[FORGED] Re: [FORGED] Re: UK To Ban Crypto In Devices, Email And More

oshwm oshwm at openmailbox.org
Sun Nov 8 11:34:00 PST 2015 

So...

Click on the little options button (three lines) at the top right of
Thunderbird.
Hover over Enigmail and click on Key Management.
A list of local copies of keys will appear, including my own private ones.
I double click on my key to show the details about it.
This includes the creation date of 23/07/15.

Well, that was quite simple, its almost as if someone created a not
perfect but workable User Interface called Enigmail - it even has a
Wizard for creating new keys and configuring Thunderbird.

It's gets more tricky if you have multiple email accounts in Thunderbird
but not prohibitively so.

It's not created by Apple so the shiny things fanboi's will hate it.

That seems easy enough though that even a Windows user could manage it.

The tough bit is understanding crypto but with analogies about keys and
shit then most people only need a superficial understanding of how to
USE GPG rather than Prime Numbery stuff - they should be able to cope.



On 08/11/15 18:58, oshwm wrote:
> 
> 
> On 08/11/15 13:41, Joseph Gentle wrote:
>> On Sun, Nov 8, 2015 at 7:45 PM, oshwm <oshwm at openmailbox.org> wrote:
>>> On 08/11/15 08:40, Peter Gutmann wrote:
>>>> oshwm <oshwm at openmailbox.org> writes:
>>>>
>>>>> Can GPG be easier to use, I think so, is it too difficult to use by ordinary
>>>>> people - no, they're just too fucking lazy and lack motivation.
>>>>
>>>> ... and this is pretty much the poster child for why we have so much unusable
>>>> crypto today.
>>>>
>>>
>>> Or, why we have such a fucking retarded human race with the attention
>>> span of a knat who expect everything to be given to them on a plate.
>>> People have to stop being lazy and start taking an interest and
>>> responsibility for what goes on in the world around them - your point of
>>> view re-inforces the dumbing down of the population and the increase in
>>> power of the Government and big Corps.
>>
>> Even if thats all true, its still also true that nobody is using PGP.
>> Its easier to make a slick UI than convince people to do work. Is it
>> so much to ask that people who make software try to make life easy for
>> their users?
>>
> 
> Slick UI would be cool, just a shame that's being used as an excuse by
> ppl who can't be arsed to do a bit of work.
> What's the excuse once it has a nice UI?
> 
> As for nobody is using PGP, I think that may be a little overstated -
> what you mean is nobody who doesn't give a fuck about privacy is using it.
> 
>> For all your talk of doing hard work oshwm, it looks like you only
>> created that PGP key yesterday:
>> $ gpg --list-packets signature.asc
>> hashed subpkt 2 len 4 (sig created 2015-11-08) [...]
> 
> except the key has been around for quite some time, I did re-sync with
> the sks servers yesterday.
> 
>>
>> And as far as I can tell it hasn't been signed by anyone. At least I
>> think so - after 15 minutes fighting with gpg I still can't find your
>> actual key and I ran out of care.
>>
> 
> No, it hasn't been signed by anyone as I don't have any friends in real
> life who give two shits about security as I mix with non-techies offline.
> This is not a difficulty issue, I can't even begin to talk about
> encryption with them without them changing the issue to great subjects
> such as what was on telly last night.
> 
>> ... Which leads me into my second point, which is that here in 2015
>> PGP is a terrible technical solution. It doesn't encrypt metadata
>> (which is a non-starter these days - who you communicate with is some
>> of the *most* valuable personal data for the NSA). It also leaks
>> information about who signed your key. That means either:
>>
> 
> Oh yeh, some bright spark came up with STARTTLS for encrypting comms
> with mail servers but made it optional, not a GPG issue.
> However, the metadata issue a big problem for everyone who connects to a
> server that isn't owned by them and I suspect really requires a new mail
> protocol to resolve.
> 
>> - Your key gets signed by your friends, so now your friend network public
>> or
>> - Emails with PGP are provably from you, in a way that can be traced
>> back to physically witnessed government ID.
>>
> 
> 1) friend network - can't be avoided if you want a system for vouching
> for email sender authenticity.
> 2) That's part of what PGP is about - sender authenticity. My PGP is not
> attached to a Gov Issued ID.
> 
>> ... Or both! Personally I would rather the possibility of forgery than
>> either of those outcomes.
>>
>> -J
>>
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20151108/3fa698db/attachment-0002.sig>

More information about the cypherpunks mailing list