[liberationtech] the 14th reason not to start using PGP is out!

Ali-Reza Anghaie ali at packetknife.com
Wed Nov 20 20:23:36 PST 2013 

As it pertains to your response to me from over a month ago (below) -
we're just on different pages. I'm not arguing the strategic problem
statement, I'm saying you've made a tactical decision that was
damaging. *shrug*

Matters little now - so many new entrants into the ecosystem we're
already fighting the good fight against the bad fighters. Good luck,
Cheers, -Ali


On Wed, Nov 20, 2013 at 10:30 PM, carlo von lynX
<lynX at time.to.get.psyced.org> wrote:
>
> On Tue, Oct 15, 2013 at 04:26:34PM -0400, Ali-Reza Anghaie wrote:
>> > The current policy of recommending PGP over more advanced tools is
>> > probably causing damage to our end-users.
>>
>> The current policy of recommending tools that don't readily replace
>> PGP ~in the way end-users user it today~ is causing more damage IMO.
>
> Excuse me, Pond has some oddly aligned buttons but the service it offers
> is way more advanced than SMTP. If you really think you don't want to
> trust a new cryptographic tool - and don't have the money to finance a
> review - then embed PGP encrypted messages into it. Still, the number
> of failures you cannot possibly experience with Pond is so high that
> it is a much safer tool than the above mentioned Enigmail.
>
> Funny.. IMAP works so well, I can even see my unencrypted draft on a
> different mail agent on a different computer...  :-D
>
> And Pond is just an example. I could as well mention PGP over RetroShare
> (although it already does PGP itself) with or without Tor wrapper.
> Or what about Susimail and Liberte Cables? So many alternatives to SMTP!
>
>> That's what I mean - ~you~ aren't pointing people at Snake Oil. You're
>> just delivering a message of impending doom without giving them a
>> flyer on where to go next that also fits where they ~can~ go
>> (supported, COTS, or whatever).
>
> Here's a flyer.. at http://secushare.org/comparison I've been making a
> comparison of the tools that are being developed. The number of problems
> with e-mail are so big that I believe even not fully reviewed software is
> a lesser damage - but as always you are welcome to go bullet proof by
> combining the new technologies with older proven ones.
>
>> In essence I'm saying it's dangerous to make such proclamations -
>> however valid in ~our~ community - to the wide-open spaces of the
>> Internet when "we" also aren't ready at-hand to provide solutions.
>
> The document gave/gives indications on how to interpret it, including
> the opening phrase that said that PGP is better than nothing.
>
>> >> 3) It groups multiple problem sets into the responsibilty domain of
>> >> PGP - when it/they don't have to be, perhaps even undesirable to be so
>> >> (from both technical and sociological viewpoints).
>> >
>> > It's like saying if the mirror in your car is broken it has
>> > nothing to do with driving, because the mirror isn't doing the
>> > driving.
>>
>> No it's not - it's saying the car isn't responsible for the red light
>> camera. It's important to break these things out in domains for which
>> they (in this case PGP) was designed.
>
> If you want me to say PGP isn't so bad. Okay, here I say it: PGP isn't
> so bad. It's actually rather cool. Only few problems like non-repudiability
> are inherent to PGP itself. Most of the problems are caused by SMTP, IMAP
> and the like. How does this make anyone feel better?
>
>> > PGP/mail is so broken that there is a risk that even if there
>> > are bugs in the new software programs they may cause less damage
>> > as PGP. We're at a point that we can't safely argue which of the
>> > two options are safer, and each user would have to take a chance
>> > for himself. That's why I urge you to review the alternatives so
>> > we CAN make reasonable recommendations like we used to do.
>>
>> That's not what you did though - you say that now but there was a
>> broad "viral" proclamation.
>
> To start a debate, and looks like I was successful at that.
> The "PGP" page is about the problems with e-mail and PGP.
> The "comparison" page is about the new tools, and that one warns
> upfront that all of the mentioned tools deserve a proper review.
>

More information about the liberationtech mailing list