Fwd: Re: Why OpenPGP is not wanted - stupid is in vogue right now

[Jean-David Beyer]

Sorry, I sent it privately by mistake...

-------- Original Message --------
Subject: Re: Why OpenPGP is not wanted - stupid is in vogue right now
Date: Mon, 10 Jun 2013 06:59:59 -0400
From: Jean-David Beyer <jeandavid8 at verizon.net>
Organization: Institute for Regimented Whimsey
To: Johan Wevers <johanw at vulcan.xs4all.nl>

On 06/10/2013 06:40 AM, Johan Wevers wrote:
> On 10-06-2013 10:46, Henry Hertz Hobbit wrote:
> 
>> Nobody but me uses my signatures on the stuff I
>> deliver.  It isn't because my keys aren't part of the WOT.  It
>> is because for what ever reason they want to complain like mad
>> about Prism but then go to Facebook and broadcast their personal
>> lives to the entire world.

I was just at a discussion of this by people wringing their hands,
helpless as deer staring at the headlights of moving automobiles. But
they absolutely will not consider sending and receiving encrypted e-mail
for their communications. In fact, most no longer use e-mail, but
Facebook, Twitter, and so on.

They protest that encryption is too technical and complicated, but never
actually learned anything about it (and I do not even mean that they do
not know how encryption works, what public key encryption is). They do
not know that enigmail is a simple to use add-on to Thunderbird because
they do not use Thunderbird, but some web-browser interface to Google or
something like that. They do not complain that automobiles and
television sets are too technical. That microwave ovens and their cell
phones are too technical.

So they run around like chickens with their heads cut off, but refuse to
do anything about it.
> 
> Privacy has much more to do with encryption than with signing. On the
> contrary, when I sign a message it is much easier to prove, or at the
> very least make it probable, that I wrote it, thus reducing my privacy.

My correspondents hate it when I even sign something because they think
the signature is some kind of error message that they do not understand,
and they ignore stuff they do not understand (like messages to update
their virus scanner, etc.).
> 
> When I want privacy from government agencies I would use encryption for
> sensitive or 1 to 1 messages. Signing will not help, when some 3-letter
> agancy starts sending messages in my name that is easily detected by me.

When I want privacy, I wring my hands in despair because only one person
I know even has a copy of gnupg and runs an enigmail interface to it.
Very few use Linux. And as far as I know, he uses it only because it is
interesting technically, and when he gets bored with it, because I am
the only one he knows who has the capability of using it, he will
probably stop using it too.

So when I want privacy, I cannot use it anyway because none of my
correspondents will use it. And even if they did, they would decrypt
what I said, and then forward it clear text to others. So in my view it
is useless except in very small communities of committed users, and I am
in no such community.
> 
> For email this is easy, I'm now figuring out how to set up myn own
> encrypted VOIP server for secure phone conversations within a group.
> This proves much more complicated, most private VOIP services either
> don't support encryption, support it in an unsafe way (unencrypted key
> exchange, who the ^$*#E%#%& invented that?) or assume you're using fixed
> phones instead of mobiles over 3G.
>