On 08.11.15 14:41, Joseph Gentle wrote:
On 08/11/15 08:40, Peter Gutmann wrote:
oshwm <oshwm@openmailbox.org> writes:
Can GPG be easier to use, I think so, is it too difficult to use by ordinary people - no, they're just too fucking lazy and lack motivation. ... and this is pretty much the poster child for why we have so much unusable crypto today.
Or, why we have such a fucking retarded human race with the attention span of a knat who expect everything to be given to them on a plate. People have to stop being lazy and start taking an interest and responsibility for what goes on in the world around them - your point of view re-inforces the dumbing down of the population and the increase in power of the Government and big Corps. Even if thats all true, its still also true that nobody is using PGP. Its easier to make a slick UI than convince people to do work. Is it so much to ask that people who make software try to make life easy for
On Sun, Nov 8, 2015 at 7:45 PM, oshwm <oshwm@openmailbox.org> wrote: their users?
For all your talk of doing hard work oshwm, it looks like you only created that PGP key yesterday: $ gpg --list-packets signature.asc hashed subpkt 2 len 4 (sig created 2015-11-08) [...]
And as far as I can tell it hasn't been signed by anyone. At least I think so - after 15 minutes fighting with gpg I still can't find your actual key and I ran out of care.
... Which leads me into my second point, which is that here in 2015 PGP is a terrible technical solution. It doesn't encrypt metadata (which is a non-starter these days - who you communicate with is some of the *most* valuable personal data for the NSA). It also leaks information about who signed your key. That means either:
- Your key gets signed by your friends, so now your friend network public or - Emails with PGP are provably from you, in a way that can be traced back to physically witnessed government ID.
... Or both! Personally I would rather the possibility of forgery than either of those outcomes.
-J Whata hell of news, that email is not and never ever been secure communication method. Same as Moxie defined SMS as hell of unsecure because of metadata. We know that already no? Same way we know that Web Of Trust is huge leak of trust and security. But count with GPG/PGP on long run. It could be important now who are you talking with but it could be possible that on long run will be important what are you telling. Fact is that statistical analysis is bitch and it is pretty hard to hide all kind of metadata traces you are producing. Minimalize damage use at least encryption on level of email content. OTR over facebook chat or Google chat protocol or whatever will leak same amount of metadata because you share willingly when you are online sometimes contact or who are you talking with. This sword have two edges - we want to communicate and mostly socialise but we do not want to leak who do we make love during lunch break with, right? Paranoia is nice and expected thing here but lets think reasonably - usability versus security.
Of course could be really nice idea to strip all metadata from our communication on some practical level but lest admit that email will never be worth that work and it was never ever designed like that. Regards, - Over -- “Borders I have never seen one. But I have heard they exist in the minds of some people.” ― Thor Heyerdahl Telegram...................@over23 facebook...................facebook.com/overdrive23 projects...................https://brmlab.cz/user/overdrive twitter....................https://twitter.com/#!/over2393 last.fm....................http://www.last.fm/user/overdrive23 GnuPG key FingerPrint......08EA E4DC EF85 0F02 9267 5B48 2E58 6902 C5F8 794C Public key ................http://overdrive.dronezone.eu/overdrive.txt