hey coderman, On 1/8/21, coderman <coderman@protonmail.com> wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, January 7, 2021 11:50 AM, Karl <gmkarl@gmail.com> wrote:
...
Our communications are being intercepted and altered. The clearest evidence is that nobody is using PGP, on the e-mails I receive. We need to discuss that continuously so that people do something about it.
there is a study, "Why Johnny Can't Encrypt" - https://www.usenix.org/legacy/events/sec99/full_papers/whitten/whitten_html/...
this outlines a number of usability failures in email encryption using PGP/GPG tools.
it seems to me the reason johnny can't encrypt is not because the pgp protocol has a problem strongly related to that, but rather because the devs working on encryption software are struggling to do so effectively. any thoughts? it's notable that pgp encourages end-to-end encryption and protonmail does not, no?
sure, things are a little better now. but core deficiencies remain. for this reason, i have avoided email encryption for years now, preferring end-to-end encrypted messaging systems instead.
did you make a signed post when you stopped using PGP, so that people would know you hadn't been coerced or manipulated to do so, or replaced by an impostor or a gpt-in-the-middle?
these have better idioms around privacy, and are more intuitive for less technical users.
true
if you used a protonmail account, we would have an additional layer of authentication and privacy between us, however :)
(it's really hard for me to stay on protonmail, with my amnesia and budgeting issues combined with their deletion of inactive accounts ... isn't protonmail vulnerable to everything hushmail was? i've now registered gmkarl@protonmail.com but i'm hesitant to use it because i don't want to lose my mail history when my account expires ... i'll think on that. must be a solution.)
best regards,