Why trust gpg4win?

Jan takethebus at gmx.de
Fri Jul 26 22:59:05 CEST 2013


Thanks to everyone for their answers.

Thanks for pointing out to me, that MS colaborates with secret services. I 
searched the web and learned that Outlook.com, Skype and Skydrive are not 
secure:

http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data

Further, I learned that it is likely that MS had installed a backdoor for 
the NSA in Windows 95:

http://www.heise.de/tp/artikel/5/5263/1.html

Do you know about backdoors in newer versions of windows? Anyway, I agree 
that free software is more trustworthy than proprietary software, which is 
not open source. Despite that I agree with Werner Koch who wrote here

http://rem.eifzilla.de/archives/2013/07/16/gpg4win-and-the-feds

that it is impossible for a single person to check the entire code that runs 
on a PC, even if it is open source. Especially this is not possible for the 
average user, since he is not a programer. The average user uses Windows, 
whether I like it or not. My comunication partners are average users and I 
which they were able to use gnupg in a save way, - at least they should know 
about the risk they are taking. That's why I want to produce a free youtube 
video which tells windows users how to use gunpg savely/criticaly.

It seems to me the safest way is to have one online PC for surfing and an 
offline PC on which gpg4win is installed. This way the operation system 
doesn't really matter, - do you agree? If a person posses only one PC, he 
must live with higher risk, but then he should not in his key-ID that his 
privte key is stored on an online PC. This way people who send him mail will 
know their risk.

Still I wonder whether there are many sources for SHA1 sums of gpg4win, that 
could be used by a windows user to test the integrity of his download (C't 
?). Are the SHA1 sums of gpg4win presented on the download site checked 
regularly by their authors?

Kind regards,
Jan 




More information about the Gnupg-users mailing list