This will NOT be a political post. Over the last few years, the world has gone insane. It has become obvious, at least to me, that people are using more and more technology that don’t have a clue how it works. Governments, companies, and hackers are enjoying this, as many people don’t understand what data is stored where, and how that data is handled or secured. Many people are willing to give up all of their privacy just to play a game (if you don’t believe this, take a look at how many of the freemium games on your phone “require” you to either be connected and/or have location tracking turned on). A whole generation of consumers have given up on the whole idea of privacy online.
I was listening to a security podcast recently and they discussed the idea that we’ve all become overwhelmed with our own security requirements. Many people have just given up on trying to stay up to date on their security and privacy settings. When was the last time you have checked your Facebook security and privacy settings. Companies, like Facebook, assert the right to change their settings and defaults at any time, and as such just keeping up with those changes could be a full time job.
By default, email is inherently an insecure protocol on the internet. In order to route email between end points the meta data is not corrected. So you already give up privacy on who you are sending email to. Most email users will not change their settings to actually encrypt their email content.
Over the years, I have used PGP encryption in my emails. PGP is an example of public key encryption, which will allow you to encrypt the email content and ensure the receiver that the email has not been changed in transit, as well as ensure that it actually came from you. However, for some reason, every time I upgrade my operating system my PGP tool fails, as they must be hooked into the OS land thereby lag in compatibility. This is an unacceptable outcome for the average consumer.
I believe we need to change the fundemantal architecture for email to make encryption, security and privacy the default setting. It may take another 10 years or more to migrate the web to this architecture, as we have the problem with defaults – most people don’t change them. What do you think?