"Please select what kind of key you want" ~~ suggestion to developers
Robert J. Hansen
rjh at sixdemonbag.org
Mon Feb 23 22:24:51 CET 2009
Garfinkel, S. L., Margrave, D., Schiller, J. I.,
Nordlander, E., and Miller, R. C. 2005. How to make secure
email easier to use. In _Proceedings of the SIGCHI Conference
on Human Factors in Computing Systems_ (Portland, Oregon, USA,
April 02 - 07, 2005). CHI '05. ACM, New York, NY, 701-710.
Some results from this paper were presented at FC2005, but is not the
survey I mentioned in my previous message. That said, the results are
The following is excerpted from the paper. If possible, though, I
highly recommend you read the entire paper; it's an excellent overview
of why secure email has failed to take off.
Our survey consisted of 40 questions on 5 web pages. Respondents were
recruited through a set of notices placed by Amazon's employees in the
Amazon Seller's Forum. Participation was voluntary and all
respondents were anonymous. ... A total of 1083 respondents
[participated], with 417 of those respondents completing all five pages.
Average age of our respondents was 41.5. Respondents were highly
educated, with more than half claiming an advanced or college degree.
Most described themselves as "very sophisticated" (18.0%) or
"comfortable" (63.7%) using computers and the Internet. Roughly half
the correspondents had obtained their first email account in the 1990s.
The majority of respondents (94.4%) used computers running Microsoft
Windows for email. The two other leading platforms were Apple
Macintosh (8.5%) and some kind of mobile computing device such as a
cell phone (5.8%).
... A majority (54%) of respondents understood the difference between
digital signatures and sealing with encryption; that prior receipt of
digitally signed mail significantly increased understanding of that
difference; and that having previously received digitally signed email
from Amazon increased respondents' overall trust in email.
... The majority (59%) didn't know [if their email client supported
encryption], while another 9% chose the answer, "what's encryption?"
... Respondents with S/MIME-capable mail readers were more than twice
as likely to know that their programs were capable of encryption, and
half as likely to select the answer "What's encryption?"
Nevertheless, the majority of [S/MIME-enabled] correspondents (54%)
did not know the cryptographic capabilities of the software they were
Almost half of our respondents (44.9%) indicated that they would be
willing to upgrade their client in order to "get more protection" for
... Although roughly half of our respondents indicated that they
didn't use cryptography because they didn't know how, the free-
response answers from the more knowledgeable respondents indicated
that they either didn't think that encryption was necessary or else
that the effort, if made, would be wasted.
* "I don't because I don't care."
* "I doubt any of my usual recipients would understand
the significance of the signature."
* "Never had the need to send these kinds of emails."
* "I don't think it's necessary to encrypt my email &
frankly it's just another step & something else I
don't have time for!"
More information about the Gnupg-users