> Please explain how I can have a secure online conversation with my mother easily. (Easy for me, easy for her).

Pidgin with OTR -- configure and verify keys once, use whatever protocol you want. It is doable and not very difficult right now, the problem really is that no one cares.

That's assuming the clients are not compromised, hardware is not compromized, and "whatever protocol" is not susceptible to man-in-the-middle attacks.

If the hardware is compromised then all bets are off. No protocol is secure when running on compromised hardware.

Not really, you can have good enough security without perfect technology.

Cost to acquire or develop and reliably productize (and risk divulging) targeted attacks for OTR would likely exceed the value your adversaries could extract from your chat with your mom.

Apple's FaceTime is end-to-end encrypted, "the FaceTime conversation stream is encrypted from end to end, and each FaceTime session has unique session keys for each user".

Source? According to wikipedia "As of June 2011, it is not yet known to have been ratified by any standards body, and the extent of work by Apple with regard to this promise is unclear as Apple has not released technical specifications for the service. FaceTime is not currently supported on any non-Apple devices. While FaceTime is based on open standards, Apple's FaceTime service requires a client-side certificate. In other words, while the protocol might become an "open standard", access to Apple's FaceTime service is controlled by Apple.". This means that encryption keys are owned by Apple, and not by users.

> Apple's FaceTime is end-to-end encrypted

And one should trust Apple's or your word because...?

Don't just focus on one attack method. Look for the weakest link in the chain. If you get a totally secure computer system & internet connection, there could be a microphone in your room recording what you say. Easy to use crypto won't help there and only give a false sense os security.

No offence but I don't think the government could possibly care less about you or the conversation with your mother. There is a long list of far more important and interesting people for them to worry about.

How about using whatever is the easiest, most enjoyable and trouble free setup for her to use.

I didn't downvote you either, but I call this response the narcissistic defect of security / privacy analysis. The "I'm not interesting / I've got nothing to hide / X is not interested in me" level of analysis which is about as shallow as you can go in considering privacy / security.

Because looked at from a societal level, more secure citizen communications means a society less able to be manipulated / blackmailed / spied on by bad actors, both domestic and foreign. It doesn't matter if this particular mother never says anything interesting / compromising in communications with her child, because there are many other situations where they will. Their child might be a politican, councillor, businessman doing signficant overseas deals, political activist, dissident.

Your logic is faulty on a number of levels:

* assumes only the US government is a potentially bad actor. This is simply not the case.

* assumes the political / technical climate will never become more hostile to milder expressions of dissent between citizens.

* assumes the parent poster's communications with his mother does not contain any interesting information to any potentially bad actors

Ultimately though, with all the theorizing aside, the parent is simply wanting a solution that provides secure communication with family members which is a very uncontroversial, reasonable goal to have.

Consider all your communications, and think about the most ambiguous statement you've ever made regarding illegal activity, whether it was a joke or not. You have to be naive if you don't care in the slightest whether the government has all your IM history. At best, they'll realize you're not a criminal and ignore you. However, at worst, you'll be made a target of some investigation, they may very well find some other ambiguous or over-broad statute you're in violation of, and then it's off to court.

For my part, I used to be an active member of a political party that while completely legal and not advocating anything illegal, due to its position on the far left meant that a lot of people I associated with used to be under surveillance by the Norwegian security services, and many of them were denied entry into the US for years and years.

At the time I was involved, it was less controversial, and so I might have "escaped" surveillance, but I regularly met people who were more than once taunted on open streets by high level people in the security service who'd joke about personal details of their life that they had obtained through surveillance that in no way were relevant to the security services (e.g. asking about the fight some guy had with his wife the previous night).

There are plenty of people today that are in close enough proximity to the types of people and groups who are the subject of security services interests these days that would have every reason to assume that their conversations with their mothers would be monitored just because of either who they are, or who their friends are, or even because of the groups their friend peripherially belongs to.

It's not a situation that is particularly fun to be in, and I understand very well why third parties in situations like that would prefer not to have to think about whether or not someone is listening in for their own gratification.

I didn't downvote you. And I agree they aren't interested in my conversations with my mother. However I think they are very much interested in listening in to conversations involving foreign relatives, military relatives, rich relatives, criminal relatives, etc.

But none of that is my motivation. My motivation is purely technological. I want secure services as a matter of principle. Since I have yet to find such a thing, I use whatever is easiest, just like everyone else.