[pentaphobe]

> Of course, there are potential problems with allowing private companies to hold the keys to all of your sensitive conversations. But, these projects are generally less vulnerable than PGP because they are independent, says Green.

> “When something goes wrong with WhatsApp, WhatsApp fixes it,” he says. “When something goes wrong in the amorphous PGP community, no one puts their hand up to fix it.

This is some whacky reasoning, explaining away the questionable trust of for-profit entities holding your keys by saying "at least they're segregated islands of questionable moral fibre!"

My distrust of WhatsApp and the like is far less about fixable vulnerabilities, and far more about their underlying business models.

With raw tech like PGP, this isn't a concern - I don't have to trust a key server not to decrypt my data and sell it to advertisers _because they theoretically can't_

---

Overall this article seems to play pretty fast and loose with argument logic, seems a little weasel-wordy from my (very) brief skim. Are they saying PGP is dead because the UX sucks, or because there are vulnerabilities?

All feels very "seatbelts are uncomfortable, but modern cars are super safe - just trust that other drivers won't be idiots"

[Barrin92]

The general argument is that open protocols tend to be stagnant while private ones are not, and that is true.

Private protocols can iterate faster, have a vested financial interest to not lose customers, are often not required to be as backwards compatible which further slows updates and they can tightly integrate from backend to user. Open protocols always tend to be disjointed, i.e Email + PGP whereas something like Signal is just integrated because it's all under control of a single entity.

In reality, and this is evidenced by user choice, that level of integration is important. It's why 99.9% of users are on Twitter, and not on Mastodon.

[yellowapple]

> have a vested financial interest to not lose customers

This is just as satisfiable - if not more so - with slick marketing and platitudes than with actual security.

[dane-pgp]

> Private protocols can iterate faster, ... like Signal is just integrated because it's all under control of a single entity.

The speed of iteration is of little comfort when what they are iterating is against the wishes of the users who are captive to their network effects.[0]

> It's why 99.9% of users are on Twitter, and not on Mastodon.

I dare say that Twitter also generates 1000 times more revenue than all Mastodon instances combined, so all that's proven here is that having more money lets you make a more addictive website. That's not necessarily something we should be celebrating, especially as users are paying with their privacy and the stability of their societies.

[0] https://www.stephendiehl.com/blog/signal.html

[amanaplanacanal]

It sounds like it is amazing we are all still using the IP stack to communicate.

[mrjin]

I've read through, it seems they are claiming it's for PGP to die because of someone else's bugs such as Outlook etc. And as per claiming the bug needs to be triggered by crafted html. So here come two more questions: 1. How does such html get injected into the email in the first place? 2. Why would someone ever use html instead of plain text for important emails that needs to be encrypted?