OpenPGP encryption and signing in Gmail

Google’s Ease-of-Use Email Encryption Project E2Email Goes Open Source

It looks like Google have been attempting to tackle a longstanding bug-bear of many people, the un-intuitive nature of personal email encryption.

I conceptually at least, really like PGP and have made a few attempts to get my social circle (some of whom might have the chops to hack it, so to speak) to adopt, but aside from spurious commentary about the why, it’s usually the lack of simple ‘just works‘ tools which have let me down.

There has been a bit of noise, for example:

about the E2Email project which promises a simple Chrome application, an easy to use (hopefully) Gmail client that exchanges OpenPGP mail.

I know it’s not pure GnuPG or PGP, but all the same this is quite an interesting development from Google and seems like maybe finally some weight in the ring in attempting to improve usability of email encryption.

I haven’t set up a build of this repo yet, so I’ll be interested to see what happens, and how useable it is in current form.

If you’re interested in encryption facilities inside Gmail, this could be worth following.

Vulnerability Blindness

With the very recent revelation of code in Juniper software allowing decryption of ‘secure’ VPN traffic, I am wondering if, and how long it will be before the number of security issues being reported creates acceptance through just sheer blindness, i.e everyone loses their ability to be outraged, offended or concerned. Will we end up with the equivalent of a shoulder-shrug and ‘that’s just how it is’ with regard to our security?

The Juniper incidents are reported by Ars Technica and on the Juniper Forums, but they are far from the only company uncovering software vulnerabilities, just the latest to flow past me.

It feels likely that the more security outrages that are reported, the more people will become acclimatised to the idea that nothing is secure.

I guess it would be the similar to the mere exposure effect,  what I am imagining is a sort of familiarity which leads us to gloss over todays privacy concerns, there is another way to express this, ‘security desensitisation‘.