The crypto triple threat club
My written one-to-one communication patterns can be grouped into three major categories: longform, synchronous shortform, and asynchronous shortform. For the most part I use email, IMs, and SMS, respectively, for those purposes.
Each of those technologies has its own end-to-end encryption protocol. ((In some cases, more than one. I’m just listing the ones I use.)) Email has the venerable OpenPGP protocol and the GnuPG suite of programs; IM has OTR for Off-the-Record Messaging on Pidgin and Adium on the desktop, andGibberbot and ChatSecure on mobile; and SMS has TextSecure, a free software Android SMS application that does encryption locally and over the wire.
My TextSecure fingreprint, as a QR code generated by the application.
There’s a small but growing cadre of my friends with whom I’ve exchanged keys on all three protocols.1 They’re the crypto triple threats. I want to build that list out further: if I’m having an end-to-end conversation with you, I’d like it to be encrypted end-to-end.
Some of these keys are harder than others to exchange. Email encryption is notoriously difficult to get right, while OTR is much simpler to start working with. TextSecure is a great example of the rare good QR code use case.
These are communication tools, so they’re especially affected by Metcalfe’s Law. That makes it even more important to get people to join the triple threat club. It also means that for each of these protocols, there are lots of people who want to help you figure it out. I’m one of those people. Let’s talk!