Lately, I've been running my MUA with e-mail configured to encrypt e-mail by default.
This has the side-effect that whenever I want to e-mail somebody who does not have a PGP/GPG key, or has not given me his/her key, I have to go nag them. Otherwise, I have to keep unticking the "Encrypt Message" box, or make an exception in my configuration specifically for that particular person (or mail list, as the case may be). It also means that, since I'm basically forcing people to get into the habit of reading encrypted messages, more people will have their e-mail client configured correctly and are more likely to also send encrypted e-mail (or at least help make it socially acceptable). Since running with this setup, I haven't really had many complaints. After all, if somebody didn't want to receive encrypted e-mail they simply won't have a public key for me to encrypt a message with. I have discovered that some people are quite happy to try using GPG encryption regularly, but have never had a strong motivation to do so (possibly due to not knowing anyone else who might be interested), and also may not have participated in any key-signing, which would perhaps lessen its usefulness. The only complaint I've heard of so far has come from people who (perhaps not exclusively) use the GMail web interface, who apparently can still use GPG in text fields with browser extensions, but lose the ability to search through existing encrypted email. I don't actually feel too bad about this (see below), but am not sure what the correct response to this problem is (given that the people in question seem big Google fans and are generally reluctant to give it up). On the flip side, I'm conscious that Google could very well be (and probably is) building up a profile on me, even without owning a Google account. If I'm exchanging unencrypted e-mails with enough people who use GMail or Google Apps (without GPG encryption), it would not make much difference who controls my e-mail server. I'm also conscious that it's absolutely not in Google's best interests to support GPG, or any other type of encryption that they cannot decrypt - official GPG support from Google for any e-mail interfaces it provides will not be forthcoming. Since I imagine a lot of people interested in free software would also be big on privacy, I would like to know what other people here think of the idea of leaving GPG encryption on by default. Does anyone practise it? Is there any good reason why we shouldn't? -Adam
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
