[Top] [All Lists]

Re: [openpgp] Manifesto - who is the new OpenPGP for?

2015-03-25 19:44:52
You guys are taking it as axiomatic that a high-quality UX can't be
provided for users of OpenPGP.  Used OpenKeychain recently? Not quite there
yet, but I think your axiom is looking a little shaky.
On Mar 26, 2015 12:34 PM, "ianG" <iang(_at_)iang(_dot_)org> wrote:

On 25/03/2015 00:30 am, Christoph Anton Mitterer wrote:

On Wed, 2015-03-25 at 00:17 +0000, ianG wrote:

I think differently - I think a system that doesn't target the masses is

Any proofs for this?


 OpenPGP (probably not targeted for the masses)
         => still okay and secure

PGP - pretty good privacy - was targetted at the command line masses of
the pre-web Internet of 1992.  Still ok, still secure, but ...

The definition of the masses has moved on.  OpenPGP no longer targets the
masses.  And, in my view, unless something good comes out of the current
Yahoo-google-friends partnership, will slowly fade.

 X.509 (absolutely targeted for the masses)
         => inherently broken (unless of course one trusts the Mozilla
            CAs, e.g. turktrust and CNNIC O:-) )

No.  It never targetted the masses.  They only tell you in their marketing
that it's "for the masses" so as to appease the browsers which have users
as clients.  You bought that because they kept saying it so many times they
believe it themselves.  But no.  x.509/PKI/CAs are for the corporates.

x.509 is irrelevant for privacy, expecially of the PGP variety.  And in
the pre-web telco 1980s days the fixed-line masses, it was never intended
to be a privacy system, but an anti-privacy system.  It was intended to map
the world's population for the exploitation and control by the world's
telcos, being national champions and in bed with governments and intel.

 XMPP (*intended* for the masses, but basically failed (actually, mostly
      thanks to the big players and greedy companies like wotzapp)
      => well, at least people have their freedom

Hmmm, I don't know why it failed.  It didn't fail because of the *zapp
companies, they simply did a better job.  Yes, I agree that the players
wrote things like OTR as privacy, but I would agree that essentially they
failed, it's another lesson.  Let's learn from it.

 Skype,Hangouts,Wotzapp (targeted for the masses, backed as such by the
                         big players)


                         => people completely surrender to the vendors and
                           their conditions (and don't these typically
                           even include that the vendor may do basically
                           anything he likes with the data, including
                           selling it?)

Right.  So let's take google mail.  google's meta is data data data. All
your data are belong us.  Which meant that google had conflicted
inventives, which got sliced open by NSA.  Hence today's story.  Hence, I
have difficulty in saying that google are PGP people in the sense of pretty
good privacy - who we are on this list are about.

Skype I would say were much more our sort of people, until they sold to
ebay.  Then their new masters had ... different ideas, but that story has
never been told in public, so let's not get distracted.

But back to your question:  do we need to target the masses to survive?
Yes.  Skype, google, Whatsapp, snapchat, Facebook, Apple iMessage, etc are
still all in business and are providing revenues, and they provided what
privacy they did as a secondary to delivering a revenue-generating service
to the masses.  Absolutely.

Whereas the PGP community took the old 1992 model of privacy absolutism,
and found that their brief spurt of success in building a community around
key signing parties and so forth ... was steamrollered by the wider
onslaught of the open web.


openpgp mailing list

openpgp mailing list