By the way, I haven't used PGP for a while beyond bootstrapping better forms of authenticated encryption or signing. I do occasionally deal with looking at the backlog of PGP encrypted emails, and I will sign emails as needed to confirm my identity, but I won't encrypt my mail.
Conversation
It's a completely garbage legacy technology with awful usability and poor security. I have no reason to encrypt emails to strangers because I'm not going to write anything I wouldn't write publicly here anyway. For anyone I want to talk to privately I switch to using Signal, etc.
Replying to
If you have a question that might as well be asked publicly, it's best to ask publicly and optionally anonymously on reddit.com/r/GrapheneOS or Twitter. Other people can benefit from the answer. I won't generally write in-depth responses like reddit.com/r/GrapheneOS/c for 1 person.
1
1
Also, please just use an anonymous throwaway account rather than deleting the question after an answer. The reason that I'm so often willing to give very in-depth answers on the subreddit is because other people can see it and find it in a search. If you delete, I wasted my time.
6
Replying to
Do you think there is no value in what you, as a dev of highly secure software, write in emails?
1
Replying to
Email isn't suitable for private communication. At most, I'll sign an email to bootstrap proper secure messaging tools. It doesn't make sense to rely on something as poorly designed and implemented as PGP to provide encryption and it's too painful to deal with it anymore too.
1
Show replies
Replying to
I wish Signal could be federated. Right now it's a huge central point of failure.
2
Replying to
Federation is a huge liability in other ways and holds back the privacy and security of the ecosystem by requiring backwards compatibility and ending up with a bunch of awful / poorly maintained implementations. I used to believe in XMPP + OMEMO, but I don't use it in practice.
1
2
Show replies