Why instructions are not enough for promoting email encryption
![](/var/linux_magazin/storage/images/online/blogs/off-the-beat-bruce-byfield-s-blog/318120-13-eng-US/Off-the-Beat-Bruce-Byfield-s-Blog.png)
Off the Beat: Bruce Byfield's Blog
The Free Software Foundation (FSF) took a step in the right direction when it recently released Email Self-Defense, a guide to encrypting email using Enigmail and GNUPG. More screen shots might improve it, but on the whole it's a clear and well-organized explanation of a topic that puzzles even some intermediate users. I suspect, however, that to get people to encrypt email is not so much a matter of releasing clear instructions -- many of which already exist -- as a matter of overcoming deeply embedded attitudes.
Admittedly, privacy and personal security have become popular topics in the media over the last couple of years. However, to conclude from this popularity that people actually want to learn how to protect themselves may be too large a leap. For over two decades, the media has published stories about the dangers of computing -- often with gaping inaccuracies. These stories are rarely calls to action -- instead, they seem designed to reinforce the impression of computers and the Internet as scary technologies. If anything, these stories discourage action, because they make casual users believe that computers and the Internet are far too dangerous and complicated for them to tinker with them.
Yet even if casual users can be convinced that they can act to protect themselves, convincing them that they need to do so remains difficult. The perception is still widespread that only crackers, stalkers, and such people need worry about loss of privacy. The idea that there are many classes of people who need privacy for legitimate reasons -- for example, whistle-blowers or women being stalked -- is only slowly being accepted at best. The Nym Wars over Google+'s insistence on real names or registered aliases, and Facebook's seemingly endless erosion of its users' privacy are constantly reported, yet have done little to drive users away from such sites.
Which brings up another point: If asked to choose between convenience and security, too many users will pick convenience every time. I first made this observation when I helped neighbors to set up passwords and limited accounts, only to find that they had undone my changes after a week, but it seems to hold true in other instances, too. No matter how clear the instructions are or how intuitive the interface becomes, encrypting email may not catch on simply because it requires extra steps. Even if the encryption takes less than thirty seconds, that is still about twenty-nine seconds too long to feel convenient to many users.
Given current attitudes, a very real chance exists that encrypted email will be seen as simply too complicated to become widely used. The FSF has chosen a relatively simple method using Thunderbird, but not everyone uses Thunderbird or will switch to it for the sake of security, and setting up encryption on other email readers can be much more difficult.
In the end, encryption is very much like the email services of about a decade ago that limited email to those on a white list. The setup and daily use of these services soon proved more than people wanted to bother with, and in a year or two most of the services disappeared, made extinct due to a lack of interest.
What this means is that clear instructions, as praiseworthy as they are, cannot be enough. For the FSF's campaign to succeed, it needs to be supported by people with some understanding of the difference between casual users and hardcore geeks. It needs to convince people that simply a belief in privacy is enough to justify the use of encryption, that encryption is necessary and carries no stigma. And while it is busy changing people's minds, it needs to convince email client projects that encryption should be no more difficult than running a spell-check. Spreading clear instructions, which apparently is the next step in the FSF's campaign, seems not nearly enough -- no matter how well-crafted the instructions.
Advocating encryption, it strikes me, is comparable to being an anti-smoking activist in the 1990s: with considerable effort, you can bring about the change you advocate, but you have to be prepared for years of efforts to change people's minds. Without this effort, all the instructions in the world will not be enough to make encryption routine.
comments powered by DisqusSubscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
![Learn More](https://www.linux-magazine.com/var/linux_magazin/storage/images/media/linux-magazine-eng-us/images/misc/learn-more/834592-1-eng-US/Learn-More_medium.png)
News
-
NVIDIA Released Driver for Upcoming NVIDIA 560 GPU for Linux
Not only has NVIDIA released the driver for its upcoming CPU series, it's the first release that defaults to using open-source GPU kernel modules.
-
OpenMandriva Lx 24.07 Released
If you’re into rolling release Linux distributions, OpenMandriva ROME has a new snapshot with a new kernel.
-
Kernel 6.10 Available for General Usage
Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.
-
TUXEDO Computers Releases InfinityBook Pro 14 Gen9 Laptop
Sporting either AMD or Intel CPUs, the TUXEDO InfinityBook Pro 14 is an extremely compact, lightweight, sturdy powerhouse.
-
Google Extends Support for Linux Kernels Used for Android
Because the LTS Linux kernel releases are so important to Android, Google has decided to extend the support period beyond that offered by the kernel development team.
-
Linux Mint 22 Stable Delayed
If you're anxious about getting your hands on the stable release of Linux Mint 22, it looks as if you're going to have to wait a bit longer.
-
Nitrux 3.5.1 Available for Install
The latest version of the immutable, systemd-free distribution includes an updated kernel and NVIDIA driver.
-
Debian 12.6 Released with Plenty of Bug Fixes and Updates
The sixth update to Debian "Bookworm" is all about security mitigations and making adjustments for some "serious problems."
-
Canonical Offers 12-Year LTS for Open Source Docker Images
Canonical is expanding its LTS offering to reach beyond the DEB packages with a new distro-less Docker image.
-
Plasma Desktop 6.1 Released with Several Enhancements
If you're a fan of Plasma Desktop, you should be excited about this new point release.