TedPage: PGP Works Fine

This might be a little bit of a rant, but I'm tired of companies trying to get me to receive my statements online. Mostly because that's not what they're doing. They're going to send me an e-mail with a link to their website, which has my statement on it. This takes the control from my hands to theirs. If they make a mistake they can "fix it" online, and I have no record of that change. There is no snapshot in time to which I can refer, and that is not acceptable.

I don't believe that this is their motivation, I think they want to save money on processing and stamps. And, the reason that they don't send me my statement by e-mail is that everyone knows e-mail is insecure. Which is true, except that there are solutions to this problem, namely PGP.

Whether you're using GPG or PGP Corp.'s version, PGP is pretty easy to use today. Signing messages is usually just a menu item, and so is encrypting the message. Usually e-mail you receive is checked automatically as it comes in, giving you a thumbs up or down on the mail's authenticity. They aren't difficult for users to use anymore, what is needed now is an education campaign.

I can see the ad now:

Person 1: Why did you send me a virus?
Person 2: I didn't send you a virus. Someone else sent you a virus.
Person 1: The e-mail is from you, it's from your e-mail address.
Person 2: I did not send you that virus. Someone else sent it.
Person 1: Did they hack your account?
Person 2: No, they used my e-mail address.
Person 1: How did they do that? How do I know a message is from you?
Voice over guy talking about how great PGP is.

Of course, the remaining problem is webmail. Webmail has become popular, because you can check your e-mail anywhere, on any computer. If you were required to have your keys with you, your e-mail would be less portable. And, giving your keys to your webmail provider is kinda defeating the point of having them at all, right? Yes, for the case of sending bank statements, but no from the perspective on signing messages. GMail or Yahoo! could still have messages signed from a key that they generate when you create the account, just to verify authenticity. And they could check incoming mail to the public keys available. This would be a huge step in bringing encrypted e-mail to the public conscious. And, I don't think people wouldn't mind the restriction of only reading their bank statements at home.

posted Nov 11, 2005 | permanent link

TedPage: PGP Works Fine

All images and content are Copyright © Ted Gould 2000-2022 unless otherwise noted. Content is CC-BY-SA if not owned by another party or otherwise marked.

All images and content are Copyright © Ted Gould 2000-2022 unless otherwise noted.
Content is CC-BY-SA if not owned by another party or otherwise marked.