[Zigurd]

Around here you'll get a lot of "How dare you say Google isn't doing enough..."

The problem with that is there is a minimum threshold: Web-of-trust for key exchange; open clients; encryption the default, etc.

Google can be lauded for being 5% of the way there while everyone else is dawdling and hoping the toothpaste goes back in the tube. But that's not the same as actually equipping their users to trust nobody as the usual day to day way of working.