Encryption is the best way to protect your online communications from the prying eyes of the National Security Agency. So says NSA whistleblower Edward Snowden.
The rub is that email encryption systems like PGP — short for Pretty Good Privacy — are a real pain for people to use, especially if they're not steeped in the minutiae of computing. That means few people use PGP, and those who do are in danger of using it incorrectly. But it looks like Google is trying to change that. According to Venture Beat, the search giant working to create a new version of Gmail that makes PGP encryption far easier to use.
Google didn't respond to our request for comment on the story, and even if the rumors are true, the company is facing an extremely difficult task. But it's in a better position to take encryption mainstream than anyone else, and such a project is just what the web needs.
The State of Crypto
PGP, first released in 1991, uses a form of encryption known as public-key cryptography. This means that if you use PGP, you create two encryption "keys," which are basically big chunks of random numbers and letters that email software programs can use to scramble and descramble your messages. Your "public key" is what other people use to encrypt messages they send to you. That's freely available to the world at large. Then there's your "private key," which lets you decipher these encrypted messages. Using your PGP keys, you can also "sign" a message to prove to someone that it was sent by you.
PGP is remarkably hard to crack, but it's also hard to use in the correct way. Researchers at Carnegie Mellon University published a paper in 1999 showing that most people couldn't figure out how to sign and encrypt messages using the current version of PGP. Eight years later, another group of Carnegie Mellon researchers published a follow-up paper saying that, although a newer version of PGP made it easy to decrypt messages, most people still struggled with encrypting and signing messages, finding and verifying other people's public encryption keys, and sharing their own keys.
The easiest way to use PGP today is probably a plugin available for both Firefox and Chrome called Mailvelope. It makes it pretty easy to create a PGP key pair and decrypt messages, but there are some limitations. First, you need to download the plugin and either create new PGP keys or import existing ones. And the plugin and your keys will need to be installed on every computer that you plan to use.
And when you get it installed on all your machine, it doesn't always play nicely with a tool like Gmail. Instead of just letting you type your message in Gmail's own "New Message" interface, Mailvelope opens a separate window for you to type in, then sends the encrypted text back into Gmail. Mailvelope developer Thomas Oberndörfer tells us the plug-in does this because it's impossible to know whether Google will save an unencrytped copy of your text while you're typing. "That means all private data like message content and keys have to be completely isolated from Gmail," he says.
Google, Mailpile, and the Rest
Since Snowden revealed so many of the ways that the NSA is eavesdropping on our online communications, several projects that try to solve such problems. Mailpile, for instance, is an open source e-mail client built from the ground up to handle encryption. The idea is that by being a core part of the application, rather than a plugin, the user experience will be much better. But although the Mailpile team is working hard to reproduce as many of Gmail's features as possible — such as a fast search system and a conversation view — there's always a question of whether normal users can be convinced to download the software to begin with.
Meanwhile, a new company called Keybase.io is trying to make it easier to find and verify other people's public keys by tying them to Twitter profiles, personal websites and GitHub accounts to verify identities.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.3