From Clay Shirky’s brilliant piece on how the RIAA is expediting the race to complete encryption:
Even after the death of Clipper and the launch of PGP, the Government discovered that for the most part, users didn’t want to encrypt their communications. The most effective barrier to the spread of encryption has turned out to be not control but apathy. Though business users encrypt sensitive data to hide it from one another, the use of encryption to hide private communications from the Government has been limited mainly to techno-libertarians and a small criminal class. The reason for this is the obvious one: the average user has little to hide, and so hides little. As a result, 10 years on, e-mail is still sent as plain text, files are almost universally unsecured, and so on. The Cypherpunk fantasy of a culture that routinely hides both legal and illegal activities from the state has been defeated by a giant distributed veto. Until now.
I’ll plead guilty to apathy on all accounts. The p2p clients I use still reveal my IP address (and with a static IP with a web server, that pretty much ends all hopes of anonymity). With email I no long use a PC client except for archiving. I feel more comfortable keeping my email on a paid web-based account with secure login. I’m on https the whole time I’m logged in to my mail account. This is not an ideal solution, but certainly not a bad one. (With free web-based accounts like you, you can login using https, but the web interface reverts to http after you login, which kind of defeats the purpose. The problem with secure email is that you need compliance on both sides, and it’s a drag waiting for both parties to use PGP tools.