Sloppy's Journal: The Mom Test

Out of the blue, I got an email from my mom. She's been corresponding with someone about some sensitive things, and asked how to encrypt her emails.

My writeup is 9 paragraphs long. *sigh* There's so way she's really going to be able to do all that without me eventually going over there.

This is on Mac OS X. Sheesh. A Unix that doesn't come with gpg out-of-the-box, and the preloaded mailer (mail.app) needs a hard-to-maintain 3rd-party hack just to get basic functionality: you call this "just works?"

I don't wanna turn this into a specifically-Apple flame (I know of another high-marketshare desktop OS maker that also makes some pretty shitty apps), so I'll just make this generic comment: mail encryption is a very fundamental thing and it's ridiculous for it to not be built into all desktops. That's like a web browser that can't talk https. The howto I sent to my mom should have been about key exchange issues, not installing plugins. It's a disgrace for any mailer to not have this. This kind of shit is half the reason crypto goes unused by so many people. It's a pain in the ass not just because of the complex concepts (e.g. learning how to exchange keys safely) but because the most highly-deployed apps don't even work as-is.

Really?

[Tet]

I confess, my girlfriend has asked me to set up encryption for her email, and even the obsolete MUA we use (exmh) has support for encrypting messages, albeit in a suboptimal way. I'd assumed that all the major players in the market would have it set up to be trivial to use out of the box. I guess I was wrong :-(