Re: [openpgp] Manifesto - who is the new OpenPGP for?

On 25/03/2015 00:30 am, Christoph Anton Mitterer wrote:
> On Wed, 2015-03-25 at 00:17 +0000, ianG wrote:
> > I think differently - I think a system that doesn't target the masses is
> > doomed.
> Any proofs for this?
Yup.

> OpenPGP (probably not targeted for the masses)
>          => still okay and secure
PGP - pretty good privacy - was targetted at the command line masses of 
the pre-web Internet of 1992.  Still ok, still secure, but ...
The definition of the masses has moved on.  OpenPGP no longer targets 
the masses.  And, in my view, unless something good comes out of the 
current Yahoo-google-friends partnership, will slowly fade.

> X.509 (absolutely targeted for the masses)
>          => inherently broken (unless of course one trusts the Mozilla
>             CAs, e.g. turktrust and CNNIC O:-) )
No.  It never targetted the masses.  They only tell you in their 
marketing that it's "for the masses" so as to appease the browsers which 
have users as clients.  You bought that because they kept saying it so 
many times they believe it themselves.  But no.  x.509/PKI/CAs are for 
the corporates.
x.509 is irrelevant for privacy, expecially of the PGP variety.  And in 
the pre-web telco 1980s days the fixed-line masses, it was never 
intended to be a privacy system, but an anti-privacy system.  It was 
intended to map the world's population for the exploitation and control 
by the world's telcos, being national champions and in bed with 
governments and intel.

> XMPP (*intended* for the masses, but basically failed (actually, mostly
>       thanks to the big players and greedy companies like wotzapp)
>       => well, at least people have their freedom
Hmmm, I don't know why it failed.  It didn't fail because of the *zapp 
companies, they simply did a better job.  Yes, I agree that the players 
wrote things like OTR as privacy, but I would agree that essentially 
they failed, it's another lesson.  Let's learn from it.


> Skype,Hangouts,Wotzapp (targeted for the masses, backed as such by the
>                          big players)
Yup.


>                         => people completely surrender to the vendors and
>                            their conditions (and don't these typically
>                            even include that the vendor may do basically
>                            anything he likes with the data, including
>                            selling it?)
Right.  So let's take google mail.  google's meta is data data data. 
All your data are belong us.  Which meant that google had conflicted 
inventives, which got sliced open by NSA.  Hence today's story.  Hence, 
I have difficulty in saying that google are PGP people in the sense of 
pretty good privacy - who we are on this list are about.
Skype I would say were much more our sort of people, until they sold to 
ebay.  Then their new masters had ... different ideas, but that story 
has never been told in public, so let's not get distracted.


But back to your question:  do we need to target the masses to survive? 
 Yes.  Skype, google, Whatsapp, snapchat, Facebook, Apple iMessage, etc 
are still all in business and are providing revenues, and they provided 
what privacy they did as a secondary to delivering a revenue-generating 
service to the masses.  Absolutely.
Whereas the PGP community took the old 1992 model of privacy absolutism, 
and found that their brief spurt of success in building a community 
around key signing parties and so forth ... was steamrollered by the 
wider onslaught of the open web.


iang

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp