According to Mathew Green ( ), more than 95% of the overall e-mail traffic is exchanged without end-to-end encryption. In addition to PGP and S/MIME, a recent initiative called Pretty Easy Privacy (pEp) ( ) made efforts to simplify the usage of end-to-end cryptography in e-mail communication for novice users.ĭespite the fact that, electronic mail is still one of the most commonly used communication channels, end-to-end encryption is only applied by a small fraction of e-mail users.
As far as electronic mail/e-mail is a concern, two major end-to-end encryption technologies have been available for decades, namely Pretty Good Privacy (PGP) ( Atkins et al., 1996) and Secure Multipurpose Internet Mail Extensions (S/MIME) ( Ramsdell, 1999).
More recently, a huge step towards more secure Internet communication was achieved with the integration of end-to-end cryptography in mobile internet messenger services such as WhatsApp, Signal or Telegram. For example, Transport layer security (TLS) is one of the most prominent and widely adopted solutions for securing various protocols, particularly for browsing the World Wide Web. Nowadays, there are different security mechanisms allowing to protect the user privacy and to secure communication protocols. Particularly, we found an even stronger concern about identity theft among e-mail users, as 78% of the participants want to make sure that no other person is able to write e-mail on their behalf. Nonetheless, 66% of the participants consider secure e-mail communication as important or very important. We observed that above all, users 1) are overwhelmed with the management of public keys and 2) struggle with the setup of encryption technology in their e-mail software. We found that more than 60% of our study participants (in both methods) are unaware of the existence of encryption technologies and thus never tried to use one. For this usability study, we have combined two methods: 1) an online survey, 2) and user testing with 12 participants who were enrolled in tasks requiring e-mail encryption. Moreover, this study helps to explain why users hesitate to employ encryption technology in their e-mail communication. The findings of this study show that, despite of existing technology, users seldom apply them for securing e-mail communication. This paper presents the results of a usability study focused on three end-to-end encryption technologies for securing e-mail traffic, namely PGP, S/MIME, and Pretty Easy Privacy (pEp).
3I3S, CNRS, Université Côte d’Azur, Nice, France.2Université Côte d’Azur, Polytech Nice Sophia, Nice, France.1Department of Informatics, Technische Universität München, München, Germany.Adrian Reuter 1, Ahmed Abdelmaksoud 2, Karima Boudaoud 3* and Marco Winckler 3
0 kommentar(er)
