On 11/07/2015 06:54 PM, Joseph Gentle wrote:
And yet even most email on this list isn't encrypted.
Why would I want to do that? It sort of defeats the purpose of a public listserv. RR
On Sun, Nov 8, 2015 at 1:10 PM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
Joseph Gentle <me@josephg.com> writes:
Industry grade crypto has existed for years, but things like PGP being simply *inconvenient* has resulted in it having virtually no adoption. The big threat to pervasive surveillance isn't pgp, its companies like apple and whatsapp bringing that technology to the masses. That's a good point actually. In my enormous to-read pile I've got "Why Johnny Still Can't Encrypt", and that's from fifteen years after the original paper on PGP's unusability was published. It's scary to think that companies like Apple have done more to protect us from intrusive government surveillance than nearly a quarter century of PGP has, because they've made it usable by the masses.
Peter. Exactly.
Snowden: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.". And yet even most email on this list isn't encrypted.
The cat and mouse game of security is fun and technically challenging. But if you want to actually stop global attackers like the NSA, the problem isn't that we don't have good enough crypto. Its that barely anybody in our community also knows how to make pleasant, usable software. We need more software like Signal (TextSecure). Not because of its rad ratcheting OTR, but because I can get my partners to use it without having to spend an hour explaining asymmetric key cryptography first.
-J