Stoic Joker]

I know what it is, but I am not using it.

-Jibz (August 16, 2013, 12:25 PM)

+1 - Because all encrypted communications do is draw unnecessary attention to your activities, and regardless of what you use it's not going to stop an elite focused (governmental...) attack. So the bulk of it strikes me as a waste of (cycle) time.

-Stoic Joker (August 16, 2013, 01:57 PM)

I don't think it would be a waste of time if one were a business and it was used for securely transferring password information between you and a client, but in the case of businesses that deal with common people that don't have any clue what PGP or an alternative is, or don't have what they need to use it installed, then it certainly makes things much more difficult to transfer that type of information securely (which is a problem I am facing right now, and to which I have not found a free easy moron-proof cross-platform solution)

-app103 (August 16, 2013, 02:07 PM)

I'm in favor of the single use ephemeral "reset" password scheme.

[wraith808]

I'm in favor of the single use ephemeral "reset" password scheme.

-Stoic Joker (August 16, 2013, 03:52 PM)

What is this?

[Vurbal]

I use Thunderbird and have Enigmail installed and configured. However there aren't too many circumstances when it's actually useful. Only 2 people I communicate with via email use it themselves.

One of them always signs his emails - not surprising since he also wrote and administered the first public PGP keyserver. I don't encrypt emails I send to him, but I do sign them.

The other is Mike Masnick. I've started encrypting all my messages to him just because I figure he's pissed the NSA off so much they probably read his email on general principle. I'm not sending anything I expect them to care about, but that's sort of the point. If there's even an outside chance they will waste resources cracking the encryption it seems like the responsible thing to do.

[Stoic Joker]

I'm in favor of the single use ephemeral "reset" password scheme.

-Stoic Joker (August 16, 2013, 03:52 PM)

What is this?

-wraith808 (August 16, 2013, 03:58 PM)

A really bad (rushed...) description of something we've all seen many times?

Most sites if you click the lost password link send a reset password link to the accounts Email address that typically expires in 24 hours or less and allows the user to change their password to something that isn't lost.

I've done a variation on that for clients (in a pinch) if I know they are sitting there waiting/trying to login. I log into the server, set their account to require a pw change on next login, and then Email the password to where ever they would like because it ain't gonna be any good in less than 60 seconds anyhow.

I really don't think there is a truly secure way of sending passwords. You can try encrypting it sure...but then what do you do with the encryption key (Infinite loop anybody?)?? So it's really just best to minimize the exposure window by keeping the timeline as tight as possible.

[app103]

I've done a variation on that for clients (in a pinch) if I know they are sitting there waiting/trying to login. I log into the server, set their account to require a pw change on next login, and then Email the password to where ever they would like because it ain't gonna be any good in less than 60 seconds anyhow.

-Stoic Joker (August 16, 2013, 06:54 PM)

My situation is slightly different, in that I need Grandma Dum-Dum to be able to send the info to me, not the other way around. And if after receiving the info, I go and change her passwords on her (because she sent them insecurely), and she can't log into her cpanel or ftp, she is going to panic and think I have hijacked her website instead of securing it for her. I'd like to be able to have her give the info to me securely, use it to complete the job she hired me for, then suggest she change the passwords when the job is done. If at that point she doesn't take my advice, at least with it being me that has the password info, with my knowing I won't do anything harmful with it (if I can't trust myself, then who can I trust?), I won't have to worry as much.

I really don't think there is a truly secure way of sending passwords. You can try encrypting it sure...but then what do you do with the encryption key (Infinite loop anybody?)??

-Stoic Joker (August 16, 2013, 06:54 PM)

Bingo! Now you fully understand my problem. 

[Renegade]

I really don't think there is a truly secure way of sending passwords. You can try encrypting it sure...but then what do you do with the encryption key (Infinite loop anybody?)??

-Stoic Joker (August 16, 2013, 06:54 PM)

Go scuba diving in an underwater cave with a grease pencil and board to write on. Oh, and a good memory as you don't can't do this twice. Erase the board after you're done then set charges and blow up the cave after you leave - NOT before you leave! Important point there - AFTER! Not before!

[app103]

I really don't think there is a truly secure way of sending passwords. You can try encrypting it sure...but then what do you do with the encryption key (Infinite loop anybody?)??

-Stoic Joker (August 16, 2013, 06:54 PM)

Go scuba diving in an underwater cave with a grease pencil and board to write on. Oh, and a good memory as you don't can't do this twice. Erase the board after you're done then set charges and blow up the cave after you leave - NOT before you leave! Important point there - AFTER! Not before!

-Renegade (August 16, 2013, 08:27 PM)

Never underestimate the intelligence of dolphins. I am pretty sure they would hack your website, if given the chance...and your password.


^{He's laughing because he knows it's true!}

[Renegade]

Never underestimate the intelligence of dolphins. I am pretty sure they would hack your website, if given the chance...and your password.

-app103 (August 16, 2013, 09:37 PM)

Insidious creatures, they are! I don't know why we tolerate alien invaders, even if they're supposed to be "observers" or whatever. And same goes for white mice... Grrrr... 

[wraith808]

My situation is slightly different, in that I need Grandma Dum-Dum to be able to send the info to me, not the other way around. And if after receiving the info, I go and change her passwords on her (because she sent them insecurely), and she can't log into her cpanel or ftp, she is going to panic and think I have hijacked her website instead of securing it for her. I'd like to be able to have her give the info to me securely, use it to complete the job she hired me for, then suggest she change the passwords when the job is done. If at that point she doesn't take my advice, at least with it being me that has the password info, with my knowing I won't do anything harmful with it (if I can't trust myself, then who can I trust?), I won't have to worry as much.

-app103 (August 16, 2013, 07:58 PM)

Why can't they create a new user for you?  That's what I do in those cases.  And if she knows how to use cpanel, then that's not that big of a deal to do.  Same for wordpress.

[Renegade]

Why can't they create a new user for you?  That's what I do in those cases.  And if she knows how to use cpanel, then that's not that big of a deal to do.  Same for wordpress.

-wraith808 (August 16, 2013, 10:10 PM)

Because:

...Dum-Dum...

-app103 (August 16, 2013, 07:58 PM)

I'm currently using Plesk, but if CPanel is remotely similar now (haven't used it in over 10 years), then asking a mere mortal to sift through it is akin to demanding a kindergarten class invade Pluto. Just finding functionality in Plesk is a daunting task. Using it? Oh god...

Wordpress is organized much better, though still could present a problem for a lot of people.

[4wd]

Been aware of PGP since its earliest incarnation on the Amiga, used it sporadically but that was before I switched over to x86 hardware.

A polished solution for this should have been part of thunderbird for a decade instead of relying on clunky plugins or obscure tools if it should have had any chance.

-Jibz (August 16, 2013, 12:25 PM)

I can't tell you how long it's been there but Thunderbird->Write->Options->Encrypt Message



You just need a SSL Certificate, (which are free), and the recipient needs to use digitally signed email, (so you have the recipient key to encrypt with).

Very easy.

[Jibz]

A polished solution for this should have been part of thunderbird for a decade instead of relying on clunky plugins or obscure tools if it should have had any chance.

-Jibz (August 16, 2013, 12:25 PM)

I can't tell you how long it's been there but Thunderbird->Write->Options->Encrypt Message

-4wd (August 16, 2013, 11:23 PM)

That's S/MIME as far as I can tell, which is actually supported by many e-mail clients. To get PGP support I think you still need to install both Enigmail and GnuPG.

And the problem of not many people having support for PGP extends to the trust model. In theory the web of trust is a great idea, but in practice it's probably easier to trust certificates from a CA than self-signed PGP keys that nobody has verified .

[cyberdiva]

Yes, I know what it is, and no, I don't use it.  I rarely if ever have anything in my email worth hiding from the world.  Also, almost no one I write to uses it or wants to be bothered. 

[Renegade]

Also, almost no one I write to uses it or wants to be bothered. 

-cyberdiva (August 17, 2013, 09:20 AM)

And my guess there is because it's too darn hard to get working and email is broken anyways.

[Vurbal]

There are a couple big problems the way I see it, and they're not specific to email. The first is simplicity and useability. For ordinary people something like PGP is obviously way too complicated - not because it's actually that hard but because it has the appearance of difficulty. Honestly, though, even something relatively simple like just going to Comodo and getting a free SSL certificate is just as intimidating.

I consider myself something of an expert on this particular subject. Most complex software is well within the grasp of most people but people like me who are good at both understanding and explaining it are few and far between. I don't know what the answer to that one is besides just keep doing what I do.

The other side of the problem is the solution providers. As someone has already noted, self signed security like PGP can be hard to trust but third party providers are inherently risky as well. Even if they're trustworthy, they represent single points of vulnerability which can impact everybody everywhere. A web of trust is the only solution to both problems but it needs to involve the industry players as well.

At the end of the day it probably comes down to mindset. Even if you don't give a rat's ass about anybody else, the less secure everybody else's systems are, the more vulnerable yours is. It needs to start by picking off the low hanging fruit by establishing some kind of reasonable baseline.

There are a lot of things I think go into that, but the first one is this. At least when it comes to getting the message out to the masses, we need to stop talking about security and start talking about privacy. Mention security and most people will tune you out before you start the next sentence. Say privacy - especially right now - and you've got people's attention. They neither want nor need to know the big picture. They just need to know how to do their part to protect themselves so we can focus on taking the next step.

[Renegade]

The other side of the problem is the solution providers. As someone has already noted, self signed security like PGP can be hard to trust but third party providers are inherently risky as well. Even if they're trustworthy, they represent single points of vulnerability which can impact everybody everywhere. A web of trust is the only solution to both problems but it needs to involve the industry players as well.

-Vurbal (August 17, 2013, 11:06 AM)

And that's EXACTLY why I'm hopeful for Bitmessage to sort its problems and enter the arena of strong encryption that we can trust.

There are a couple big problems the way I see it, and they're not specific to email. The first is simplicity and useability. For ordinary people something like PGP is obviously way too complicated - not because it's actually that hard but because it has the appearance of difficulty. Honestly, though, even something relatively simple like just going to Comodo and getting a free SSL certificate is just as intimidating.

-Vurbal (August 17, 2013, 11:06 AM)

This is the biggest problem right now.

While I *could* get it working for *ME*... doesn't mean jack if other people aren't on board.

The barrier is a function of difficulty, tech savviness, broad adoption, and willingness to use it. And willingness is a function of "how damn long will this take me to get it running, and who can I use it with?" Blah blah, etc. etc.

I've had a bitch of a time trying to get other people to use Jitsi with me. So far I've got 1 (one) friend to use Jitsi with me. And half the time we end up on Skype. Jitsi is great, but it ain't prime time yet.

Then there's email... hopeless. It's just total dog s4!+.

[Vurbal]

The other side of the problem is the solution providers. As someone has already noted, self signed security like PGP can be hard to trust but third party providers are inherently risky as well. Even if they're trustworthy, they represent single points of vulnerability which can impact everybody everywhere. A web of trust is the only solution to both problems but it needs to involve the industry players as well.

-Vurbal (August 17, 2013, 11:06 AM)

And that's EXACTLY why I'm hopeful for Bitmessage to sort its problems and enter the arena of strong encryption that we can trust.
 

-Renegade (August 17, 2013, 11:32 AM)

That's exactly what I'm talking about.    Services like that are also important because if/when they become successful there's another piece of the roadmap for developing other services.

I also think the more small to medium size players we have trying to gain a foothold in the enterprise market, the more we'll see business models catering to both individuals and business. A company like Comodo benefits most from expanding the market and stimulating competition. A company like Verisign or Microsoft benefits most from controlling the market and maintaining the status quo.

This is the biggest problem right now.

While I *could* get it working for *ME*... doesn't mean jack if other people aren't on board.

The barrier is a function of difficulty, tech savviness, broad adoption, and willingness to use it. And willingness is a function of "how damn long will this take me to get it running, and who can I use it with?" Blah blah, etc. etc.

I've had a bitch of a time trying to get other people to use Jitsi with me. So far I've got 1 (one) friend to use Jitsi with me. And half the time we end up on Skype. Jitsi is great, but it ain't prime time yet.

Yep. And that's where people like me fit into the picture. Without users who are at least reasonably competent how can developers get useful feedback? There's just too much trial and error on both sides which can only be solved if they meet in the middle. Lots of developers are already there waiting. The public, on the other hand, needs some herding.

Then there's email... hopeless. It's just total dog s4!+.

It's not just email either. To paraphrase one of my favorite (made up) Einstein quotes, we cannot solve our problems using the same thinking that created them.

Email, passwords, and even independent security authorities are obsolete. They're modeled on outdated corporate processes and technical limitations that no longer apply. Building replacements requires a completely different perspective based on current needs and technology. It's sort of like the transition from horseless carriages to cars.