[betwixthewires]

> Users have a public key and a private key – senders use the former to encrypt messages, which can only be decoded by someone who has access to the latter.

Kind of nitpicky, but I'll be cautious taking clickbaity claims like "PGP is dead" from someone who makes such a mistake in their first paragraph.

[Jtsummers]

It's more like they're sloppy than that they've made a mistake.

The session key would be encrypted with the recipient's public key so that they (and hopefully only they) can decrypt it and then decrypt the message encrypted with the session key. The sender would use the recipient's public key.

[betwixthewires]

That's my point. Someone with such little attention to detail that they're this sloppy has no business dictating to the world anything really. Either you don't know what you're talking about or you don't proof read before you publish. Either way don't tell me what's dead and what's not.