On Sun, Nov 8, 2015 at 2:28 PM, Juan <juan.g71@gmail.com> wrote:
On Sun, 8 Nov 2015 02:10:19 +0000 Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
Joseph Gentle <me@josephg.com> writes:
Industry grade crypto has existed for years, but things like PGP being simply *inconvenient* has resulted in it having virtually no adoption. The big threat to pervasive surveillance isn't pgp, its companies like apple and whatsapp bringing that technology to the masses.
That's a good point actually. In my enormous to-read pile I've got "Why Johnny Still Can't Encrypt", and that's from fifteen years after the original paper on PGP's unusability was published. It's scary to think that companies like Apple have done more to protect us from intrusive government surveillance
LMAO
http://readwrite.com/2014/07/23/apple-ios-backdoor-acknowledgement-support-d...
Got anything more recent than July 2014? Apple has been claiming far and wide that from iOS 8 even they cannot access the data stored on a locked device without a password: http://appleinsider.com/articles/14/09/17/apple-says-incapable-of-decrypting... All three APIs listed in that readwrite article require access to services via USB, which require a device the phone trusts and (I think) for the device to be unlocked. I would be quite surprised if it turned out that apple really can decrypt data for the government on locked devices. They've been quite public about this policy, and they've claimed they can't access said data under oath. Its also a fantastic strategic move for them to fight off android - given google's business model it'll be impossible for android to follow suit. I am about 90-95% confident that there aren't any intentional holes in iOS through which apple can read data thats only stored on my device. (I recently switched from android to iOS for this reason.)
than nearly a quarter century of PGP has, because they've made it usable by the masses.
and the proof for that claim is, where?
It was very impressive for its time but what impact has PGP *actually* made? You seem like a sufficiently paranoid human who knows about PGP, knows what it does and you're technically capable of installing it and using it. So tell me - how many encrypted emails do you send and receive with PGP? I think PGP's legacy is that it started a conversation around crypto and privacy. But as a *product* it was a complete failure. I mean, it doesn't even protect metadata. -J
Peter.