[DanBC]

> I know metadata is at least as sensitive as the actual content, but you need to pick your battles. If we get people to widely use GPG to encrypt the content of their emails, that is already a huge win. Why? Because they're now using a public/private key infrastructure. And as you are probably well aware, as soon as everyone involved has secure private keys, implementing all sorts of nifty crypto strategies to hide pretty much whatever you want, is just a matter of adding protocols. And that can be done pretty transparently, if only the intended users would already be using keypairs for identity management. So, IMO, even if just encrypting the content is not quite complete privacy, it's a great step on the way to getting there.

True, but key-pairs pretty much cryptographically ties a real person to an online identity, and so that makes meta-data more valuable, and makes "give us your keys or go to jail laws" more scary.

[rlpb]

A PGP key is generally tied to an email address. So autogenerating PGP keys per-email-address surely doesn't tie anything to a real identity any more than an email address already does?

[tripzilch]

but you can make as many keypairs as you want or need. just like the circles in G+, except with privacy :)