Indeed, Yahoo, Hotmail, and Gmail could get the ball rolling here completely transparently to users and with relative ease, thereby preventing thousands of phishing attacks in the process. If they did, then webmail would suddenly become useful for talking to banks, stockbrokers, foreign dissidents, avoiding craigslist scams, etc. etc.. But not only have Gmail et al not implemented any features like these, but they've not even uttered a peep as to why.
OK, I'll bite. :) I belong the camp which says Gmail's lack of encryption is "conspicuous".
Look at Ubuntu: they're constantly improving the user experience of encrypted home directories. In the latest release, this is as simple as checking a box during account creation (it creates the keys under the hood and uses your login password as the passphrase for the data key etc).
Also re: gmail has "no secure way". I read the white paper written by your company on the problems with encryption and javascript. AFAIK, if all traffic is exchanged only over SSL, I don't see any reason why encryption can't be done in Gmail in javascript (unless you're going invoke quality of the random number generators of browsers).
Here's an UX I can think of: (1) generate key pairs in the background in the browser for all gmail users. (2) transparently use this to encrypt to users within gmail.
Start from there. Then add the ability to import keys of contacts.
Its feasibility is dubious. Its UX complexity is immense (the comparison to encrypted home directories is tellingly unfair --- if that's the best example of end-user-visible encryption gou can come up with, &c &c). Nobody is asking for it. Few would use it. No other major email vendor does it. You find its absence "conspicuous"?
Hey tptacek, I know you must busy, it's late in the night etc. But it doesn't seem like you really responded to my points: you just seem to be repeating your original assertion that (paraphrasing) "it's too difficult".
What aspect of the UX I described do you think is confusing? In the step 0 that I proposed (encryption only within gmail), there is virtually NO UX.
Wrt "nobody is asking for it". Then why is ubuntu/windows adding the feature to encrypt dirs? Btw, at a company I worked, they were rolling out SSL certificates to sign email. So I don't agree that "nobody is asking for it".
Wrt your point about the comparison being "unfair": I don't think anybody disputes that the "usual" way of doing public-key encryption (rigs of trust etc) is too complex. At the same time, I remember the past when encrypting data dirs was an immense chore. If that UX could be improved, why not the email encryption UX?
Go ahead and work on it! You have my blessing. The problem of encrypting a home directory is nothing like the problem of implementing a secure, persistent, long-term group messaging system that has to scale up to the entire world.
Demand is what's holding back encrypted email. Nobody cares about it.
I think it's actually a chicken-and-egg problem. The people who care a lot about it can't have it because they need to communicate with everyone else, the people who care a little don't want to bother with using encryption for some contacts and no encryption for others, and the people who don't know and/or don't care don't get any of the benefits.
I think two things would make a big difference: 1. marketing end-to-end e-mail encryption as an anti-spam measure, and 2. someone who cares a lot about it implementing an end-to-end, non-government-controllable system that's undeniably easy to use, then releases it for free and gets all the major e-mail platforms to adopt it (obviously much easier said than done).
Your mom couldn't recognize that a message was "verified" as having come from her Doctor?
Or click the "encrypt" box (which causes Gmail to determine whether it knows the public key of every one of an email's recipients).
Or click the "sign" box, to add her signature to the email before it sends?
Sure, sometimes Gmail would have to say "this email cannot be encrypted because of insufficient information about recipient X". But if anything this might lead to more people using large email providers.
Sure, consumers don't know that they want PGP. But when they suddenly discover that can trust that all their messages are seen by only a particular recipient, and that they'll always be able to tell when a message is or isn't from their coworker, they'll quickly start insisting on it the added security.
Have you ever used PGP for a prolonged period with a changing group of people also using it? I'm inclined to think that someone who'd write a comment like this hasn't. But I could be wrong!
Virtually every intra-company mail I send or receive is PGP-encrypted (we're getting to be a fairly big company by HN standards, too). I assure you: my mom could not deal with PGP's (constantly evident) corner cases. How could I possibly think it's a credible solution for the whole world?
Dunno if by PGP you literally mean the PGP/GPG toolkits or something else. I think most of us agree that PGP/GPG suite is too difficult to use.
What are the challenges with using public-key encryption with a changing group of people? Key exchange? Remember we're in a more-centralized, always-connected world now wrt email than we were in 1995 (remember offline email writing?). The problem should be simpler now if anything.
People have false notions about their email and web traffic in general. The closest previous analogy is shipping packages and letters. There're laws preventing USPS from snooping. People seem to reasonably assuming that that's the case with electronic letters too.
And nobody in the mainstream is disabusing of this notion (encryption is mostly shown as being used by terrorists and swindlers). When they become aware of how naked their communications really are, they'll learn how to cope with encryption (including your mom :)).
No, I haven't used PGP extensively, but my reasons for not doing so (as probably with everyone else) have had to do with the fact that no one else uses it and it hasn't been cleanly incorporated into existing online identity frameworks.
I'm imagining that the webmail providers could implement it piecemeal, and though I'm speculating here, I think this slightly-less-secure-than-complete-PGP approach would address a lot of the problems you're referring to (I'd be eager to hear why you disagree, though!). Corner cases should only be a problem if the approach is all-or-none, right? And if done properly, a piecemeal PGP implementation would still be more secure than no implementation at all.
From the user's/your-mom's perspective:
a) conversation threads would be kept separate from each other depending on whether or not they were secure
b) some messages would be signed, explaining what is known about the sender and why (e.g. "this message has been verified as originating from xx@gg.com", or "message is known to have come from John Smith at 2nd National Bank, with email address xx@gg.com", or even "John Smith, with the following verified profile".
c) some messages would be encrypted, telling the user "this message was securely sent to you, and person X, and person Y, by xx@gg.com."
d) when a user sends a message it would default to the most secure mechanism that all of the conversation participants allow, given what it knows about the recipient
Even if Gmail was the only provider that implemented this, especially given two-factor authentication, users would immediately get secure conversations at least in conversations that included only other Gmail users, which would go a long way to dealing with the fact that it's the lack of other people using PGP that makes adopting PGP kind of pointless.
Given that Google provides webmail to many universities and businesses, implementing PGP would immediately turn on secure and verified communication within those organizations: the benefits of PGP there would be instant and enormous: identity verification, timestamps, and signatures are the only reasons people still shuffle paper around. No more clumsy and expensive university-stamped transcripts; no more running around trying to find people to get their signature; no more running signed documents between various offices, etc.
Furthermore, your mom might already use Facebook (or another social website) and if so is already experiencing the benefits of verified identity and higher-trust communication. On fb you have absolute confidence that you're actually posting to friend X's wall; and when you're messaged by friend X you're absolutely sure it's X (unless someone gained access to X's account). This implies that similar such UI-based cues could be used for webmail, no?
Indeed, one could characterize part of the success of facebook (and other social networks) in terms of identity verification: you know that information posted by person X has actually been posted by person X (vulnerabilities notwithstanding); you know that what you post will not be seen by people whom you don't want to see it; you know when person X posts on your wall that it was actually the X-that-you-know and not some other one or a fraud; you know by virtue of X's existing relationships to your other friends that it's the X-you-know rather than someone else.
Ultimately, I think Google hasn't implemented PGP, in spite of all the incredible benefits, because it doesn't want to encourage its users to be more private. Is this evil?
tl;dr partial PGP implementation on webmail would avoid corner case problems while providing huge benefits to millions of people and organizations
If you can't even explain what the system would appear to do from a user's perspective in less than (hold a sec...) 11 paragraphs, I don't think you get to call Google "evil" for not doing it.
Indeed, Yahoo, Hotmail, and Gmail could get the ball rolling here completely transparently to users and with relative ease, thereby preventing thousands of phishing attacks in the process. If they did, then webmail would suddenly become useful for talking to banks, stockbrokers, foreign dissidents, avoiding craigslist scams, etc. etc.. But not only have Gmail et al not implemented any features like these, but they've not even uttered a peep as to why.
Their silence here is conspicuous.