Although written in 1999, this article still has a very good, very pragmatic, way of saying why "ordinary people" should "ordinarily" use encryption in their regular every-day personal and business affairs . . .

http://www.actionamerica.org/privacy/encrypt.html

Enjoy.

The great argument against email encryption, and the reason I don't use it, is that it only works if two people agree to use it between them, and both install the necessary software. I use email mostly for exchanging casual information with friends, none of whom are technically minded, or for mailing lists.

Yes, anytime you want to communicate securely (and/or verifiably) with someone else, you have to make appropriate preparations. But many e-mail clients (on all systems) support the S/MIME standard out-of-the-box, and GPG with a simple plug-in. Once set up, however, the process is entirely transparent.

Believe me, you quickly get used to seeing that confirmation that this-or-that e-mail is authentic ... especially when, one day, you stumble upon a perfectly convincing-looking forgery.

Hi...

Thanks for posting this. It's a good idea, yes, but in my opinon (from my experiments learning how to use PGP mail,) It's pretty cumbersome with it's public and private key requirements. I don't think most folks are going to want to have to deal with all that. That's why I don't choose to use it. Encrypted mail services, such as Proton Mail, make this process a bit easier but from what I have read, it's not as secure as using PGP. Hopefully, a way is developed that can make this super easy for folks but as secure as PGP.

Regards...

If you tender the message "in the clear," then somebody's got it besides you and the intended receiver.

The S/MIME standard is also a standard, and a good one. Many mail clients support it natively.

Of course I do not send every message encrypted. But, when talking to certain people (such as my spouse or my attorney), everything is encrypted as a matter of routine. And, point being, "it is 'routine.'" The mail client simply looks at the contact that I'm sending to, and sees that I have set it to encrypt that message.

I always digitally sign my emails, and I have certain contacts marked as "a valid signature is expected from this party." If a message comes in from that person and it is not signed, I am immediately warned.

And, yes, I have received an intentionally-forged email. The forger had no way to know that the message was supposed to be signed, and, if he did, of course had no way to do so. The lack of signature was the immediate first warning that the message might be fake. I encrypted the message and forwarded it back to the party, who immediately disclaimed it. And, now being warned that our communications was being eavesdropped-upon, we switched all future exchanges to full encryption.

It baffles me why people are so routinely careful about security with regard to web pages, but they do not pay the slightest bit of attention to e-mails, where they might well discuss very sensitive things. And which they "accept as valid upon-receipt, 'by eye only,'" even though there is no reason for them to do so.

Possibly the NSA, at the very least?

Which is very wise, I would agree.

Perhaps a lot of folks out there think their emails are inherently secure to begin with, it would be interesting to take a survey of folks to see what they really think about emailing and privacy.

Regards...

As a matter of practical necessity, "letters" are routinely sealed in "envelopes." When you receive the letter, you (of course) find that ... at least, since the mid 1940's ... the letter therein has not been "steamed open" and "scissored."

It still baffles me to receive, say, "a message from Southwest Airlines," that is not "as a matter of course, digitally signed by Southwest Airlines." Likewise, it baffles me that "the ubiquitous Google® Mail" has never implemented digital-signature validation as a "perfectly routine(!)" part of their service. (They at one time offered encrypted mail, but took it out.)

I would have thought that, very(!) long ago, at least digital signing of e-mail messages would have become "a fairly compulsory business practice."