[bigiain]

I suspect you've made less favourable assumptions about the resilience of OpenSSL and GPG than I have - but while I have _doubts_, I'm aware that I've got nowhere near the expertise required to participate in discussions about whether the NSA has working attacks against them - but that people who I trust _do_ have the expertise mostly seem to be saying that they're both _probably_ safe, and are both _almost certainly safe_ against dragnet "intercept and archive everything" surveillance.

"Is really naive thinking that …"

I think it makes somewhat more sense for me - since I reside outside the US. I'm reasonably sure that SSL transported encfs encrypted files moving between Australia and Norway - even when routed over US based or US company owned backbones - is reasonably safe from dragnet surveillance.

At the same time, I have no doubt that if "government" becomes interested in me specifically - all my privacy precautions will not stand up to nation-state level scrutiny. The right combination of "leaning on" Apple, Dropbox, and Agilebits (the company behind 1Password) would - given expertise the NSA no doubt has, and sufficient time - eventually reveal almost all my keys, passphrases, and passwords. But then so will the $5 wrench, the rubber hose, or the threat of jail time.