Don't bother. While I have much sympathy for the average user and see several problems with PGP, the gen-pop here is creating way too much buzz around a tool that is working reasonably well.
And with respect to the PGP-user / character link.. this is just beyond stupidity.
I’d recommend that people avoid PGP and use modern cryptography. Eg. AGE, It uses far less and simpler code, so it can be audited. PGP is a complicated old mess.
25 years of people trying to figure out how to use it. I think the population of PGP users has some extreme selection pressure acting on it--it's a bunch of people who want security and don't care how bad the UX is.
The whole article is basically "lol look at this thing that is actually relatively well supported with a small amount of work, but I couldn't be bothered to spend time doing some research about my use case and instead just read the first google result I found, so I'm going to crap all over it and make it look worse than it actually is for Internet Karma."
And the comment about being a novice, looking at the rest of the blog site implies the user has some level of competence when it comes to computing technologies as they are messing around with webserver configs etc.
I find this kind of arguments ridiculous. Sure PGP is not perfect in all cases, but advocating not using it at all is like throwing away the baby with the bath water.
And personally, I think the points made it the linked article are weak.
I really think you're vastly exaggerating the difficulty of using PGP properly. With Enigmail and a small sheet of instructions, anyone slightly computer literate should do fine.
And there simply aren't any better alternatives for encrypting emails or files for transmission. I'd love to be wrong about that, but I haven't seen anything.
So far there has been a lot of hate on Hacker News about PGP. I'm sure most of it is true, maybe we shouldn't use PGP. However, every single one of these that offers suggestions cops out at end about encrypted files leave people with.. PGP.
So my question is this: is PGP itself to blame or are people basically saying, "Don't use PGP unless you know what you are doing."
I don't really know what concrete advice the article gives for me personally. (The only thing I take away from this is to learn libsodium as well, rather than not using PGP.)
PGP has horrible user experience for experts. Its CLI is incredibly un-intuitive and needlessly complex and integration with mail clients is poor to non-existent.
It's not true that something isn't valuable just because it hasn't scaled.
PGP has an outdated and confusing UX, a broken threat model, and is extremely bad in many respects. But it does have users, and for some people and some tasks, it works better than alternatives. (My use cases: exchanging routine work email with other nerds who have it set up, share confidential documents.)
So, while we shouldn't minimize its very major problems, we shouldn't pretend that its user base does not exist and that it's not addressing at least some use cases.
What software are you talking about? I've seen very clever people struggle with PGP. In fact Ed Snowden famously screwed up when he first emailed Glenn Greenwald.
And with respect to the PGP-user / character link.. this is just beyond stupidity.
reply