In light of the whole NSA leaks etc, I have to ask why we don't use PGP widely. Is it just because it's too difficult or is it because we never thought our emails were ever something to be kept private or just that there was never a need to produce tools to make the technology accessible.<p>A friend and I were discussing this over dinner and couldn't really pin point the reason. Both of us came across ideas around what could be done to make the situation better but were drawing somewhat of a blank on the question of "why is this not already done?".
I think it's because there still isn't a good metaphor that covers up the complexity of public key encryption. Such a metaphor is a prerequisite for a UI that the average user can comprehend.<p>First, I think we should rename the keys to 'locking key' and 'unlocking key'. I've had people still scratch their heads at 'public/private' a few days after I've completely explained the concept to them. They find it easier to understand that a lock-only key can be shared freely while an unlocking key has to be guarded.<p>Second, key exchange and storage has to be transparent to the user. The process can go something like:<p>1. User 1 clicks 'setup secure email with user2@domain.com'<p>2. User 2 receives 'user1@domain.com wants to setup secure email with you. y/n? (first make sure that this is really his/her email address)'<p>3. Based on the response, keys are automatically exchanged and stored.<p>4. Provide a 'compose secure email' option<p>5. When adding email recipients, the encryption happens automatically. Recipients with no keys are not allowed in secure mail, obviously.<p>6. The encrypted form is never displayed on screen. Only a lock icon.<p>7. On the receive end, a passphrase prompt is displayed when a secure mail is opened<p>Perhaps commercial/proprietary clients already do this, but none of the free ones I've tried are like this. So I'm stuck with using GPG with only with those who understand how the thing really works.
For two reasons: because it has a UX that hasn't changed meaningfully since the mid-1990s (GUI tools for GPG/PGP tend simply to wrap the command line UX), and because it presumes that the only reasonable way to use a tool like GPG is to exert fine-grained control over keys and identity.<p>Email needs to be encrypted opportunistically, without user intervention. GPG could do this; it could generate semi-ephemeral keys as needed and use key continuity, like OTR, to figure out which keys were kosher for which addresses.<p>Instead, GPG exposes to its users the metaphor of a "key ring" with different kinds of keys and key signatures. That model works for people like me, who use it to secure corp-to-corp communications where I have very specific and fussy requirements for whose keys I'm interacting with. But it doesn't work for end-users at all.<p>Someone should write a secure-by-default email client that uses the OpenPGP message format and is compatible with GPG, but that ignores the intended GPG security model entirely.
I use GPG quite often but there are many annoying issues:<p>- Lacking GPG support on iOS devices, the available apps are not integrated with Mail.app (iOS).<p>- GPG support on OS X devices is usable with Mail.app and GPG Tools ((<a href="https://gpgtools.org/" rel="nofollow">https://gpgtools.org/</a>) but encrypted mails are not searchable. I use folders etc. but it is still often a pain do browse manually through mail after mail until you find the one you've been looking for …<p>- Webmail, for example Gmail or Outlook.com, and GPG don't fit together well – if at all.<p>- The public keychain is not made for use on more than one device, i.e., it's not sync-ready.<p>- Key verification is bothersome, i.e., you have to attend key signing parties etc.<p>- There are political issues, e.g., should you upload your keys to key server? If so, with or without signatures? If you upload signatures, you create not only a web of trust but you also expose at least parts of your address book.<p>- Key servers store long invalid keys and there is no way to remove such keys. The PGP.com key server removes keys if you don't confirm them by mail from time to time. On the other hand, the PGP.com key server only accepts one key per mail address.<p>- Etc.
People cannot use Gmail without help. People have trouble editing wikipedia. People misunderstand some simple concepts.<p>Even people who have taken the time to install and use PGP, and who seem to want privacy, make weird mistakes such as <i>"Messages encrypted to public keys, to passwords and passphrases, and PGP messages not encrypted at all!"</i><p><a href="http://ritter.vg/blog-deanonymizing_amm.html" rel="nofollow">http://ritter.vg/blog-deanonymizing_amm.html</a><p>Usability of Security: A Case Study of PGP 5.0 User Interface <a href="http://reports-archive.adm.cs.cmu.edu/anon/1998/abstracts/98-155.html" rel="nofollow">http://reports-archive.adm.cs.cmu.edu/anon/1998/abstracts/98...</a><p>"Why Johnny Can't Encrypt" <a href="http://www.cs.berkeley.edu/~tygar/papers/Why_Johnny_Cant_Encrypt/OReilly.pdf" rel="nofollow">http://www.cs.berkeley.edu/~tygar/papers/Why_Johnny_Cant_Enc...</a>
Even Phil Zimmermann, PGP's creator, says it's too hard to use:<p><i>“I hardly ever run PGP. When people send me PGP encrypted mail I have to go through a lot of trouble to decrypt it. If it’s coming from a stranger, I’ll say please re-send this in plain text, which probably raises their eyebrows.“</i><p><a href="http://www.forbes.com/sites/parmyolson/2013/08/09/e-mails-big-privacy-problem-qa-with-silent-circle-co-founder-phil-zimmermann/" rel="nofollow">http://www.forbes.com/sites/parmyolson/2013/08/09/e-mails-bi...</a>
The average user has no idea just how broken email is w.r.t. the concept of secure and private communication. Google's entire business is built on this broad ignorance. So for that matter is the the internet ecosystem in general if you expand the concept of use of data to include tracking of site access patterns, etc.<p>Moreover, it's certainly not in SV's vested interests (regardless of recent protestations to the contrary by google, facebook, etc) to see secure mail become the standard, and by extension to broadly educate and move the consuming public to a mindset of security first.<p>All of that said, the average end-user is/would be befuddled figuring out the use of shared pub keys, the web of trust concept, and in moreover, PKI in the bigger picture.<p>And even if you could get broad use of pgp going for message payload privacy/security, you don't solve the problem of metadata if you are using the current email protocol.<p>It's long past time for a new persistent messaging protocol that addresses metadata leakage and payload security comprehensively. There are people working on this now. Hopefully that will drive some positive steps forward on this issue.
In my experience it is mostly due to annoyance. PGP is seamless until someone tries to check their mail on their friend's computer and discovers that encryption <i>works as intended</i>. Then all of a sudden they start begging you <i>not</i> to send them encrypted messages.<p>I have yet to see any other reason for why PGP is not even used by people for whom it would be easy. Even within the security and cryptography research communities it is rarely used.<p>The solution to this particular problem is to have smartcards; while we are at it, we should also use smartcards for authentication, so that when you sit down at your friend's computer you plug in a smartcard to log in <i>and</i> to read your messages. Unfortunately that means we need to deploy a bunch of new infrastructure, and I would not count on any help from governments or from the tech community (which is largely monetized by violating user privacy).
Huh, I don't see what I would have considered the obvious answer among what's already been said.<p>So, to me, the obvious answer is that if you want to use PGP, you first have to make everyone you intend to communicate with also use PGP. That's an obvious no-go. <i>I</i> would be happy to set it up, but what good would that do me?
Even if you know what you are doing and really must get some secure document to someone then it is far from straightforward. First you need to get the key. Then you need to get that key onto a computer that you believe is not already compromised. Anything running Windows can be assumed to be less than secure. Whatever happens there will be some hoops to go through to get that key, your secret document and some program to spit out whatever it is you are to send.<p>Then the fun really starts. You send your message, other party claims it could not be opened. So you go through the hoops again and re-send. At this stage you have probably changed a word or two in your source document. But that does not bother you because you are new to this. You send again. Another reply comes back - 'sorry mate...' - so you send again, probably introducing a few more edits.<p>Then you never hear back from them ever again. As it turns out you have been man-in-the-middled and those requests for a re-send were purely in the expectation that you would change your message slightly. This provides the 'crib' needed to open your message without knowing the key by our friends in Gloucestershire.<p>Where did my tin foil go?
1) Most people haven't had a need for it. Till now.
2) Encryption is difficult concept for even technical people.
3) Commercial PGP costs too much. Building a quality PKI system for an organization costs more
4) GPG is a pain to use
5) Encryption has been discouraged by the government, companies and users.
I'm using PGP with all my friends, as well as we have secured our normal SMTP transport with SMTPS and SSL certificate pinning. So everything is now double encrypted. Of course PGP key finger prints as well as SMTPS SSL fingerprints have been verified using alternate communication channel & personal verification. Many people think that SMTP is problematic, but SMTPS with certpin is actually quite good. Messages are only delivered over secure encrypted channel, and only to server which got right SSL cert. So even fake CA attacks won't help in this case, you'll need to have cert with exactly right fingerprint. Uh, yeah, don't use MD5 fingerprints.
Without meaning to detract from some of the excellent explanations in this thread, I should add that it sounds like you're approaching this as if it were mostly a technical problem when as far as I can tell it is mostly a social problem. Social problems are harder than coming up with a tool to make it understandable, although I strongly suspect that's also not as easy as you think it is. The failure modes, corner cases, and generally making it robust to someone who Just Doesn't Get it are what kill you, not the happy path of a user who does roughly what they ought.<p>Setting aside the social problems of explaining cryptography <i>and</i> generating a network effect, most people assume their communications are not worth listening to. "If they want to listen to/read my mom drone on, they're welcome to it!" Or they assume it happens to "someone else."<p>I'd expect that most people -- rationally and correctly, I might add -- conclude that it's unlikely to happen to them in any way relevant to their experience.<p>Anything you suggest has to overcome that inertia. Facebook was a value-add. Cryptography's value-add is subjectively nil and possibly negative (whoops laptop stolen lost my keys) if you don't see the benefit in the first place.
Most people don't care enough to put up with the mild to moderate inconvenience and learning curve. It really <i>isn't</i> a big deal if the NSA reads <i>my</i> email most of the time. None of it is interesting enough to them to actually show it to a human. Of course, that attitude being widespread means it's easy for the NSA to spy on people in situations where it might have a big impact on politics.
PGP is great. Everybody in tech has the skills to use it. But for non tech people it is still to difficult. But since the NSA affairs many crypto parties happened, specially in Germany. On this crypto parties tech people are teaching non tech people how to crypt emails with PGP. I think that is a good start and I hope we will see more crypto parties in future.
I have taught PGP, find that at least some communities are increasingly interested in it, and hope more people will use it, though I think the forward secrecy issue alone shows the value of trying to replace it with a more modern design.<p>I think the logistical and conceptual parts of key exchange and verification are probably the most difficult for new PGP users. There are some ideas to make this more convenient; I know people who've produced some nice educational materials, and a colleague has a nice idea for making key exchange faster and easier among people on a LAN.<p>But I think the biggest obstacle in the long run may be just how fond many Internet users have become so fond of webmail and of being able to read their e-mail from any device. Having to use one particular desktop e-mail client on one particular machine to read encrypted e-mail is normal to me but may seem like a huge sacrifice if that's not what you're used to.
I think as long as PGP or any encryption is an add-on to internet apps like email and the web, it's doomed for general adaptation and for effectiveness.<p>It needs to be a fundamental part of the individual apps' (email, web, etc) specs, or more ideally part of the underlying internet (tcp?) that apps are built on.
Because its too easy to not use it. HTTPS has widespread adoption because end-users don't need to supply any cognitive resources to make the leap - until PGP occurs with the same simplicity it'll never see adoption amongst the commoners.
The ease of use has to approach at least Skype level (and even then you'll exclude a wide swath of users who don't know how Skype works).<p>There's an old joke about Unix to the effect of "it's not user unfriendly; it's actively user hostile". Likewise, many aspects of PGP, E.G. key generation and management, web of trust, public key validation and keeping the private key secure that is utterly befuddling for the vast majority of people. This, despite the fact that it's one of the most accessible avenues for secure communication we have right now.<p>If people have things that are easier to use securely, more people will be secure.
I think one problem that's mostly overlooked is the difficulty of getting people to use desktop email clients. Particularly in my younger generation, we've grown up with webmail, and switching to desktop clients is a major switch.<p>I've also always found them to be very difficult to configure. I use one SMTP server on campus, and need to use my ISP's SMTP server elsewhere? What if I'm on public wifi? And how do I authenticate on that server when my credentials are from someone else? How do I get Gmail to play nicely with my folders?<p>PGP, in contrast, was not hard to set up.
I wonder if some of the usability frustrations would be eased if people adopted the convention of having a secure-only email address, where the only email it accepts is encrypted email. It probably would be easy to set it to bounce/delete any non-encrypted email. Maybe only check it using a separate email client. Traffic would be low so searching wouldn't be such a hassle. Use your other email address for receiving insecure email (and tell everyone that by default, their email addresses are insecure).
Root cause: Usability. It's difficult to quickly set up. But there are (at least) two components to this:<p>1. Portability. How do I manage keys across my computers, phones & tablets?<p>2. Ease of use. What do I do to set this up? Most common clients don't support PGP out of the box. Even once plugins are added, they are complicated to use.<p>As a result, no one uses it. So, if you want to start, you need to convince your friends/colleagues to also use it.<p>I've recently started signing email from my home computer as a hint to others to do the same. So far no takers.
Users don't do security, all of this should happen automatically in the background.<p>When you hit send, a shared key should be negotiated with the recipient before your text leaves your box, without you really knowing it.<p>The key could silently be negotiated on top of the same protocol through automatically generated emails containing key setup information in headers (but empty "body" fields).<p>Specs for those key negotiation headers could easily go in an RFC, and systems that don't speak the language could then be shamed as noncompliant.
OpenPGP end-to-end encryption has to be done client-side, and the keys have to be stored client-side. This is hard to do given the current trend of using webmails. Besides, using OpenPGP means that you have to store a copy of your key on all the machines that you use to check email, and people usually do not know how to do this without entrusting a third party (Google, Dropbox, Apple, etc.) with the information.
It's a pain in the ass, thats why. It's hard to explain and it's hard to implement. And don't forget about mobile: If your locked down phone is compromised (and I wouldn't assume it's not), then even if you have PGP running you can forget about security.<p>Heck, even your desktop can be completely compromised. I think there's a big chance it is. If not by the NSA then by some malware.
It's fairly easy to get a good working PGP system on OSX - Symantec makes it obscure to get but it works well, at least for file encryption with options available in the Finder menu.<p><a href="https://www4.symantec.com/Vrt/offer?a_id=109355" rel="nofollow">https://www4.symantec.com/Vrt/offer?a_id=109355</a><p>No need to pay - you just need to go through the rigmarole of getting a trial registration.
The answer is Usability. It's a pain in the butt for someone like my Mom, Dad or most of my Friends to setup. Most digital security measures have a pretty high usability tax. I used to build out PKI systems and that was a nightmare to build correctly. It was costly to setup, develop and maintain, but it was secure.
I will put it SIMPLY. The AVERAGE user hasn't a clue about things this complex nor that it even exists. It needs to come packaged as a fully functioning part of the email clients and be as transparent to them as the send button is when your email client having that SMTP conversation with your mail server.
For the same reason why we don't exercise or always follow healthy eating habits:<p><a href="https://en.wikipedia.org/wiki/Default_effect_%28psychology%29" rel="nofollow">https://en.wikipedia.org/wiki/Default_effect_%28psychology%2...</a>
I like Sneak's Law: Most users cannot or will not securely manage key material (<a href="http://www.youtube.com/watch?v=9k4GP3Evh9c" rel="nofollow">http://www.youtube.com/watch?v=9k4GP3Evh9c</a> @ 23:00).
Where I work they recently rolled out a policy that all laptops must be protected by PGP. We are not a small company and that update was pushed out with a few minor inconveniences but for me, I do not even notice its there.
a) 99.9% of the population does not give a shit. oh great, now you're reading my emails with boring, meaningless stuff in them. exciting!<p>b) google would LOVE it. no more context sensitive ads. let's shut down free gmail then.<p>c) a and b intersect - if you're using gmail or ANY other big webmail provider, you just. don't. care.
1. You don't get it integrated with your applications like browser, email software, text editor or spreadsheet by default. This leads to network effect in reverse. if you are only person to use it within your circles, signing and encrypting data and messages you send to others can't be done.<p>2. Encryption is extra risk for your data. If you lose the keys, you lose the data. People are bad at backing up their data, why they would be better at managing their keys? Being sloppy with your keys means that somebody can impersonate you with more credibility (what if banks would accepting PGP singed orders in email)<p>3. Value from widely used PGP happens mostly in society level. Encrypting any particular piece of data has negative expected value in most cases.<p>4. Using PGP requires understanding the basic concepts and using it well is not that easy (lots of pest practices). People don't know any of this stuff. Even public and private key is far out concept for most people.