"The PGP Problem"


(no connection to the author)


Absolutely great article. Of course, I don’t understand half of it, but I understand enough to know that the author is right.

Amusingly, when I’ve said as much on r/privacytoolsIO, or other mass-market geek channels, I’ve invariably been lambasted.

There are engineers, and then there are geeks.

1 Like

Some of my favorite PGP-bashing links:

Giving Up on PGP - Schneier on Security

SKS Keyserver Network Under Attack - Robert J. Hansen


These are well-known problems for years. However, there are still some people telling you that GPG is perfect for e-mail encryption¹. It is still fine for some purposes (e.g. signing), however, there are many disadvantages.

¹ as long as you write/send text-only e-mails, don’t embed anything, use additional non-standard functions to encrypt some additional information, use gpg via CLI only, additionally enforce strong TLS protection, buy some security tokens, don’t use it on smartphones, laptops etc., upload your keys to the right key server … … …