[leot]

These aren't threat scenarios. They're advantages to having PGP

Eliminate most spam. Talk with your bank/do trades over email. Talk with your physician. Sign documents.

With webmail-based PGP, people are strongly incentivized to use this to avoid requiring users to sign in to other websites.

[6d0debc071]

I don't think having to sign into other websites is that much of a bother, nor that people are that motivated to talk to their bank or physician on a regular basis that would drive adoption of this sort of thing.

And in return you have to stick all your eggs in one basket, get what would probably end up being a single persistent online identity that goes under your real name (if it's tied to an email address you use for business stuff), and that's owned by a company and may not even be willing to give them back to you (would you even own the private keys if it was being implemented on the server?)

[leot]

There's really an amazing lack of imagination here, both from a threat avoidance perspective and a potential awesomeness one.

The deployment model is this: one large webmail provider starts doing PGP by default via its webclient. Maybe it provides your with private keys, maybe it doesn't. Fact is that it doesn't much matter, because as soon as a large webmail provider starts doing PGP/PKI, the two biggest problems with adoption (namely, that there's no one to use it with, and it's kind of a pain to use anyhow) are basically solved. And as soon as this happens, there starts being a competitive market where providers can begin improving on each other's implementations. Any provider that doesn't give users their private keys won't have much of an ethical argument for doing so, and so it probably would, anyway. There will, as always happens, be a feature war, except with PGP involved some of that war will involve privacy/encryption/reliability concerns.

(PGP also makes spear phishing much harder).