On 09/11/15 08:38, Neuhaus Stephan (neut) wrote:
On 2015-11-08 09:45, "cypherpunks on behalf of oshwm" <cypherpunks-bounces@cpunks.org on behalf of oshwm@openmailbox.org> wrote:
On 08/11/15 08:40, Peter Gutmann wrote:
oshwm <oshwm@openmailbox.org> writes:
Can GPG be easier to use, I think so, is it too difficult to use by ordinary people - no, they're just too fucking lazy and lack motivation.
... and this is pretty much the poster child for why we have so much unusable crypto today.
Or, why we have such a fucking retarded human race with the attention span of a knat who expect everything to be given to them on a plate.
I think you're rather making Peter's point for him.
Case in point: Would you care to try to explain to my dad (who is 76) what an expired PGP key means, exactly? What a trusted key is? Hell, what a public key is, even? How a PGP plaintext signature could have failed to verify? (In this context, don't forget to explain to him the difference between UTF-8 and ISO 8859-1.) Hint: an attitude of "well, you just have to learn all these new concepts, you fucking retarded human with the attention span of a knat" is probably not going to help.
I feel sorry for your dad, having a child that thinks so little of his mental capacity. If your dad can operate Windows and an email client then he has what is needed to learn enough to sign and encrypt emails with GnuPG. He doesn't need to know how crypto works or every minute detail, he just needs to be able to make sense of a Wizard and to be able to click a few buttons. He'll be at a disadvantage for not learning more about crypto and PGP but he'll be able to maintain a small amount of privacy in his use of email. When he gets stuck he might be able to ask his son or daughter for help - assuming he hasn't given up asking because you hold his mental capacity in such low regard.
If we want "ordinary people” (whatever they are, but in a crypto context they’ll be more like my dad than like me) to use encryption, we will have to make it invisible to them. It doesn't even have to be perfect; good enough will do.
You think if crypto is invisible to people then they'll be able to deal with when things go wrong any better than your dad would be if you equipped him with minimal knowledge of how to get by with PGP using e.g Enigmail on Thunderbird? The more you hide details from people, the less they are able to help themselves.
Fun,
Stephan —
If I have downvote policy, I will downvote you.
I'll take that as a compliment, thank you :)