#enlocked

When Google does anything, people notice. So, last week when they announced plans to release a chrome plugin that would allow access to PGP encryption / decryption from inside the Gmail web client, it seemed everyone was pretty quick to hail it as a major step forward in email privacy.

While Google is to be commended for bringing to market a way to protect users’ digital communications from prying eyes – as long as its Chrome plugin is used and the sender and receiver use Gmail – the company, with all its technological heft, missed the mark on the elements that have slowed broad adoption of PGP encryption/decryption… it’s too complicated. PGP has been a solid encrypton technology for two decades. However, throughout those twenty+ years there have been two consequential impediments to broader use:

Key management – users must create keys, share their public keys, obtain the keys of people they want to send to, copy these keys to various devices they want to use for sending / reading email, etc.

Ensuring recipients can successfully and easily read messages, on whatever system and software they are using for their email, including mobile devices

[Note: for interesting background on these issues, and other long-term challenges with PGP usability, see the peer-reviewed and often cited paper "Why Johnny Can't Encrypt", or the follow-on "Why Johnny Still Can't Encrypt"]

Nothing in what Google announced with End-To-End helps with the first issue. Further, while Google would like to see everyone use Gmail, running in a Chrome browser, the Company ignores the reality that email will continue to operate in a multi-platform infrastructure (with back-ends based on Exchange, Yahoo, AOL, national / regional ISPs, etc.; and, accessed by iPhones, Android tablets, Outlook, and a range of web browsers). As a result, this plugin won’t change a thing.

The widespread adoption of email encryption requires an approach that solves these two critical issues. The team at Enlocked has spent a lot of time developing a solution that let’s you send emails to anyone without needing to exchange keys first, and without having to worry about what the recipients use to read their email. It’s simple, secure, and it works today.

Over the last month we completed the roll out a major new release of Enlocked across all of our supported platforms...  the new release is the result of a significant engineering effort, and is built on an entirely new architecture.

The question some of our loyal users might ask is, why?

And the answer to that for them -- and for anyone new to Enlocked who may be looking for a secure way to send private email communications -- is that things changed a lot in the world of privacy over the last year.

When we first created Enlocked, the idea was to make email encryption easy enough for anyone to use, across all their devices.  There were plenty of complex things out there, which required installing software, exchanging keys, and didn't work across mobile devices.... but the complexity of email encryption has prevented widespread adoption for decades.  The reviews of the original Enlocked showed that we did achieve our ease of use goals.

But, there was always a trade off.  In order to make it simple, we did some things that required users to trust us with access to their email inbox, a copy of their key, and to see their message briefly on our server while it was being encrypted or decrypted.  Before the disclosures last summer of privacy breaches by the NSA and others, most people felt that trusting a dedicated security provider was reasonable -- although to be fair, some did not, and we knew Enlocked would not be for everyone.

Things have changed, and we have changed as well.  The new version of Enlocked maintains the ease of use we are known for, but has some distinct advantages for those concerned with achieving the utmost in privacy for their email:

All encryption / decryption is now done locally, on your system or device.  We never see your message content.  Even when you use Enlocked Anywhere (our web-based app) the process is done in your browser session.

Enlocked no longer needs access to your email box - our plugins or apps get the message locally from your email client, or you save the file and then drag and drop it into your browser session.

Only you know how to unlock your key.  When you create your Enlocked account, you secure your PGP key with a passphrase (again, this is done locally on your device so we never see it).  So, we can't use your key, and even if a court order requires that we turn over your key, it is useless without your private password. [NOTE: one downside of this, also true of other secure encryption tools, is that if you forget your password, we cannot recover it for you.  We do allow you to enter a hint, which hopefully will help if this ever happens, but this is the price of greater privacy]

As we developed this new architecture, the design theme was "no compromise security".  While we wanted to keep things just as easy to use, and to work across the broad range of email services and devices people use, every decision we made was to maximize privacy.

A couple of weeks ago, we quietly rolled out our biggest changes to the Enlocked system yet.  Perhaps some of you noticed, but if we did our jobs well it should have been very transparent.  While the changes were subtle, they were based on some usability testing we did over the summer, aimed at improving the experience for first time users.  We have seen that in some cases, messages sent to people who have never used Enlocked before, do not get read.  And while for a few of these there may be a valid reason, the fact that someone took the time to send an encrypted message should mean the information is valuable.  As we understood more about where potential new users were dropping out, we could then make changes to minimize this issue.  Ultimately, for our sending users, the more often their recipients are able to easily read the message, the better!

So, what did we change?  Well, here are some of the bigger items, with a little background on what drove the decision.

When sending to a new Enlocked user, now instead of 2 messages being sent -- the introduction to Enlocked with new user instructions, and the actual encrypted message -- we are just sending one message with the intro at the top.  We saw that some first-time users were sometimes confused by 2 messages or skipped to the second one with the interesting subject, and never got the information on how to read the secure email.  The key to making this work for our existing users, was to hide this text if you already have a plugin or app installed, so every message doesn't have the introduction at the top if you don't need it.

Some potential new users weren't sure why the sender was going through the effort to encrypt, and whether the contents of the message were worth the effort to retrieve it (even though the effort with Enlocked is pretty minimal compared to other encryption systems!)  So, to provide a little more information to new users, now senders can write their own "custom" introduction that is sent in the clear, above the encrypted content.  This allows senders to tell the readers a bit about what is in the message, in their own words.

A major redesign of the Enlocked Anywhere interface.  For a lot of first time Enlocked users, they just really want to read that first message.  They aren't sure they want to install a plugin, or download an app... at least not yet.  And some users are utilizing an email client or provider that is not yet supported with an Enlocked plugin.  The Enlocked Anywhere web interface was created just for these reasons, but if we are honest with ourselves, it was always there as a "backup" and so we had not worried too much about the user experience.  We fixed that, with several changes that just make it a much smoother to read that first message.