Email is not secure. Let’s stop fooling ourselves. Just because I use Gmail, and I’m using it over HTTPS does not mean that the email I send or receive is encrypted while being transmitted outside of Google’s network.
Inside Google’s network, even, the contents are not encrypted.1 So, why do we keep sending sensitive information through email, and why do our banks and mortgage brokers and HR departments keep asking for us to send our Social Security number, bank accounts, and other private details through email?
Is it because we are oblivious, naïve, or do we just not care? I suspect it’s a little of all three, but mainly it’s because encryption is hard, and the difficulty barrier keeps us from adopting it.
The alpha launch of Keybase has got me excited. It uses the public-key cryptography (a.k.a. PGP/GnuPG) model to identify yourself, prove your identity, and allow others to vouch for your identity. I hope it paves the way to making encryption easier for us all, from the technologically-skilled to the technologically-challenged.