[FORGED] Re: [FORGED] Re: UK To Ban Crypto In Devices, Email And More

Joseph Gentle me@josephg.com
Sun Nov 8 08:41:55 EST 2015


On Sun, Nov 8, 2015 at 7:45 PM, oshwm <oshwm@openmailbox.org> wrote:
> On 08/11/15 08:40, Peter Gutmann wrote:
>> oshwm <oshwm@openmailbox.org> writes:
>>
>>> Can GPG be easier to use, I think so, is it too difficult to use by ordinary
>>> people - no, they're just too fucking lazy and lack motivation.
>>
>> ... and this is pretty much the poster child for why we have so much unusable
>> crypto today.
>>
>
> Or, why we have such a fucking retarded human race with the attention
> span of a knat who expect everything to be given to them on a plate.
> People have to stop being lazy and start taking an interest and
> responsibility for what goes on in the world around them - your point of
> view re-inforces the dumbing down of the population and the increase in
> power of the Government and big Corps.

Even if thats all true, its still also true that nobody is using PGP.
Its easier to make a slick UI than convince people to do work. Is it
so much to ask that people who make software try to make life easy for
their users?

For all your talk of doing hard work oshwm, it looks like you only
created that PGP key yesterday:
$ gpg --list-packets signature.asc
hashed subpkt 2 len 4 (sig created 2015-11-08) [...]

And as far as I can tell it hasn't been signed by anyone. At least I
think so - after 15 minutes fighting with gpg I still can't find your
actual key and I ran out of care.

... Which leads me into my second point, which is that here in 2015
PGP is a terrible technical solution. It doesn't encrypt metadata
(which is a non-starter these days - who you communicate with is some
of the *most* valuable personal data for the NSA). It also leaks
information about who signed your key. That means either:

- Your key gets signed by your friends, so now your friend network public
or
- Emails with PGP are provably from you, in a way that can be traced
back to physically witnessed government ID.

... Or both! Personally I would rather the possibility of forgery than
either of those outcomes.

-J


More information about the cypherpunks mailing list