Encrypted Email is far from user friendly

May 25th 2022 on Dušan's blog


Let us start with a basic assumption. Unencrypted email is bad, unquestionably so. It can easily be modified and inspected in transit as it makes its way through multiple Mail Transfer Agents (MTAs for short) to your inbox. The only way to ensure your communication stays private, safe from prying eyes and bad actors, is to encrypt it. Unfortunately, this process is non-trivial for most people.

The why of it all

Let us further assess the requirements for a secure, end2end encrypted communication between two parties. As is tradition, we'll call them Alice and Bob.

Suppose Alice wants to send Bob some financial documents, something of critical importance to her business. Here's what she has to do.

Additionally Bob must do all of the above if he's to communicate with Alice.

I'm sure you get the picture. The sheer amount of steps and their complexity prevents this technology from seeing adoption. When did we start requiring our users to understand the implementation details of our software?

It's ridiculous if you think about it. Cryptography is very complex, even at a rudimentary level. There's no way a non-technical person could feasibly do all of the above without prior training.

And we so desperately need this technology to gain traction. Privacy shouldn't be reserved to technical people only. It's our fundamental right as people. And yet, most people don't bother just because of how difficult it is.

Possible solution?

What's to be done here then? I suppose we could somehow manage the keys for the users, but even that's not enough. Thunderbird has the right idea with its semi-automatic approach of set it and forget it key management, it's a step in the right direction.

The much more tricky question is how do we implement this everywhere, if that's even a viable thing to do.

I'm always happy to hear your thoughts on the topic.