[liberationtech] 10 reasons not to start using PGP

[Tempest]

Gregory Maxwell:
> My other big technical complaint about PGP is (3) in the post, that
> every encrypted message discloses what key you're communicating with.
> PGP easily _undoes_ the privacy that an anonymity network like tor can
> provide.  It's possible to use --hidden-recipient but almost no one
> does.

i am often a bit confused as to why people take issue with the fact that
gpg/pgp isn't anonymous. i don't recall the technology ever being
proposed as such. rather, effort was made to have mechanisms to verify
the identity of a sender. however, if one creates an identity and
keypair that as only been used over tor, what's the problem? creating
and maintaining anonymity is an entirely different subject that gpg/pgp
was not created to address.

i'm going to have to cosign with jillian and others who took issue with
this list. i don't think it provided good reasons to not use gpg/pgp. in
fact, i struggled with figuring out what threat models the author was
addressing in the various points, as it jumped around a bit without
providing much detail. that lack of detail made the conclusion a bit
irresponsible.


-------------------------------------------------

VFEmail.net - http://www.vfemail.net
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!