The barriers to modern cryptography seem to be far more social and psychological than technical.
It seems as though many of the web-of-trust issues that impeded PGP 15+ years ago could be helped by current day social networking practices, if a social network pushed it. PGP/GPG could be used under the hood, as long as the user never has to deal with an actual file anywhere unless they wanted to.
The consequences of evil twin attacks [1] may be worse, but if the 'verify' action was not as casual as mere friending, then perhaps it would be less susceptible.
I've been thinking about the possibility of doing it under the hood via a browser extension on major social networks. Something akin to 1) you publish a photograph of yourself to Facebook that contains your PGP key in EXIF. 2) Your friends, who can see that photograph, encrypt messages for all friends with "public key" photographs. Finally, 3) The browser extension seamlessly decodes all PGP messages through page manipulation (e.g. walking all text nodes and looking for a specific sentinel, and then decrypting all messages that match the sentinel). This way, you would be able to communicate securely over a social network with nothing but a browser extension.
I have a very rudimentary prototype up on Github if anyone is interested. It has some throw away keys and allows you to encrypt for those via right-clicking text in a textarea. The code uses OpenPGP.js.
Great idea. It has the potential to spread virally if those who don't have the extension installed are shown a message telling them the benefits of installing it.
It seems as though many of the web-of-trust issues that impeded PGP 15+ years ago could be helped by current day social networking practices, if a social network pushed it. PGP/GPG could be used under the hood, as long as the user never has to deal with an actual file anywhere unless they wanted to.
The consequences of evil twin attacks [1] may be worse, but if the 'verify' action was not as casual as mere friending, then perhaps it would be less susceptible.
Are any startups working from this angle?
[1] http://my.safaribooksonline.com/book/-/9781597495455/chapter...