I’ve been on a security kick and asking myself, why don’t more people protect their personal communications? Here’s the short list.
- It’s hard.
- Or it costs money.
- If it costs money, it’s still hard.
If you use a web-based service like ProtonMail it is actually pretty easy. It’s all built in. But God forbid you use Mac Mail, Outlook, or Thunderbird to bring in encryption certificates.
I’m pretty tech savvy, and I’ve played with email encryption before and it just is beyond the scope of most average computer users. People in corporate or government roles are most likely to use it, and then they have dedicated IT Departments to set it up. When I worked in the government it was as simple as pushing a padlock button in your email.
At home, not so much. First of all, I use Mac. And while it is possible to add certificates to your store for free it is all command line stuff and again, it is beyond the scope of most users. The solution is a program called GPGSuite but not only does it cost money, it seems to keep costing money as their upgrades cost money. Mac goes from Big Sur to Monterey……..you’re buying a new encryption Suite.
What’s a boy to do?
Thunderbird Mail is pretty much your Huckleberry here. It costs NOTHING to create and install certificates but I keep going back to this: It is beyond the scope of most average users.
Add Key in Thunderbird (click pic to enlarge)
So, if you want to encrypt emails on a Mac I strongly recommend using Thunderbird since it will get the job done for free.
Here’s what the creation of the key looks like. I use ECC as it is the current state of the art.
Create Key (click pic to enlarge)
GPGSuite seems to use RSA which I think is still pretty much the standard and they have something else called DSA but I don’t even know what that means.
So now you have a key, and then you select it in Thunderbird there are issues. Think of encrypted email as a woman with trust issues. Serious trust issues. You’re laughing because you’ve been there, right? You need to communicate with another user of encryption and you need their public key and you need to trust it. In other words, “you don’t know what you don’t know”. I guarantee the first few times you do this by emailing yourself on two encrypted accounts that you’ll foul it up.
Picture your mom or Aunt or somebody trying to configure this.
Here’s a real gotcha. Let’s say I have a laptop and a computer with Thunderbird on it. Now let’s say I set up email encryption on the laptop. If I create another key on the computer ……… it won’t decrypt it………because it is a different key. You have to use the same key, which means you need to export it, and import it. That also goes for “same computer, different email client”.
You need the same key in Thunderbird that you have in Mac Mail. Aye, yi, yi.
It’s really kind of complicated.
I’ll say this one more time. If you want to encrypt the OCCASIONAL email ………….. just set up a web based ProtonMail account. Done and done. But remember that other NON-Protonmail users have to have some kind of encryption set up. How smart are your friends?
It’s a sad state of affairs. Pretty Good Privacy (PGP) was invented in 1994. The way it is deployed is kind of sort of the same. It didn’t catch on then, and it won’t catch on now………UNTIL SOMEONE BUILDS IT IN FOR YOU.
Are you listening Windows or Mac or Linux? How about when you install the OS or buy the new computer, part of the routine is “Would you like to set up encryption certificates?” I mean they run you through an email account setup already, right? And then they make that as EASY AS POSSIBLE.
Something tells me they don’t want to make it as easy as possible.