PGP/MIME use

Hauke Laging mailinglisten at hauke-laging.de
Thu Feb 2 01:30:45 CET 2012 

Am Donnerstag, 2. Februar 2012, 00:27:04 schrieb Robert J. Hansen:

> Your statement was, "I just don't understand why someone who has
> understood the concept[s] and is capable of [using the software] should
> not use that technology for his email."  That's a statement, not a
> question:

You are so right. You like quotation contexts, don't you?

> I knew that paper (due to one of your emails). I read it again now. It has
> quite little to do with my "question".

See the ""?


> I inferred your question as, "Why is it people who understand
> the concepts and are capable of using the software don't use it for
> their email?"

Correct.


> And that is, in fact, exactly the question they're answering.  "In this
> paper we try to identify additional barriers by interviewing a set of
> users from an organization that relies on secrecy.  Our interviews
> demonstrate that users' attitudes about encryption, and the social
> significance users attach to it, are an important factor in limiting
> adoption."

That's not even nearly the question they are answering. For none of the users 
they mention that he uses GnuPG-like software in a context different from 
email. At most one of them "understands the concept" (as a whole, not just a 
part of it, i.e. encryption). They don't say that explicitly but we have to 
assume that everyone else has neither understood the feature signing nor is 
using it.

How much do these people have in common with admins and lawyers in your 
opinion?


> Their central finding?  It's not a technological problem: it's a social
> one.

I have never heard or assumed something different.


> > Some points from the paper:
> > 
> > • It is (mainly) about people not familiar with GnuPG in some context
> > 
> >  different from email.
> 
> Incorrect.  GnuPG is never mentioned in the paper.

Thus we have no reason to assume that any of them is familiar with GnuPG. Our 
point is people familiar with GnuPG who do not use email cryptography. This is 
the other way round: People using email (most of them) with no information 
about their other background.


> > • Most or even all of those users did not have an environment which
> > creates signatures or encrypts automatically.
> 
> Incorrect.  The paper makes it clear they had plugins available to do
> the process automatically.  "In addition, [Woodward] distrusted plugins
> for email programs, relying on encrypting the text of a message first
> and copying it into his email program later."  That sentence only makes
> sense if they had access to plugins.  Further, PGP circa 2006 shipped
> with email plugins.

No, it also makes sense reading "He did not see a problem in not having a tool 
for automatic processing as he would not have used it anyway as he distrusted 
such plugins".

Furthermore "available" is not the same like "using".

There are other quotes which make sense only if such plugins are NOT 
available:

"He (Abe) estimated that encrypting every e-mail message would
add another hour to his workday unless it was automated."

"He (Abe) figured this man has an automated system for encrypting e-mail"

"I (Jenny) think he probably has some automated system. That everything he 
sends gets encrypted automatically. I can’t believe he’s encrypting manually 
every time. But to me, it’s like—OK, if it’s automated—fine."

"If it was encrypted on his computer and he sent to my computer, automatically
encrypted or decrypted it—fine. Then, encrypt everything you want."

"Arguably, some of the stigma associated with using encrypted e-mail was tied 
to the overhead of the system ActivistCorp used. Where appropriate, some of 
the process can be removed or automated."

> Another user, Abe, "used encryption to protect financial data ... [he]
> believed this setup was simple."

The same one saying "most people see this as more work and want things
simpler" and "I’m actually considered a “techie”". "Simple" is in the eye of 
the beholder. It may even have referred to the point that he just encrypts 
financial data which he regularly synchronizes with others.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120202/1f0e907f/attachment.pgp>

More information about the Gnupg-users mailing list