>Perhaps this will all change because before Snowden we were blissfully unaware

Every time I see this in regards to email, I'm puzzled. Carnivore was known about in the 90s. Then there was the AT&T Room 641A in the 200s. So I don't know how people were unaware that state level actors could tap connections and record email.

Second, for this threat model, just forcing and validating TLS on SMTP gets you pretty far, does it not? You're then mostly trusting your email provider. And without trusting them, we get into user-unfriendly stuff like not being able to forget your password. (Barring some sort of breakthrough ideas.)

Seriously, has there been any good proposals that provide strong privacy (say, no one but the user can read the message) but aren't complicated or require users to do things they aren't gonna do: validate keys? PGPFone and ZRTP are great because you already have an "out-of-band" key auth mechanism in place, and it's fairly straightforward to check.

My mom didn't know about Carnivore. I did because I worked at an ISP. My mom knows about Snowden. Thus the general public was blissfully unaware, now they are not.

Re: "You're then mostly trusting your email provider. And without trusting them, we get into user-unfriendly stuff like not being able to forget your password."

Nobody should trust their email provider if they are concerned about the privacy of their email. The Job To Be Done, by an email provider such as gmail/yahoo/hotmail is to act as a mail store, and mta. A user should be able to rely on a local MUA for confidentiality. Admittedly, that shifts the level of trust from the Email Provider to the provider of the MUA software and the Local Hardware, which is why things like OpenBSD/Linux and (hopefully not firmware-tweaked) commodity hardware is so important.

What your proposing is currently limited to people that are more-or-less OK putting up with PGP. For everyone and their mom to use encryption, features like "I forgot my password and now lost all my email" aren't acceptable. Nor are things like "I've got to make a separate, verified, out-of-band contact to verify that I've got the right key".

I'm hoping someone comes up with a breakthrough idea here, something fantastic that enables real privacy with no inconvenience. But in 20 years, there's been essentially zero progress on that front. All proposals either violate Most Users' required features, or boil down to offloading trust to the email provider.

I don't see any way to protect users against forgetting their encryption passphrase, or losing their private key, without offloading trust somewhere. Except for backups, anyway.

It can be very hard to know whether you have the right public key, especially for people that you know only from online activity. And it's not uncommon to find multiple unrevoked keys, with the same email address.

But check out https://keybase.io/mirimir. You can easily get a GnuPG key that signed proofs in my profile here, on GitHub, and on reddit. Also, the email address in my key is linked to a Gravatar that StackExchange and other sites use. So whoever I am, you can be confident that I control that GnuPG key.

> I don't see any way to protect users against forgetting their encryption passphrase, or losing their private key, without offloading trust somewhere.

Private keys are obviously an issue, but I don't really get why passwords are considered so important.

I like to use GPG when I can for communicating with people, but most of the things I put on it are less private than what you would get if you got my computer.

I don't think passwords protect you if the attacker can install a keylogger (correct me if I'm wrong), so anyone with hardware access or malware isn't going to be stopped. You are only protecting against people that can read files from your computer but not install hardware/software.

I think for the average user the password provides little extra security while having a high UI cost.

To be technically precise what makes 2FA easy to use is that all services are web-enabled and issue you a temporary-long-term token (ie a cookie with a session id).

If you had to open an app on your phone at each login you'd get crazy real fast :)

I do like your analogy tho. Digital music is a breeze to buy nowadays. Moxie seems to appear as covertly saying its misguided to donate money to GnuPG so that it finally gets good, because, you know, not-moxie-made.

The.. what was it called? Redphone? Whisper? and various other projects - while very cool - didnt achieve even as much popularity as GnuPG (which in itself is far from greatly useable).

I know of one tech that has a chance right now and thats U2F/Fido. It allows for building a framework (being GnuPG or otherwise) around it that's both secure and works for everyone. Why? Because fucking gmail supports it that why. It has nothing to do with the actual tech. It has to do with support. It has to do with my iphone, android, whatever, working with it seamlessly. It a lot to do with "slapping a GUI" at the right places.

You say "Redphone? Whisper? and various other projects - while very cool - didn't achieve even as much popularity as GnuPG"

The Axolotl protocol that was created for Whisper System's TextSecure is now used, by default, by Cyanogenmod (10 million users) and the Android version of WhatsApp (more than 500 million installs from the play store).

I'd say Moxie's tech has been pretty widely adopted.

When can I have a compatible FOSS desktop client? I don't do 100% of my communications from my phone, and I never will.

If you can't do it on desktop, you can't do it at all. Mainly because some of us have real work to do.

If the only "usable" implementation is on a hard-to-physically-secure mobile device that uses a tonne of different uncontrolled network access points a day -- that's not really an option now, is it?

I feel you're missing open whisper systems' target audience. If you've seen how regular people use computers, their phone is the most secure device a normal person owns. Not the most secure if you're worried about targeted attack, but the best place to put a dent in cheap dragnet surveillance :)

You won’t have that until someone takes the time to produce such a client.

Its like saying notepad is a popular because its installed with Windows.

Even if you ignore Whatsapp and Cyanogenmod, you have 500,000 - 1,000,000 Textsecure installs according to the Play Store. That is on order of magnitude more than the GPG estimate of 50,000. In less than 20 years.

> Surely we can figure out a way to make encrypted email nearly transparently easy with the major mail providers,

What, Gmail? Yahoo? They exist only because they can read your plain-text email and serve ads against it. Most people get their email through free webmail providers, who have every reason not to make encryption easy.