eric haller

firing up encryption again

seven or eight years ago i went through a phase where i was pretty interested in encryption. a bunch of my computer-using friends and i started using PGP to secure our email. it makes sense: when you send an email, it is sent in plain text, just the same as if you were to send a postcard in snail mail. it passes through a bunch of  servers on its way from your computer to the intended recipient’s, with the opportunity to be read by anyone administrating those machines.
most of us stopped using encryption regularly because it became a bit of a pain in the ass. pgp morphed into a commercial product, and the freeware version is no longer available. unless both parties to a message have access to the same method of encoding and decoding the email (i.e. they are running the same or compatible software), then the encryption is worthless. the general thinking was that the sheer volume of email on the internet almost certainly ensured that noone would be reading our email.
fast forward to today. all these headlines about the bush administration illegally using the NSA to datamine phone and email traffic has caused me to rethink encryption. for a vast majority of my email, it wouldn’t bother me if it was posted in a public directory somewhere on the internet. but thinking about my behavior and assumptions, i have become lulled into a sense that even if there is a message that i regard as sensitive, i send it anyhow almost certain that noone else will read it. i have forgotten what i once knew.

so…i am looking into the best solution for encrypting my email. like i said, it is only effective if everyone is using the same method to encode/decode, so i guess i will need to encourage everyone with whom i correspond to start firing up encryption as well. so PGP is out, because there is just no way that i can convince most people that they need to BUY a product to secure their email.

so far i have enabled my .mac certificate (that is used to scramble ichat traffic) in mail.app. but this is an imperfect solution because it only covers my friends who are .mac users with .mac certificates. next, i think i will have to try setting up S/MIME in mail.app, but the key here is how to make this process easy for other users. i may be able to work through that 3 page article on macdev setting up my own system, but how am i going to get my mom to do it?

there has to be a simpler way. am i missing it?

Posted

in

by

eric

Tags:

Comments

8 responses to “firing up encryption again”

  1. Jondi Avatar
    Jondi

    I wonder if the very act of using encryption will be a flag for NSA to initiate other forms of surveillance …

  2. K Avatar
    K

    I wonder if the very discussion about your public contemplation to use encryption will be cause enough for a flag? Dude. You’re hosed.

  3. eric Avatar
    eric

    yeah i wonder the same thing as both of you. it’s not so much that i am worried about being surveilled as this whole thing has gotten me thinking once again about the “sending postcards” security of email. but it sucks that all three of us are wondering the same thing….

  4. Bret Avatar
    Bret

    Taliban Jihad encryption George Bush Google index

    have fun dog!

  5. eric Avatar
    eric

    that’s lame bret.

  6. halle Avatar
    halle

    piss on the fire

  7. halle Avatar
    halle

    I think that in this day and age hand-delivered written notes beat any sort of encryption hands down. 😉

  8. gimaha Avatar
    gimaha

    How about some soup cans and a string?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.