[broswell]

PGP Usabilty:

In the old days (Groupwise?) I found PGP easy to implement and use. Today I find it nearly impossible. Apparently I am not alone.

http://www.gaudior.net/alma/johnny.pdf

I have found S/MIME a bit easier to implement, but still much harder.

Is it a conspiracy to keep people from using crypto?

[unfunco]

I was using Groupwise in 2007 at a previous employer, and PGP was definitely easy to use with Groupwise. I worked in a MIS department for a large UK company, and the customer services department was in a small town in Wales, the kind of town where not many people had broadband in 2007, and the staff were not trained in any technical specialty, it was mostly just people with jobs instead of people with careers. The staff used to send banking information using PGP and Groupwise and people rarely had issues.

The problem now is the increasing number of centralised services, Google doesn't want to be storing encrypted emails within Gmail, because the content cannot be analysed for advertising purposes. And the same goes for other free email providers. It's still possible, but it is increasingly difficult.

[JshWright]

Well, given the fact that Phil himself doesn't use PGP, I don't think I'd call it a 'conspiracy'. It just turns out that reliable, secure, identifiable crypto is hard to do...

That's why prz is doing Silent Circle now. VoIP crypto is actually easier, since you can rely on the fact that it's very difficult to convincingly forge someone's voice. Tie that to the crypto verification (via SAS) and it's easy for anyone to have a secure channel they're confident is actually secure.