On Sat, Nov 14, 2015 at 5:17 AM, oshwm <oshwm@openmailbox.org> wrote:
sign up process, allow that service to access their private key to link the service to their email and their GPG identity - but it can be done using very simple language such as "allow linking to your email").
Which of course will always be answered "yes", where it happens makes not difference. However value in the user brokering their own data out of their own store, at least that way they have some small chance to retain control and/or recover and/or be guided by their geek friend in person.
For existing mail accounts, the email provider can offer to add additional security to the users mail account without mentioning PGP even once.
Similarly, it's called HOTP, TOTP or system under user control, not sending your valuable metadata of email, phone or bio auth to them.