[Top] [All Lists]

Re: [openpgp] Manifesto - who is the new OpenPGP for?

2015-03-25 18:34:02
On 25/03/2015 00:30 am, Christoph Anton Mitterer wrote:
On Wed, 2015-03-25 at 00:17 +0000, ianG wrote:
I think differently - I think a system that doesn't target the masses is
Any proofs for this?


OpenPGP (probably not targeted for the masses)
         => still okay and secure

PGP - pretty good privacy - was targetted at the command line masses of the pre-web Internet of 1992. Still ok, still secure, but ...

The definition of the masses has moved on. OpenPGP no longer targets the masses. And, in my view, unless something good comes out of the current Yahoo-google-friends partnership, will slowly fade.

X.509 (absolutely targeted for the masses)
         => inherently broken (unless of course one trusts the Mozilla
            CAs, e.g. turktrust and CNNIC O:-) )

No. It never targetted the masses. They only tell you in their marketing that it's "for the masses" so as to appease the browsers which have users as clients. You bought that because they kept saying it so many times they believe it themselves. But no. x.509/PKI/CAs are for the corporates.

x.509 is irrelevant for privacy, expecially of the PGP variety. And in the pre-web telco 1980s days the fixed-line masses, it was never intended to be a privacy system, but an anti-privacy system. It was intended to map the world's population for the exploitation and control by the world's telcos, being national champions and in bed with governments and intel.

XMPP (*intended* for the masses, but basically failed (actually, mostly
      thanks to the big players and greedy companies like wotzapp)
      => well, at least people have their freedom

Hmmm, I don't know why it failed. It didn't fail because of the *zapp companies, they simply did a better job. Yes, I agree that the players wrote things like OTR as privacy, but I would agree that essentially they failed, it's another lesson. Let's learn from it.

Skype,Hangouts,Wotzapp (targeted for the masses, backed as such by the
                         big players)


                        => people completely surrender to the vendors and
                           their conditions (and don't these typically
                           even include that the vendor may do basically
                           anything he likes with the data, including
                           selling it?)

Right. So let's take google mail. google's meta is data data data. All your data are belong us. Which meant that google had conflicted inventives, which got sliced open by NSA. Hence today's story. Hence, I have difficulty in saying that google are PGP people in the sense of pretty good privacy - who we are on this list are about.

Skype I would say were much more our sort of people, until they sold to ebay. Then their new masters had ... different ideas, but that story has never been told in public, so let's not get distracted.

But back to your question: do we need to target the masses to survive? Yes. Skype, google, Whatsapp, snapchat, Facebook, Apple iMessage, etc are still all in business and are providing revenues, and they provided what privacy they did as a secondary to delivering a revenue-generating service to the masses. Absolutely.

Whereas the PGP community took the old 1992 model of privacy absolutism, and found that their brief spurt of success in building a community around key signing parties and so forth ... was steamrollered by the wider onslaught of the open web.


openpgp mailing list