it looks like a cool project though what I'd love to see is some solution that makes PGP/Secure Email more accessible to the common person. I know hushmail, tutanota, and protonmail are all around, but still only works if everyone is on the same service.
it's interesting how secure email has been solved decades ago (how to do it) but making it accessible has been an ongoing struggle. :(
Anyone ran across a more tangible solution for the common man?
Why use PGP when there are such better alternatives these days? Signal springs to mind immediately. PGP is clunky in every way. I know I can readily communicate with almost every one of my workmates securely using Signal or WhatsApp. None of them would have anything other than a passing idea of what PGP was, or how to use it.
20 years ago when there was no better solution, PGP was great. But I think it's probably had its time in the spotlight and now the world has moved on, when it comes to using it to secure email.
I think the solution is that if you want to communicate in a secure manner, don't use email.
PGP has support for every language, client, and platform one may be using. It,s time tested and the most widely adopted standard. It supports plaintext. Signal has support for... Signal.
None of those points detract from the fact PGP is a complex nightmare to use. There's a reason millions of people have Signal/WhatsApp installed and not PGP.
Even Media organisations have ditched it in favour of things like Securedrop (and/or Signal).
I'd argue that Signal is much more widely adopted that PGP ever was.
PGP is the giant, the shoulders of which many modern crypto apps/protocols stand on. PGP was the implementation that brought proper, trustable crypto to the masses. It was a great solution, filling a void where there was no good solution before it.
It's time is done though, for communicating between people. There are many better solutions where you don't need to worry about having the public key of every person you wish to communicate with. You no longer need to unlock your key every time you send a message to "prove" you sent it. The world has moved on to better technical solutions to those problems.
PGP was brilliant for its time. It still is brilliant for a number of uses cases (like verifying your Debian .deb file is signed by a legit Debian person)
However, communicating with people is no longer one of them. People HAVE invented/reinvented how to communicate securely. And the world's better for them having done so.
Signal is an instant messenger. So kind of apples to oranges. Email is inherently more secure as it is asynchronous and can be done offline in a secure environment.
it's interesting how secure email has been solved decades ago (how to do it) but making it accessible has been an ongoing struggle. :(
Anyone ran across a more tangible solution for the common man?