[liberationtech] 10 reasons not to start using PGP

[adrelanos]

Thank you for doing this work!

The world needs someone facing the truth, explaining why gpg isn't the
solution, advocating positive change. It's a communicative task, a very
difficult one. As long there is gpg, most geeks don't see need to create
better alternatives.

I'd say, gpg's development slowed down. They're qualified but standing
in their own way. They should break compatibility with commercial PGP
(not because thats good, just because it's easier to implement better
solutions), also break compatibility with RFCs, implement better
solutions and standardize later. The current "first standardize, then
maybe implement, and don't implement if it's not standardized" approach
is much too slow, can't keep up with real developments in real word.
(Still don't even have mail subject encryption.) If Bitmessage succeeds
(I haven't learned much about it yet), and actually provides better
protection than gpg, I am happy with that also if there isn't a RFC. If
Bitmessage gets really popular, I am sure they'll somehow work things
out and happen to standardize it later.

Sometimes I even think, if there wasn't gpg, new approaches had better
chances reaching critical mass.

carlo von lynX:
> But what should I do then!??
> 
>    So that now we know 10 reasons not to use PGP over e-mail, let's first
>    acknowledge that there is no easy answer. Electronic privacy is a crime
>    zone with blood freshly spilled all over. None of the existing tools
>    are fully good enough.

I am a gpg user myself, but must say that it has really awful usability.
OTR has so much better usability, but it it (yet?) can't be used to sign
files or for higher latency communication (e-mail).

I agree, the existing tools aren't remotely good enough.

> Thank you, PGP.

Thanks for acknowledging that.