Not necessarily. We would just need a standard protocol for handling encrypted webmail, and then universal browser implementation for that protocol. Like maybe you wrap the output in <encrypted></encrypted> tags, and then browsers know how to interpret the tags and have access to the private keys. Google already syncs settings and extensions with your chrome profile, so if you trusted Google to do it, they could even sync your private keys. If you didn't trust Google, then we'd just need to figure out a different way to get access to your keys if you want to access your webmail away from your own computer.

Of course, then mail clients and mobile devices would need to support the same form of encryption as what the web browsers are using. That's the biggest issue: developing a standard for handling these things that everyone can agree on, and that everyone will implement. We already know how to do this. We're just not doing it.

usa really needs to sort out it's "it's ok to enable crime to catch criminals" policies. it's fucking stupid and most of the rest of the world considers such acts criminal anyways..

note that no such work "needed to be done". it served no purpose for the USA even.

"Experts"="Con artists with a vested interest in taking money from schmucks" in this case.

Been that way since the 1890s, and the invention of the stock ticker. Computers may be faster, but it has been a VERY long time since the stock market was connected to reality.

Yep, that's right- they're autocratic job creators!

So in other words, you're fine with discrimination and separating people into groups based on race and sexual orientation. Thanks for being just another unthinking, uncritical heterophobe.

IIRC Apple doesn't get your encryption keys in their system. I don't remember exactly how it works, but I remember reading that the encryption is from one endpoint to the other, and Apple doesn't actually have the ability to decrypt the message in transit. Now you could complain that they might have put in a back door. Well sure. That's possible with any closed source software-- and really even with FOSS software that hasn't been audited by someone you trust.

Well it really really depends. If you think that security is binary-- either "secure" or "not secure"-- then you grossly misunderstand the issue. Even if Apple can read your messages, which I could be wrong about but I believe they officially say that they can't, I would still trust Apple with a lot more information than I would trust the Internet are large. It's not locking your car to keep the valet out, it's asking the valet to lock your car once he's parked it.

And besides, as I've said, I don't really care about Apple. I'm not saying, "Don't encrypt your email! Just use Apple's Messenger instead because it's way better and secure!" I'm saying that if you want people to encrypt their email, look at what Apple's done as a possible model for how to accomplish that, because they succeeded in making it an easy process.

Yeah, kind of my point in saying, "Only if you assume that Apple is a burglar don't trust them with anything." There's levels of trust. I've given Apple my credit card before, and I trust that they're not going to charge me for anything that I didn't buy. Therefore, if I were going to send credit card information over the internet, I'd prefer to use their encryption over nothing.

But again, this isn't about Apple. I have no problem with you distrusting Apple. Still, you're going to have to trust someone sometime. You trust Mozilla? Fine, then let them implement an encryption scheme as simple for users to work with as Apple's is. I'd be perfectly happy with that.

If it hasn't come through in our discussions, my preference is for there to be improvements to be made to email, according to open standards that can be implemented by Mozilla, Apple, Google, and everyone else, that make encryption dead-simple. The fact is, email could stand to be improved in many ways, but it won't be anytime soon because you have Apple running off and doing it their own way, Google running off and doing it their own way, and Mozilla allowing you to install a plugin that calls another application that most people don't have installed, which then allows you to run a wizard, that dumps out a key, that needs to be backed up in some unspecified way or you lose all of your email, which also renders your email unreadable anywhere else.

Yes. And I'm an IT guy, and I'll tell you that an awful lot of people would have trouble with those directions even if they wanted to follow them. For your average person, they'd have to install Thunderbird, GPG, and Enigmail-- and with that, you've already lost 90% of users. You haven't even gotten to dealing with the encryption keys, but give those instructions to most people and they'll say, "But can't I just use the Internet?" by which they mean, they would rather use webmail than install 3 applications. They won't even understand what those 3 applications are. You can forget about Linux.

Plus, let's say they follow those directions and encrypt all of their email in Thunderbird. Now they're traveling and they want to read their email in webmail. Uh oh. It looks all weird. No problem, they'll just access it on their iPhone-- but it looks like gibberish there too!

Sorry, it's not going to work like this. It needs to be much much easier than this.

The post I replied to was claiming 1400km a charge from L-Ion and an additional 1600 from this new system.

Then why did you say they are largely self maintain?

"That plastic 'ore"?! I don't think that Katie Price is for sale at the moment...

It makes more sense than not encrypting your messages at all. Actually it's dramatically changing the sort of problem that you're dealing with. If you really just don't trust Apple at all, then I get it. Don't use their products at all, because they could have put in NSA backdoors to everything, so use FOSS.

But my point wasn't that we should trust Apple. My point was that Apple managed to create an encryption scheme for messaging that results in every message being encrypted, without the user being expected to do special configuration and key management, and it's baked into their software by default. If Apple can do it, why can't someone else?

For starters, if we want GPG to be the default for encryption, why can't we have thunderbolt built in such a way that it includes GPG, Enigmail, and everything else? Why not have the default setup prompt to set up encryption, generating keys or restoring them if they don't already exist? And what's your plan to standardizing backup/recovery of keys?

Fine, don't trust Apple, but then build your own system that's at least as good.

Only if you assume that Apple is a burglar, in which case, don't trust them with anything. But in reality, it's just too much of a big deal to not trust anyone with anything. I put my money in a bank, even knowing it's possible for them to make unethical use of my banking records. I store my email on Gmail. I store my website with my web host. I accept SSL certificates from certificate authorities. I buy my phone from Apple and my laptop from Lenovo. There could be hardware chips built in by the manufacturers that are logging my keys. Realistically what am I going to do if I don't trust anyone? Even when I use Linux, I'm still trusting people. I didn't do a code audit myself.

You can use the same encryption scheme for encrypting anything.

Not necessarily. You just need to make key management easy. I know people are going to get angry every time I bring up Apple, but OSX can store certificates/keys in the keyring, which can then be backed up to iCloud. Don't trust Apple if you like, but my point is that it's not impossible to make the whole thing much more automatic, safe, and easy for normal users.