Crypto with Granny
Now why on earth would a grandmother need crypto?
Until not long ago, almost all cryptographic communication was either between geeks or between corporate workers. The average Joe couldn't really be convinced to learn privacy skills. In fact, more and more people (including geek trend-setters) tend to regard such skills as obsolete since web 2.0 and other dancing pigs urge people to give up their basic privacy rights for the heck of it.
Yet:
There are many kinds of sensitive information you might want to exchange with Granny or some other trusted relative. For example, if you're discussing the custody trial you're going through. Chances are your ex-spouse's lawyer has someone monitoring your email and chats.
Many relatives of yours (including Granny) have blogs and/or web-2-ho pages and want to email or IM you their passwords so that you can fix up some mess they did there, or help them embed some new widget.
Then there are, of course, your potential next employer, your secret lover, your friendly Cuban cigar smuggler, etc.
You know it's essential to communicate with all these people securely (too bad they don't want to learn how)
To quote Hakim Bey:
Imagine that the food I crave is illegal -- raw milk perhaps, or the exquisite Cuban fruit mamey, which cannot be imported fresh into the U.S. because its seed is hallucinogenic (or so I'm told) ... Or maybe I only want to trade word processing services for organic turnips, but refuse to report the transaction to the IRS (as required by law, believe it or not) ... In short, assume that I'm fed up with mere information, the ghost in the machine. According to you, computers should already be quite capable of facilitating my desires for food, drugs, sex, tax evasion. So what's the matter? Why isn't it happening?
Since Bey's words were written (in the pre-web days of 1990), grandmothers have learned how to eMail, IM, bid at auctions, upload photos into greeting card templates and more. Is there an inherent reason why there's no "one click solution" for Granny's privacy needs as well? The sad answer is: Yes. Privacy is a completely different kind of kind of skill.
Be perfect. Practice is not an option.
When you learn some new skill, you can usually get better by trial and error. You can judge the quality of the photo you took or the song you've recorded by a simple act of looking or listening. Youlearn from your mistake and will doit better next time.
Privacy skills are different: the only way to know how good your encryption skills are, is when someone else decides to tell you how bad they are. This is usually followed by something mighty nasty, the beheading of Mary queen of Scotts being an extreme example of negative feedback one might experience while practicing encryption carelessly.
Queen Mary was much younger at the time than your grandma is today (and she still blew it). Luckily, granny has you.
Geek to non-geek encryption
Using Pidgin with the OTR (off the record) is the easiest and least demanding way to communicate securely with a buddy who's already computer-literate enough to use instant-messaging (e.g. Granny):
Pidgin works with whatever instant messaging service you grandma is already using
As opposed to gpg and similar encryption systems, to save a private key, you can always install the software on a new computer, let it generate a new key for you, and authenticate once more with your granny.
It's easy to teach most IM users how to install Pidgin and OTR and how to safely use them, even if you have to guide them through the installation via instant messaging. All it takes is a granny with motivation and less than an hour.
I find it way easier than explaining how to safely use gpg even if the software is already installed and you're explaining it face to face.
Only one thing to know
You need to authenticate your buddy. This is in order to make sure you aren't under a man in the middle attack, but granny doesn't need to know all the details, only the fact that this is important.
not finished... stuff below is copy/paste fodder
3.1.0: safer and easier
Now version 3.1.0 of OTR is a major leap forward in security and simplicity:
At last, there's a Don't log OTR conversations checkbox, so you can safely enable logging of your regular conversation (and then you can enable the History and Markerline plugins just like the average privacy-ignorant user next door). Buddha only know why it's not checked by default (as the term off the record insinuates).
Until 3.1.0, in order to authenticate your buddy (and make sure you weren't under a man in the middle attack), you had exchange something called fingerprints (things that look like CF773DF6 39E3B76F 75C71E6B 87B1088F B01D3513) in way that you don't believe your attacker would be able to intercept and fake as well. Cellular SMS is a pretty safe choice (If you're up against someone who can also launch a man in the middle attack the cellular provider of one of the buddies, there are most probably cameras above the keyboars and snipers on the roofs).
So people used to SMS ugly little hex numbers to their grandmothers. Doing this on a telephone keypad is as frustrating as it seems (and then some).
But what about the children?
Now your grandma won't have trouble installing the latest windoze versions of Pidgin and OTR. But what about your poor little sister who was bold enough to install Ubuntu. She's even upgraded it to the latest official release (Gutsy at the moment). Why should she be exposed to accidental logging of her cheating on her boyfriend? Why should she SMS those nasty fingerprints while the Windoze kids can give her the cypherpunkier than you look?
Don't worry, sis. All you should do is install (in this order) the .deb files from the following pages. If you see a popup saying something like warning, this package is from the future. Are you sure you're not a reckless and adventurous fool? just ignore it and click cancel. Trust me ;)
1) [Not needed for Gutsy, but for Feisty and earlier distros]: Pidgin itself (if you were using gaim before, Pidgin will import all your accounts and preferences from there)
2) libotr2
3) pidgin-otr
But what about the rest of the children?
What about the ones who are using non-Ubuntu distros? NetBSD? Mac?
Well, do I look like a nanny to you? :)