The state of secure, encrypted messaging

Everyone should have an expectation of being able to communicate with someone else in a verifiably secure manner. I have a particular fascination with secure communications and encryption and I’ve spent a lot of time thinking through my own pragmatic approach to secure messaging.

This is my write up of the current state of things as I’ve found it.

E-mail encryption & PGP

E-mail seems to be considered a secure way to communicate but it is actually about as safe as sending a postcard in the mail, despite it being used for all sorts of private and confidential communications.

Progress has been made with major providers encrypting mail in transit, but once it reaches your inbox, the message is still open to the provider or anyone who might gain access to your mail account.

Sensitive files, personal information and discussions many would want to keep secret are stored in inboxes, often indefinitely. If you use a free email service, your emails are scanned for advertising.

The solution is encryption, and PGP is the standard. However, there are a multitude of problems that make PGP unworkable:

• The security model itself relies on the security of the keys. If the keys become compromised, all past messages can be decrypted i.e. It has no forward secrecy.
• Managing keys is a hassle — you have to very careful with your private key. Storing them in the cloud…