[aquabeagle]

Typical security industry contrarianism.

"Stop using that thing that mostly works as intended and is integrated into lots of email clients and systems, and has a number of independent implementations, and has the decentralized properties that match email."

"What should we use instead?"

"shrug You can send encrypted stickers in Signal, isn't that neat?"

If you're going to advocate for everyone to stop using something that they rely on, make sure there's a viable alternative for them to switch to first (or throw your weight behind making/enhancing one). Otherwise you're just telling people to stop using plastic straws and giving them shitty paper straws in exchange. People know they're bad but the alternatives are worse to them so they stick with the bad thing.

[nothrabannosir]

If you consider PGP something that mostly works, and Signal the fringe contrarian view, then we have wildly different experiences around usability, and the relative popularity of those tools.

I couldn’t get any of my friends or family on PGP to save my life, and some of them are programmers. I am now at a 50/50 split in volume on Signal v WhatsApp, and most people I never even suggested it to. And they use it correctly (because that’s the only way you can).

Seriously: how is PGP something that mostly works, and how is Signal contrarianism? Isn’t it the other way around by now?

[sergiosgc]

Signal is non-federated. That, alone, is a showstopper as an email replacement.

Open and federated protocols and services should be our target. It is hard designing them, but if we could do that in the past, we should be able to do so today.

[nothrabannosir]

Two replies about email replacement; I feel like we’re getting off track. Signal is for secure, end to end encrypted communication. Ideally that would be all communication, but that isn’t realistic in today’s world.

TFA merely says: if you were gonna use PGP, use Signal instead. It’s a trade off. While we target these open and federated protocols, let’s not throw people who actually need encryption today under the bus.

So to the question of replacing email: unless all your email is currently PGP encrypted, you don’t need to drop your email just yet.

[sergiosgc]

> So to the question of replacing email: unless all your email is currently PGP encrypted, you don’t need to drop your email just yet.

You don't need to drop email at all. If you trade protocol openness for encryption, you are acquiring technical debt. How long are going to do this dance of switching between instant messenger protocols? ICQ -> AIM -> MS Messenger -> Hangouts -> WhatsApp -> Signal -> ???.

Open protocols (open in specs and federated in access) are the only way to stop this madness.

[Dolores12]

In the past Google and Facebook supported xmpp(jabber) protocol. That was real step in right direction. You could use your client and OTR plugin to encrypt all communications. It all ended in 2015.

[lvh]

Do you have an opinion on why that happened?

(I think a lot of useful Signal properties are much harder to do with federation, but that’s a subtle enough problem that it warrants a long form post, not a HN comment. I agree that ceteris paribus federation is better than not—but c.p. is doing a lot of work there :))

[loudmax]

IMHO, Matrix currently has the best shot at becoming the standard for the open internet.

Those who value the freedom of choice should push for Matrix before Signal becomes the de-facto standard and is acquired by one of the tech giants looking to lock down control of communication.

[Andrew_nenakhov]

Matrix is too dependent on it's only vendor in existence, their only server in existence has performance issues. Also, a monolith standard is hardly viable for federated networks, where all nodes can't upgrade all at once.

[amdavidson]

Fortunately Signal is a well funded non-profit which reduces the likelihood of its acquisition significantly.

[robertony]

I'm still using ICQ...

[Andrew_nenakhov]

> Signal is for secure, end to end encrypted communication. Ideally that would be all communication, but that isn’t realistic in today’s world.

Do you seriously believe that ALL communication working through a single proprietary non-federated service would be a good thing? !

[nothrabannosir]

I’m having a hard time believing just how polar opposite of my point people are taking me, I must be explaining myself very, very poorly.

Let go of the idea of “good”, nothing is currently good. Everything is terrible. The only thing that’s “good” is a federated, open, and secure in practice protocol (I.e. not just for people who use it properly, but for people who is it full stop. Like HTTPS, for example.) Today, we don’t have that. Let’s work towards that. Let’s make it happen tomorrow.

But today: federated or secure, pick one. (See TFA)

Meanwhile , there are people , today, with a real need for encryption. (See TFA) A need that transcends our long term plans. These people look at what “techies” do and say, and they imitate it. That’s the way of the world.

It is currently PGP. That is not secure, in practice when used by those people (see TFA). Therefore, we need to stop using PGP, use Signal for now, until we have an actually good solution that is better than Signal and PGP.

That’s the summary of the article.

Nobody is talking about replacing all email. Nobody says the status quo is good. Heck, nobody is really arguing for Signal, as much as arguing against PGP, and signal winning by default. That’s all.

We’re all on the same side here, guys. It’s just a matter of temporary compromise.

[sergiosgc]

> We’re all on the same side here, guys. It’s just a matter of temporary compromise.

I get that, and I actually agree with you on almost this whole comment. The problem of the temporary compromise on Signal is that I don't believe it is temporary. Signal is actually good enough to prevent the transition to the optimum. Being non-federated, Signal will always have a single point of failure, but this will get masked until it is eventually exploited.

[Quiark]

You mean gmail?

[FabHK]

> TFA merely says: if you were gonna use PGP, use Signal instead.

The article mentions Magic Wormhole, age, and Signal, IIRC.

[tptacek]

So ergonomics trump security for you. That's fine. Stop telling people that they can safely follow your lead, because you've prioritized things other than their safety.

[sergiosgc]

An incremental evolution may cause us to get stuck in a local maximum. You are correct that the incremental step is necessary. You are ignoring that this incremental step sets us onto a path of closed protocols. In time we'll be worse off.

[tptacek]

So that's two things you think we should prioritize over people's safety: ergonomics and technological progress. You're digging the hole deeper for your argument.

[sergiosgc]

Only one. I never mentioned ergonomics.

[emilsedgh]

Nobody talked about usability or widespread adoption.

Article was targeted at people who are using PGP and urged them to stop using it without, offering a viable alternative and the parent comment called it out.

[soraminazuki]

> Nobody talked about usability or widespread adoption

This directly contradicts the original comment.

> Article was targeted at people who are using PGP and urged them to stop using it without, offering a viable alternative and the parent comment called it out.

The article has an entire section explaining alternatives. The first link in the article [1], also written by the same author, has an even longer list of alternatives. It's hard to miss.

[1] https://latacora.micro.blog/2019/07/16/the-pgp-problem.html

[rstuart4133]

> Seriously: how is PGP something that mostly works

The entire Debian infrastructure is secured with PGP. PGP emails, PGP signatures, PGP encryption.

Seriously: it doesn't just "mostly work". It's rock solid battle tested for 20 years, and thousands of people use it without needing hand holding.

[nothrabannosir]

The topic here is “PGP in e-mail”, not PGP full stop. It’s all in the TFA, including a comprehensive list of reasons why it does not just work. Even with handholding, let alone without. If you disagree with any of those specific examples, please do elaborate, but at least address them. They’re good points.

Nobody is suggesting people switch to Signal for distributing .debs...

[eitland]

There's a lot of good things to say about Signal, but if it should replace email:

How do I export it for long time storage and for auditing?

Edit: to avoid confusion, I read in the help files that I can export my chats, but it seems clear that those exports are only supposed to be imported into another instance of Signal.

[tptacek]

I don't think Signal should replace email. I don't think email is going anywhere.

[eitland]

Edit:

So, your point over the last couple of years can be distilled down to:

- use Signal if you need actually secret mesaging.

- otherwise: anything goes, including iMessage and email.

- don't participate in security theatre

?

(Was:

------ So, again if I read correctly:

- unencrypted mail good,

- encrypted mail bad

?

------

But this is a not so subtle reference to Animal Farm and while it is probably funny it goes far beyond what I mean. )

[aquabeagle]

If you consider PGP something that mostly works, and Signal the fringe contrarian view

We're talking about email here, so yeah, the number of encrypted emails I've received with PGP is non-zero and through Signal is zero.

[ColanR]

I don't think either are good options. I was reading on here recently about the $2.1M that the US gov paid (indirectly) to Signal, with the implication of the associated compromise of integrity. And PGP is so labyrinthine that most of the mail tools implementing it had been compromised for more than a decade. [1]

Whatsapp? It's owned by Facebook, as we know, and I wonder if we can believe that we put on there is actually safe. I think that would be naive.

[1] https://arstechnica.com/information-technology/2018/06/decad...

[westmeal]

Hi, I'm having trouble finding any information on the 2.1M that you said the US gov paid Signal Foundation. Do you have a source? I'd love to know if this is true.

[dunkelheit]

The OP is probably referring to financing that Open Whisper Systems (precursor to the Signal foundation) received from Open Technology Fund (https://www.opentech.fund/results/supported-projects/open-wh...) which according to the Wikipedia has ties to the US government (https://en.wikipedia.org/wiki/Open_Technology_Fund). I guess the idea was to provide encrypted means of communication to dissidents in US-hostile countries.

Though I think it is a moot point. Signal foundation is a US organization and its officers are US citizens. I don't think the US government will have any trouble coercing them to do its bidding regardless of whether it financed them or not.

[westmeal]

I see. Since the PATRIOT act was put into place the US government can pretty much justify anything at this point so i tend to share the same viewpoint. Thanks for the sources man.

[upofadown]

>None of the vulnerable programs enables verbose by default,...

So the compromise is mostly theoretical...

[ifdefdebug]

The author is not saying to stop using email. He wants you to stop pretending it can be secured. If people think that "works as intended" means their email communication privacy is secured, and their personal safety depends on it, then those people are in danger.

Basically, he argues you can't trust encrypted email for any content you would not also be fine to send over an TLS secured wire.

[GoblinSlayer]

The title is "Stop Using Encrypted Email" though.

[soraminazuki]

Yes, which confirms the parent comment's point. Note the title refers to encrypted email, and not email in general.

[lvh]

That sounds congruent with both GP’s point, and the intent of the author.

[jtbayly]

And you should. Because it’s pointless, as he demonstrated quite well.

[belorn]

That sounds awful close to advocating in favor of more plain text and less encryption.

[tptacek]

It sounds like that, but because of how encrypted email actually works in the real world, it's actually the opposite.

[belorn]

That sounds like an extra ordinary claim that telling people to encrypt their email will cause more unencrypted emails.

Claims like that need extra ordinary support. Spend money on a study where one company employees are told to encrypt their work emails, with an other company being told to not encrypt their work emails. At the end of the study, see which one encrypts more.

Common intuition say that the one being told to not encrypt will not have more encrypted email conversation than the other. At worst both have the same amount, and at best the one being told to encrypt has more encrypted conversations because they are more security aware.

[tptacek]

If it's an extraordinary claim, it's backed by extraordinary evidence. Modern secure messengers make it difficult (or even impossible) to accidentally send a plaintext message. Meanwhile, plaintext replies to encrypted emails are such a widespread phenomenon that practically everyone who has used them at any kind of scale has witnessed them. The reason those opsec lapses aren't newsworthy is because the underlying messages are unimportant, so nobody cares. Which is why it's important that people understand that almost all encrypted mails are LARPsec.

[belorn]

Failure in opsec does not prove that telling people to encrypt create worse security than explicitly telling people to not encrypt.

I do not see any extraordinary evidence that support your claim. It still sounds more like you are advocating for plain text, and since the encryption wars has been on going for the last 40 years it is worrying to see a new front being formed.

There are two requirements: Plain text should be banned from the network and sensitive data at rest in the hands of third parties should always be encrypted. Advancement in email security has gone forward enough that if both sides of a communication are running their own email server than the need for PGP has been made redundant. If however an untrusted third party is used by either side then the second requirement is not unfulfilled and sensitive data is leaked.

People can pretend that they don't have sensitive data and a single look at the company CRM, HR, customer registers and so on will show that it is really hard to operate a company without handling sensitive data which under GDPR has some real legal ramifications. A single email attachment and now a third party has a copy of that, and a data breach later at the service provider and a law suit happens. With that threat model and enough cases ending up in the news the cost of running unencrypted email goes up.

[miscPerson]

Is Signal supposed to be more secure than point to point TLS?

That doesn’t sound correct to me, and makes me wonder what the complaint about email is.

TLS encryption over a relay network seems like state of the art security, and something I’d trust much more than Signal to hide my metadata — which is how you’ll actually get killed in a “life or death” situation.

[cyphar]

Email-over-TLS provides encryption to your mail server, not to end-to-end encryption to the recipient of your email. That's what this entire discussion is about (and "encrypted email" in the article refers to PGP encryption, not TLS.)

[rstuart4133]

> and has a number of independent implementations

Actually it's slightly more than that: it's standardised. Signal for all it's niceties isn't. Even if you did emulate it (and you can because it's open source), it's a moving target so there is no guarantee what works today would work tomorrow. AFAIK, all existing reimplementations are incompatible.

Worse, it's infrastructure is centralised. There aren't 10 different lookup servers you can use interchangeably and cross validate. There is just one, situated in one country, and it happens to be a country whose government intelligence agencies have a long and colourful history of infiltrating and compromising organisations just like Signal.

The other thing major different is the PGP ecosystem does have key validation system, and in my experience it is actually used. People go to key signing parties and take them seriously. Signal also has very good key validation of course, but nobody uses it.

So while it's true to Signal can let kids chat to each other securely, the reality is it that security is very weak because they don't want to go to all that tedious setup the PGP / X509 ecosystems wants them to do. When they start a chat with someone new, they don't get a warning that could be anyone unless they use Signal's inbuilt (and very well designed) validation system. I guess such a warning might get in the way of the "frictionless experience" seems to love about it. As a consequence, when someone changes phones they have no idea of the importance of porting their Signal identity across, and when the other end gets the "Warning: Person XYZ changed their identity" (or whatever the wording is) they just shrug ignore it ("they must have got a new phone"). And with that whatever security Signal does provide collapses like a house of cards.

If the security industry claims Signal provides the same security as GPG/PGP while being easier to use, all that tells you is how little the people claiming to represent the security industry know about security. (This isn't to say if you use it correctly Signal won't provide a similar level of security - it does. But they it becomes as burdensome to use as PGP.)

[tptacek]

These are arguments about things other than safety. In discussions about whether things are "standardized" or "federated" or how their "ecosystems" look, the safety of actual people is an externality. That's especially so because the overwhelming majority of technologists with strong opinions about secure messaging never send a message that needs real cryptographic protection against a motivated adversary; the entire concept of safety is an externality to those people. But the real, life-or-death cases are not rare. It is malpractice to suggest that people entrust their lives (or their life's savings) to shoddy encryption so that other technologists can have a federated ecosystem of standards.

If this were and engineering discussion about tie rods holding elevated walkways in a downtown hotel, we'd have no trouble setting aside all the other arguments and recognize the core, overwhelming priority. But because our discipline is not an engineering discipline, despite pretending otherwise, we're forced to humor these frankly unethical debates.

[wglb]

>There is just one, situated in one country, and it happens to be a country whose government intelligence agencies have a long and colourful history of infiltrating and compromising organisations just like Signal.

Whereas that same agency is under fewer restrictions for targets hosted in other countries.

>the reality is it that security is very weak because they don't want to go to all that tedious setup the PGP / X509 ecosystems wants them to do.

Being tedious doesn't automatically improve security. See https://latacora.micro.blog/2019/07/16/the-pgp-problem.html and https://blog.cryptographyengineering.com/2014/08/13/whats-ma... and https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d695...: see the section on why broken stuff there won't be fixed.

[tptacek]

This, to steal a term from Paul Graham, is a lowbrow dismissal. You could make it without having read the article; in fact, there's no evidence in this comment that you have read the article at all. And the rebuttals to this comment are all in the article, which does not talk about "stickers" or require people to run Signal.

[lvh]

> Stop using that thing that mostly works as intended and is integrated into lots of email clients and systems, and has a number of independent implementations, and has the decentralized properties that match email.

I want to be sure I don’t misrepresent your point. By the thing that works as intended and has plenty of implementations, you’re referring to GPG/OpenPGP?

[norswap]

You seem to think poorly of Signal, but you don't give any reasons. What are they?