[liberationtech] 10 reasons not to start using PGP

[Ali-Reza Anghaie]

On Thu, Oct 10, 2013 at 3:23 PM, carlo von lynX
<lynX at time.to.get.psyced.org> wrote:
> We had some debate on this topic at the Circumvention Tech
> Summit and I got some requests to publish my six reasons
> not to use PGP. Well, I spent a bit more time on it and now
> they turned into 10 reasons not to. Some may appear similar
> or identical, but actually they are on top of each other.
> Corrections and religious flame wars are welcome. YMMV.

I love the detail put into this but I think it's a poorly delivered
message for multiple reasons:

1) It puts an over-abundance of faith in toolsets in opening and
closing "You have to get used to learning new software frequently."
Realistically if this was a toolsets problem then EFF and EPIC
wouldn't exist - it's not. It's a problem of State that can only be
fought through OPSEC, policy, and risk management. Since it's not
entirely reasonable to have end-users living the spook lifesystem then
it leaves ~policy~ as the best out for end-users with tools (like PGP)
being the defensive linemen.

2) Combined with (1) - then providing no immediate alternative - it
creates the environment in which snake oil fills the gaps. Then we're
back out fighting the snakeoil because we were too busy eating our
young (or old in this case) to pay attention to the collateral damage
to our end-users.

3) It groups multiple problem sets into the responsibilty domain of
PGP - when it/they don't have to be, perhaps even undesirable to be so
(from both technical and sociological viewpoints).

So in terms of broad proclamations I think it's prudent to keep those
at a policy level - and the rest behind transparent but loosely narrow
doors until the collective geekdom "we" can get traction on better
alternatives. -Ali