Stories
Slash Boxes
Comments

SoylentNews is people

Why Johnny Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client

posted by martyb on Sunday November 08 2015, @02:06PM   Printer-friendly
from the Wbuaal-qbrf-abg-rira-haqrefgnaq-EBG13 dept.

Phoenix666 writes:

This paper presents the results of a laboratory study involving Mailvelope, a modern PGP client that integrates tightly with existing webmail providers. In our study, we brought in pairs of participants and had them attempt to use Mailvelope to communicate with each other. Our results shown that more than a decade and a half after "Why Johnny Can't Encrypt," modern PGP tools are still unusable for the masses. We finish with a discussion of pain points encountered using Mailvelope, and discuss what might be done to address them in future PGP systems.

The PDF of the study can be found here.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Why Johnny Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client | Log In/Create an Account | Top | 69 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by maxwell demon on Sunday November 08 2015, @02:27PM

    by maxwell demon (1608) on Sunday November 08 2015, @02:27PM (#260349) Journal

    The paper suggests an automatic mail to the recipient what he has to do to receive encrypted mail. That's a very bad idea for several reasons:

    • There's no way the system can know what languages the recipient speaks. OK, they could provide code that analyses the email body and guesses the language based on it. But even then, that language may be misidentified; especially if the correct language is not known to the system, and there's one similar enough for the algorithm to choose, but different enough that the recipient won't understand
    • There's no way the system can know how the recipient reads his mail. He may use a web mail interface. Or he may use any of the many local email clients on any on the many operating systems. A description of how to install Mailvelope on gmail will not help someone who reads his mail using Outlook Express under Windows. Adding the description of how to install it to Outlook will not help the user of Thunderbird. Or whatever is the default/most common mail client on the Mac. Or on Android. Or on iOS. Note that even the mail address won't tell you much, as the mail address might just be forwarded to another mail account.
    • Finally, and most importantly, it they can't manage to explain the necessary actions to the one sending the mail, someone who has at least put enough thought into it to get to this point, how do they expect to adequately explain it to the recipient who might up to that point not even have heard about email encryption?
    --
    The Tao of math: The numbers you can count are not the real numbers.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by frojack on Sunday November 08 2015, @03:00PM

    by frojack (1554) on Sunday November 08 2015, @03:00PM (#260360) Journal

    Language selection is a part of every operating system and has been since the Pleistocene. Every application can get the current language.

    What has language got to do with encryption ?

    --
    No, you are mistaken. I've always had this sig.

    • (Score: 2) by maxwell demon on Sunday November 08 2015, @03:38PM

      by maxwell demon (1608) on Sunday November 08 2015, @03:38PM (#260369) Journal

      OK, so you say the software should hack into the recipients computer in order to find out the recipient's language settings, in order to find out in what language the recipient will understand the instructions? Not to mention that you cannot tell the recipient's computer from the email address.

      Maybe you first read before you answer.

      --
      The Tao of math: The numbers you can count are not the real numbers.

      • (Score: 2) by frojack on Sunday November 08 2015, @04:07PM

        by frojack (1554) on Sunday November 08 2015, @04:07PM (#260376) Journal

        The sender's computer need know nothing about the recipient computer in order to use encryption.
        There is no need for instructions, since the email clients figure it out for the user.

        --
        No, you are mistaken. I've always had this sig.

        • (Score: 2) by maxwell demon on Sunday November 08 2015, @05:54PM

          by maxwell demon (1608) on Sunday November 08 2015, @05:54PM (#260417) Journal

          The recipient computer needs to have the software installed to be able to decrypt.

          Did you actually read the article? Or at least the section I refer to?

          --
          The Tao of math: The numbers you can count are not the real numbers.

          • (Score: 3, Informative) by frojack on Sunday November 08 2015, @06:30PM

            by frojack (1554) on Sunday November 08 2015, @06:30PM (#260428) Journal

            And if you were able to send to them, the recipientsalready had their key published, which they wouldn't do if they had no software installed to decrypt. Therefore, that is another Non-Problem

            (You can not send encrypted email to someone who has never set up a private/public key pair. The tools won't let you do that.)

            Seriously, they picked a lame package, that none of the participants was familiar with.

            --
            No, you are mistaken. I've always had this sig.

  • (Score: 1, Insightful) by Anonymous Coward on Sunday November 08 2015, @04:21PM

    by Anonymous Coward on Sunday November 08 2015, @04:21PM (#260383)

    Most likely the person who is sending the e-mail knows the language spoken by the recipient.