Neil Turner's Blog

Blogging about technology and randomness since 2002

The user experience of email encryption

Matt Haughey has written about the poor user experience provided by email encryption. And in doing so he hits the nail on the head:

I’ve often heard prominent computer scientists lament the low uptake of email encryption — that in the age of many gigahertz machines we still send plain text to each other (usually) over non-secure connections. Every couple years, just for the sake of my personal freedom and curiosity, I make an attempt to try and use encryption for a few days. Every time I do this, I am disappointed.

Late last year, I installed GnuPG and Enigmail again to see if the experience would be much better than last time. It certainly has improved, but it’s got a long way to go. A newbie user would struggle to even follow these step-by-step instructions and it involves lost of commands in a command prompt window which really end users should not have to do. Even if you follow these instructions to the book, you will only have GnuPG set up for email – to use it for verifying and encrypting files or the clipboard contents you need to download other programs like WinPT and GPGee as well, and configure them. It’s a lot of work and not a whole lot of benefit, really. It’s a bit different with PGP as the interface is much better, but PGP is now a commercial product.
Someone needs to come up with some kind of security suite for Windows, which integrates with all common email programs (Outlook, Outlook Express, Thunderbird and Eudora) and also Internet Explorer and Firefox, and provides a common user interface for working with GnuPG. There should be wizards for key generation and any complicated tasks and seamless integration with Windows Explorer, too. Is that so much to ask?

5 Comments

  1. I find Enigmail good. It’s strange…

  2. Take a look at Izemail (windows only)
    According to download.com.
    ” Encrypt and sign your e-mail messages, just by pressing the Send button in your e-mail program with Izemail. No need to exchange encryption keys or certificates, no need to go through complex enrollment procedures. The program allows you to send an encrypted and signed message, and all you need to know is their e-mail address. This program uses widespread standards for e-mail encryption such as S/MIME and PKI, making it compatible with any technology that supports S/MIME or PKI. It can read, decrypt and verify messages sent by these other systems. This program takes your message, encrypts it and delivers it to the recipient. If recipient doesn’t already have an encryption key, the program makes sure they get one. Also, the software can use X.509 certificates issued by any CA that complies with PKI standards. It does not require you to use Izemail certificates.”

  3. a small businessman, I just wanted a cheap, quick and effective encryption solution. I had tried a bunch, but I just bought the new MessageLock application. It’s a symetric key product, no “special reader” is required by the receiver. I just type in a password and go. Authentication isn’t that important to me, but then again, for my use if an email comes in encrypted, thats good enough for me. The url for a MessageLock trial is http://www.encryptomatic.com. I think messagelock.com also works.
    Keep it up,

  4. Try Keygloo at http://www.keygloo.com. It works with Gmail, Hotmail, Yahoo mail, Lycos mail, Rediff mail and Outlook Express interoperably. It is easy to install and use. Support for more e-mail services are on the way.

  5. Encryption is really only difficult in Windows. Enigmail or other easy to use GUI’s are installed by default in virtually all modern Linux, BSD or other free operating systems. They’re all pretty much point, click, type a passphrase & go!