On 15/11/15 07:43, grarpamp wrote:
On Sat, Nov 14, 2015 at 5:17 AM, oshwm <oshwm@openmailbox.org> wrote:
sign up process, allow that service to access their private key to link the service to their email and their GPG identity - but it can be done using very simple language such as "allow linking to your email").
Which of course will always be answered "yes", where it happens makes not difference. However value in the user brokering their own data out of their own store, at least that way they have some small chance to retain control and/or recover and/or be guided by their geek friend in person.
Required because users don't want to have to learn crypto terms because its too much work.
For existing mail accounts, the email provider can offer to add additional security to the users mail account without mentioning PGP even once.
Similarly, it's called HOTP, TOTP or system under user control, not sending your valuable metadata of email, phone or bio auth to them.
Its a shit idea but if you want to give sheeple the opportunity to use encryption without having to learn new stuff then as far as I can see its the only option. Anyone who wants to take control can do so once they have learnt the required knowledge to understand how it all works. You want flexible or simple? choose one.