PGP, a pretty good new year's resolution.

First published: Linkedin on November 10, 2016

But why wait until then? No, really...

You may think that encryption is difficult or it is a hassle... and well, to be honest, it does take a bit of effort to get started.

But once it is a habit, you wonder how you ever went without it.

There are lots of encryption schemes and variations, but I want to talk to you about PGP. If you feel the desperate urge to be this guy/gal, then you are not my target audience and I do invite you to send me an email with the arguments that show me the errors of my ways. I will repent.

If, however you are an encryption virgin and do not want to be bothered with too many technical details, please read on, you are my target audience.

I chose PGP because it is libre open source and because there are many ways to integrate it in your workflow.

Why use PGP (email encryption)?

Well, I could write up a big story on governments spying on you and despot power and so on, but, whilst these things may be true, this is not the main reason you really should use encryption.

The following are, I think, quite compelling reasons to use encryption in their own right:

  • All email you send is stored at intermediate stations (your mail client, the outgoing mail server, some relay server, the receiving relay server, the receiving mail server, the receivers' mail client). That is a lot of places where copies of your messages are stored. If any of these places is compromised (hacked, a disgruntled employee works there or an employee with lousy ethics) then your messages are there for the world to see.
  • Remembering passwords (especially if you have to change them every month because of corporate rules) is not everyone's favorite pass-time. So people tend to cut corners a bit and choose something simple, thinking 'Hey, how will they guess I used <somepassword> here? Nobody would be that daft!'. And then, in the highly unanticipated event of someone guessing that password, all the emails can be downloaded from the server and read (or wiki-leaked... you know).
  • You may want to save emails on a portable storage device (USB-Stick, your NAS, an SD-Card). And of course you will keep it safe and will not lose it. At least the first couple of weeks. Then the storage device becomes less and less important in your mind and... where did you put it?

So, yeah, just for those cases alone (I am not even talking about corporate espionage or blackmailing or the fact that you can verify your identity by signing messages) it would be a good idea to get into the encryption game.

To get started you can follow the instructions in this excellent Lifehacker article, or go directly to Enigmail for ThunderbirdGPGTools for Apple MailMailvelope if you want a webmail based solution (GMail, Outlook.com, Yahoo! Mail, GMX, etc.) or have a look at these email clients. For Zimbra there is a PGP Zimlet.

It really is not that hard and it will take you a bit of time only once, after that, make it a habit and you can really make a dent in all of this snooping and stealing business.