Given most users' utter ignorance about any technical matter (a consequence of the intellectual laziness our age promotes IMHO), I think the only useful way to ensure this is to make it the default in any e-mail client. But this is still only half the way uphill -- it also means storage should also be secure, including remote ones like Gmail, or that users should become educated enough to stop using services that aren't.

The first one is unlikely to happen IMHO, as it would mean companies that depend on mining your e-mail, like Google, would basically have to stop doing it. The other one is even more unlikely to happen as it would require people to actually invest time in using computers, something which our society has constantly brainwashed to think they shouldn't do -- everything should be plug'n'play and trivial and just work out of the box. Heaven forbid you'd actually have to understand the whys and the hows.

Now that our decades-long dream of seeing everyone having access to a computer and to a vast network of information has finally come true, it doesn't look like such a beautiful dream anymore...

It isn't, of course.

The proportion of mail that is encrypted is the square of the proportion of email users who have encryption set up (assuming all email users are equally likely to mail any other user). So if 1% use encryption, only 0.01% of emails will be encrypted. If we want most mail to be encrypted we need 70% of people to use encryption. This means it has to be REALLY EASY TO SET UP AND USE.

Ideally, when someone buys a PC/phone/tablet, and uses it to communicate with others, it should do strong encryption out of the box, so that the user would have to take explicit steps to not encrypt.

Most of these devices run software controlled by Microsoft, Apple or Google, all of which are deeply implicated with the NSA. So it's futile to expect that they will willingly protect their users' privacy. Therefore the next best thing is to write software that once installed will be really easy to use, that is to say in normal operation it will take no effort at all to use (zero user interface).

Huh? I can only assume that the other isn’t referring to S/MIME or PGP, etc., but to encryption of transport and/or storage. Or maybe they are limiting their consideration to web based email?

That assumption is based on decades of PKI experience: unless every message is encrypted and signed, by default, without user action, and somehow (notice the hand waving) users are automatically enrolled in a seamless, invisible, low friction, key management system, encrypted email is just too complicated for most people.

There are so many moving parts, from getting a certificate, be it PGP or X.509 or something else, to having a working email client with encryption, to knowing that everyone else does, to deciding whether or not every email should be cleartext, signed, encrypted, or encrypted and signed.

I’ve taught this stuff and it is surprising how many people think a signed email has some level of confidentiality protection just because it isn’t readable text anymore (clear-signed aside).

The reason that web clients don’t offer encryption or signature is most likely because it is a support nightmare.

We’ve known HOW to do this stuff from a technical perspective for decades. What we have yet to figure out is how to make the UX acceptable or elegant or pleasant or seamless.

I disagree. Encryption, done correctly, maintains the secrecy of the message.

> Your email messages themselves may be encrypted but the addresses and other metadata -- who you converse with, when, and how often -- is completely open.

Absolutely true, but this is a secondary issue that requires a combination of technical and political solutions.

> In addition, email encryption does nothing to protect your text messages, web browsing, ftp transfers, skype calls etc.

Right. But there are other solutions to these problems.

Security requires a layered approach. There's no way to protect all communications with a single solution, given our current systems.

How exactly is it ridiculous? I understand that email leaks metadata like a sieve, but the contents of emails can still be secured via encryption.

> (and ProtonMail's business model is effectively built on a marketing lie/false advertising),

No arguments here. They provide a web app to encrypt your emails, making the user trust the server for "end-to-end" encryption, this rendering it useless.

It's not because the big 3 (Apple, Google and Microsoft) do not want you to encrypt your email, so they can use it for data mining. If 70% of their gmail users used encryption, I'm sure they'd be turning the service subscription only or (as it's customary for G) shut it down.

So, if you need encryption you have use an external "add-on".

The problem of secure email is solved, it's just not pushed as a standard because:

a) Users don't understand they're being tracked (or don't care)

b) It's not promoted (actually it's being demoted) by industry leaders

The fact that H. Clinton and her equip didn't use GPG is appalling, doesn't make sense. This group of people had big stakes on the privacy of their communications, they went as far as setting up a mail server and forgot to apply encryption? I just don't get it.

What makes you think that's not being done now?

That's exactly what anti-encryptionists would want.

This is already happening, which is why I disagree with your messaging: I don't think the way you attack it will fix it, because the people this post will resonate with already (generally) agree with you. But I digress...

I view encrypted email as services like PM/Posteo/whatever paranoia induced flavor of the week fits here. I don't know anybody who tries to use encrypted email straight up - I think the era of running your own mailbox is gone so I don't particularly count it for anything. If you do it yourself, it's a shitshow; if you're on one of those services it "just works".

You can shake the shoulders all you want, but people use email, and people look for the easy win. "Encrypted email" is easier for the average person to latch on to than the UI/UX most secure tooling has right now (a problem even you've noted: https://news.ycombinator.com/item?id=21897173). It's very telling that nothing has dethroned it yet.

Given that, I welcome these marginal improvements while something better is built. These things shouldn't be around in ten years, they're bridges. Email simply has an annoyingly odd usability bar to clear, and nothing is really close to that right now.

If I had to make a dumb analogy, it's like Objective-C and Swift: it's very, very clear that Swift is the future; inherent advantages abound, and much more difficult to shoot yourself in the foot with... but in lieu of Swift, I'd still sooner write Objective-C over straight C, warts and all.

I'm not optimistic. We still have an Internet on which it's basically impossible for a non-expert user to reliably send or read encrypted email.

Yea we have that, it's called STARTTLS. If the keys arent only held by the user then there really isn't any end-to-end encryption. It's just the same as SSL.

What? If Alice encrypts an email to Bob, using Bob's PGP key on her laptop, then it doesn't matter how many MTAs that email passes through, the email stays encrypted at every hop.

> it could wind up being archived to tape

I guess you're saying that an encrypted email could travel through a provider that keeps a copy of it in the hopes that quantum computers will one day be cheaply available enough that they can crack the private key and read the email.

That seems expensive (and illegal) for a company to do just on a whim (assuming the sender and recipient are periodically deleting old emails), and I'd like to think that a judge would turn down a request for a warrant that covers data that won't be readable for a decade or more.

This approach requires too much diligence for most cases: people will forget to switch to the encrypted system, they won’t have a key / it’s expired because they don’t use it regularly, the software will remain horrible because nobody uses it, etc. Encryption needs to be enabled and usable by default if you don’t want a regular stream of human error.

Well, since everybody is using Gmail or Office365 anyway, encrypted email is kind of pointless, no?

This sentence implies to me that under the current system, sites need cryptography, because sending login information in plaintext is not secure enough.

...and that the solution is to use email, because we already treat it as if it's secure.

...even though it sends the data in plaintext.

Okay, so most end-users probably accesses their email via https these days, but it's a (potentially) long journey from the website to the email provider's server.

Is any of that server-to-server journey ever encrypted? I'm no expert, but my impression has always been that it's not.

Encrypted email with PGP doesn't give you data-at-rest encryption, though. See https://efail.de ... or the fact that forward secrecy was not a design consideration when it was designed in 1990.

> Most people don't need to fear for their lives if a single message leaks, but that doesn't mean they want plaintext copies of everything cached all over the place for who knows how long either.

This is the heart of the argument. You need to treat email (encrypted, or not) as if there are copies cached all over the place forever. You should assume that about any email you send (again, encrypted or not). This is why it's called security LARPing ... if your argument is simply "I don't want people reading my stuff, it's private"... well, no one cares about your emails. But the moment they do start caring, they can go back and read all of your emails, encrypted or not.

I would think that most HN users would be willing to encrypt their email, but know they can't convince their friends/family/etc to do so. Encryption takes two to tango.

That is the case for all encryption vulnerabilities, and it seems a little strange that you keep pointing this out. Of COURSE the attackers need access to the encrypted text; the entire point of encryption is because we want to protect our data when someone else has access to it.

If we thought an attacker getting their hands on our encrypted email was not something to worry about, we wouldn't encrypt our emails at all. Why do you keep making that point?

I agree.

> But this is still only half the way uphill -- it also means storage should also be secure

That would be ideal. But even without that, something useful has been done since it is practical for the NSA/GCHQ to read all internet traffic, it is not pratical fro them to burgle everyone's house.

If PCs come with encryption as standard, it needs to be a steganographic file system, with multiple keys revealing different sets of files and with the number of possible keys being very large. Otherwise, an adversary could simply use rubber hose techniques to get the information.

> including remote ones like Gmail

Gmail represents a single point of failure and is thus always going to be attractive to an adversary. Anything stored unencrypted on gmail, Google Drive, or equivalent -- one should assume the NSA can read it.

> The first one is unlikely to happen IMHO, as it would mean companies that depend on mining your e-mail, like Google, would basically have to stop doing it.

You're right in that gmail's business model is basically anti-privacy. We need to convince people to use local email software not store their email on a remote website (such as gmail).

> The other one is even more unlikely to happen as it would require people to actually invest time in using computers

You're right, because it's impossible to have a zero-user interface filesystem encryption (since people need to type in their password).

> something which our society has constantly brainwashed to think they shouldn't do -- everything should be plug'n'play and trivial and just work out of the box.

There's certainly an element of truth to this.

> Now that our decades-long dream of seeing everyone having access to a computer and to a vast network of information has finally come true, it doesn't look like such a beautiful dream anymore...

Computers can be the biggest tool for freedom and empowerment ever invented, or the biggest tool for coercion and oppression. I believe this will be one of the biggest political issues of our times.