For a long time, cryptography was really only used by spooks, mathematicians, and cranks. Back around 2000 I messed with it. The idea that I could set it up so that nobody could fake a business email from me through cryptographic signatures, was an appealing one. But I stopped since it was a hassle, and nobody cared.

But now after the Edward Snowden spy effort has whipped up hostility to America, the number of people seeking to encrypt their communications has gone up. The problem is, it's mostly ideological, and the people don't know what they're talking about. So they're getting scammed by insecure snake oil posing as "PGP Blackberry."


[caption id="attachment_265471" align="aligncenter" width="600"]Photo by Tim Gage on Flickr Photo by Tim Gage on Flickr[/caption]

The fact that these phones are calling themselves "PGP Blackberry" should have raised warning flags already. Blackberry is known as a secure platform for organizations because it's tamper-resistant and communicates security with the central server. There'd be absolutely no benefit to using a Blackberry for an individual seeking to communicate securely over the Internet.

So the real service being provided here, is PGP integration. PGP is short for "Pretty Good Privacy," which is a scheme for signing and encrypting email, first released in 1991, and has since spawned open standards for email encryption. That's it, it's a standard, and these "Blackberry PGP" providers are implementing it themselves.

It's clear they're implementing the standards poorly, because governments are breaking the cryptography. Actual PGP, most commonly as implemented by the GNU Privacy Guard software, is as good as it gets. Governments would not be breaking correctly-implemented PGP encryption.

Scammers are rolling their own, rolling it badly, and suckering ideologues with the hots for encryption but not knowing what they're talking about. Even if they're using all the fancy codes like AES (the Advanced Encryption Standard), protocols matter as much as codes. During WWII, the Germans used the Enigma codes, which were good. However they made a severe protocol error, and started all their messages with the same letters, which enabled much easier attacks on the messages. As a result, allied analog computers were reading the German mail.

And so now snake oil sellers are making protocol errors, and running away with the cash of those being duped by Edward Snowden. Well, people gullible enough to believe Snowden, are gullible enough to buy bad encryption, I guess. Pass the popcorn.