@kinetix @delta @jpaskaruk
I *still* use gpg a few times a week, and I'm still sad more people don't :-(
I *still* use gpg a few times a week, and I'm still sad more people don't :-(
@MindOfJoe @jpaskaruk I haven't been following, but it seems like autocrypt could be helping with adoption, but... in just a little bit of playing around it looks like support is ... inconsistent amongst clients so far?
@kinetix @jpaskaruk
This adoption business feels like a red herring. If one person wants to protect his or her files, one person adopts it. If two people want to communicate, two people can adopt it.
GnuPG is a free and open source implementation of the standard for over 25+ years -- a genie out of the bottle, available on pretty much every platform. There's no shortage of documentation, implementations, or people who will help.
While things like instant messengers and email /can/ integrate it, it's not required to use it. You can encrypt a message and copy & paste it into your messenger or attach it as an email. It's independence is precisely why it's powerful. Anything that wraps its implementation and integrates it into a communications path is inherently a risk / vulnerability in that it can observe or use your private keys on your behalf. That requires more layers of trust.
Maybe it's like the ham radio stuff: We don't need everyone to join, but if we had one person on each block or neighborhood, ...
🤷
This adoption business feels like a red herring. If one person wants to protect his or her files, one person adopts it. If two people want to communicate, two people can adopt it.
GnuPG is a free and open source implementation of the standard for over 25+ years -- a genie out of the bottle, available on pretty much every platform. There's no shortage of documentation, implementations, or people who will help.
While things like instant messengers and email /can/ integrate it, it's not required to use it. You can encrypt a message and copy & paste it into your messenger or attach it as an email. It's independence is precisely why it's powerful. Anything that wraps its implementation and integrates it into a communications path is inherently a risk / vulnerability in that it can observe or use your private keys on your behalf. That requires more layers of trust.
Maybe it's like the ham radio stuff: We don't need everyone to join, but if we had one person on each block or neighborhood, ...
🤷
@MindOfJoe @kinetix I quite agree with this - adoption only matters if you need a lot of people to exploit and skim off money, or to commercial software that costs money. It's nice that Signal seems to be currently trustworthy, but E2E is also just that right now: nice to have.
Now, if it becomes crucial, then only the people to whom it becomes crucial need to think about this and use PGP/GPG, and they have no need to care whether anyone besides their group is using it.
In the final analysis, it never actually mattered whether Apple capitulated or not, because most their users are from the first paragraph, they have nothing to hide and nothing to fear, as they say. If you're already doing shit you need to hide from the gov, you deserve to get caught if you trust a corp.
@MindOfJoe @jpaskaruk Haha, except that it's not as simple as your first statement, is it? If two people want to adopt it, chances are the first person who suggested it be used then has to educate the second person, find out what platforms and software they use, and help them go through getting everything going.
That's where more adoption would help, and if trustworthy email clients build in the support appropriately, we should have fairly trustworthy systems.
Of course I'm speaking strictly about E-Mail here. For appropriately technical types, validating pgp signed files and whatnot should be fairly common, I would hope.
@jpaskaruk @MindOfJoe To play devil's advocate - I'd say that if you leave privacy & security until you absolutely need it, it's probably too late.
We currently have pretty big issues where most everyone's so nonchalantly leaking data about themselves that it's pretty clear that we should be taking way more precautions than we currently are. The US should be teaching a pretty big lesson right now that our current digital footprints are able to get the new books thrown at you for doing something that was legal months ago and is important for keeping you alive.
And here we are still using plaintext email like it's 1987. 😉 Automatic encryption-switched-on emails would be great.
Still lots to work on in the bigger picture beyond that, of course.
@kinetix @MindOfJoe I absolutely agree that we have collectively been, not just ignoring crucial security and privacy issues, but actively working against our better interests in every respect. The desire to be on the yacht instead of on the polluted shore is a powerful motivator.
But I still think that adoption is a neutral factor, overall, and I think if there were suddenly a mass movement of people learning to use something more handcrafted like this, that would be the final impetus for all oppressive govs to outlaw non-backdoored encryption.
I also think the outlawing of it is inevitable, but the longer it flies under the radar, the longer those who really and truly need it will be able to quietly use it.
@jpaskaruk @MindOfJoe I don't know that I'd agree with that... mostly because governments are already trying to wreck or outlaw encryption here and there. I feel like that's a lost battle for them, for the most part - in that I don't think it's flown under the radar at all for them.
@kinetix @MindOfJoe Ahh, but why don't they seem to care, when techbros are generally refusing to hand over the info?
Answer: Because they can just buy it from the data brokers. They don't need to break encryption as long as people are using big tech, because the phone collects all the important stuff, and it's available at bargain basement prices, compared to the political capital of doing the legal necessaries.
If we form a resistance movement and stop using anything from SV, they will very quickly do the formalities.