[jiggy2011]

Encryption is hard enough for developers and IT people to understand.

You have , for example websites that say "your data is protected by 256 bit encryption!". What does that even mean? Is just encrypted in transit? Is it only stored in an encrypted form on the other end? What is the key and who has to know it?

There is also a pretty big disadvantage to using good crypto, mainly if you lose/forget the key (or password used to derive it) you are completely fucked.

[xradionut]

It's not that you have to understand the details of the math of encryption or write your own library, you need to understand the processes required to use it. It's easier figure how to use GPG/PGP than use Mercurial or git.

And almost all users, and most IT folks and developers are too lazy to follow processes. Plus management and shareholders don't want to invest the time and money for training or implementation.

[biomechanica]

I guess what we're seeing is basically, when it comes straight down to it: We are all pretty damn lazy.

[kamjam]

It's a fair point, but I think from a users point of view they should really need to get bogged down with the tchnical details.

It can feel a bit "advanced" for the average user to setup, but if that is the case and they NEED privacy then they could use something like http://www.hushmail.com/ which will encrypt the emails (but only with other users with encryption keys). It's web based to there's the whole use from anywhere thing... Of course, just use Thunderbird and get the whole things for free :)