[FORGED] Re: [FORGED] Re: UK To Ban Crypto In Devices, Email And More
oshwm
oshwm at openmailbox.org
Sun Nov 8 10:58:50 PST 2015
On 08/11/15 13:41, Joseph Gentle wrote:
> On Sun, Nov 8, 2015 at 7:45 PM, oshwm <oshwm at openmailbox.org> wrote:
>> On 08/11/15 08:40, Peter Gutmann wrote:
>>> oshwm <oshwm at openmailbox.org> writes:
>>>
>>>> Can GPG be easier to use, I think so, is it too difficult to use by ordinary
>>>> people - no, they're just too fucking lazy and lack motivation.
>>>
>>> ... and this is pretty much the poster child for why we have so much unusable
>>> crypto today.
>>>
>>
>> Or, why we have such a fucking retarded human race with the attention
>> span of a knat who expect everything to be given to them on a plate.
>> People have to stop being lazy and start taking an interest and
>> responsibility for what goes on in the world around them - your point of
>> view re-inforces the dumbing down of the population and the increase in
>> power of the Government and big Corps.
>
> Even if thats all true, its still also true that nobody is using PGP.
> Its easier to make a slick UI than convince people to do work. Is it
> so much to ask that people who make software try to make life easy for
> their users?
>
Slick UI would be cool, just a shame that's being used as an excuse by
ppl who can't be arsed to do a bit of work.
What's the excuse once it has a nice UI?
As for nobody is using PGP, I think that may be a little overstated -
what you mean is nobody who doesn't give a fuck about privacy is using it.
> For all your talk of doing hard work oshwm, it looks like you only
> created that PGP key yesterday:
> $ gpg --list-packets signature.asc
> hashed subpkt 2 len 4 (sig created 2015-11-08) [...]
except the key has been around for quite some time, I did re-sync with
the sks servers yesterday.
>
> And as far as I can tell it hasn't been signed by anyone. At least I
> think so - after 15 minutes fighting with gpg I still can't find your
> actual key and I ran out of care.
>
No, it hasn't been signed by anyone as I don't have any friends in real
life who give two shits about security as I mix with non-techies offline.
This is not a difficulty issue, I can't even begin to talk about
encryption with them without them changing the issue to great subjects
such as what was on telly last night.
> ... Which leads me into my second point, which is that here in 2015
> PGP is a terrible technical solution. It doesn't encrypt metadata
> (which is a non-starter these days - who you communicate with is some
> of the *most* valuable personal data for the NSA). It also leaks
> information about who signed your key. That means either:
>
Oh yeh, some bright spark came up with STARTTLS for encrypting comms
with mail servers but made it optional, not a GPG issue.
However, the metadata issue a big problem for everyone who connects to a
server that isn't owned by them and I suspect really requires a new mail
protocol to resolve.
> - Your key gets signed by your friends, so now your friend network public
> or
> - Emails with PGP are provably from you, in a way that can be traced
> back to physically witnessed government ID.
>
1) friend network - can't be avoided if you want a system for vouching
for email sender authenticity.
2) That's part of what PGP is about - sender authenticity. My PGP is not
attached to a Gov Issued ID.
> ... Or both! Personally I would rather the possibility of forgery than
> either of those outcomes.
>
> -J
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20151108/94f8e80c/attachment-0002.sig>
More information about the cypherpunks
mailing list