[metildaa]

Fax has a carve out in PCI & HIPPA compliance, and there is a huge existing momentum behind continuing to use fax.

Alternatives for actually secure document transmission boil down to difficult to use private messaging/"secure" email systems (that only work in their walled garden).

Many in the general public get frustrated with these walled gardens, as it is another login & interface to remember, and their credit union/bank, healthcare provider, company, etc will each have its own totally unique system

[Zak]

> Alternatives for actually secure document transmission boil down to difficult to use private messaging/"secure" email systems (that only work in their walled garden).

Oh bloody hell. Begin rant.

We've had PGP for 27 years. Twenty seven years. Since 1991. Why the hell haven't we, the tech community, gotten the rest of the world to use it? I think the only person I've had a PGP-encrypted email exchange with is my mother. It's not a walled garden, and it solves the problem described here perfectly.

We could have vote-by-email (using the key registered when registering to vote). We could have universal passwordless login. We could have virtually all communications secure from eavesdropping all the time. But no, nobody uses it outside of a few computer geeks, spies, and journalists.

[metildaa]

I use PGP, but it is a pain in the ass to use, severely stunting its usr. Normal people can't effectively use PGP without significant training, hence no one outside some DMCA notice bots using PGP in production for the common person to see.

Even Riot with its fucked up key mismanagement is easier to use as a normie than PGP, though its looking like Riot will fix most of those trusted key management issues soon with the PRs that are about to land.

Signal is the gold standard for secure, easy to use crypto at this point IMO. Hopefully Briar continues to improve tho, normie friendly metadata free communication is highly alluring, and the key management is a middle ground between Riot and Signal.

[Zak]

PGP isn't that hard to learn, and 20 years ago when the main form of online messaging was email, using a desktop email client, it was easier. It would be considerably harder now with everyone communicating in walled-garden platforms.

I think we really missed an opportunity, and I don't see a way forward to a world where PGP keys are a widely-used basis for security communication and verifying identity online.

[qrbLPHiKpiux]

Key strokes required. Everyone taps today. Tapping input on a device is horribly inefficient.

[Zak]

This is one of several reasons about 1998 would have been the right time to popularize it, not 2018.

[tim333]

Though a plus of 2018 is people are being forced to sort out public and private keys if they want to muck about with cryptocurrency.

[tim333]

I was just reading '15 reasons not to start using PGP' https://secushare.org/PGP and it's quite impressive the number of issues I never would have thought of.

[walterbell]

IETF is working on a protocol for interoperable E2E encrypted messaging, https://datatracker.ietf.org/wg/mls/about/

[Zak]

That's cool and all, but it seems to me this is more a problem of user adoption than technology. PGP provided a pretty good solution for end-to-end encrypted messaging, and a whole bunch of people who should really be adopting that solution are using fax machines.

[walterbell]

Cisco, Google, Facebook, Apple and others are participating in MLS. The scale of messenger adoption is already much larger than PGP ever achieved, but they are not yet interoperable (like fax) with strong E2E encryption.

[Zak]

Participating in the creation of a standard doesn't always lead to integration into end-user products, but we can hope.

[walterbell]

Ubiquity is a goal, similar to WebRTC.

Both protocol availability and support in widely deployed messengers will be necessary. Key/identity management will need to pass regulatory/legal scrutiny, but once we have interoperable, multi-vendor encrypted messaging that is usable by mere mortals and globally available at low cost, various groups can start lobbying for regulations that encourage migration to MLS-enabled communication.

The other issue with digital messaging is endpoint security and message archives, after the message has been transported. A pile of faxes is not easily accessed remotely, unlike a disk with message archives.

[mlindner]

> We could have vote-by-email (using the key registered when registering to vote).

This doesn't work. You still have all the problems of denial of service, hidden hacking leaking of keys, among many other issues.

[someguydave]

>why nobody uses pgp?

Well, the simple answer is that it's really only in the interest of the end-user and not in the interest of the telecom firms, platforms, or governments intermediating end-users.

[nradov]

Direct Project secure messaging can be fully HIPAA compliant when properly implemented. Multiple vendors offer that service; it's an open standard and not a walled garden.

http://wiki.directproject.org/Main_Page