It's 2014. Are we there yet?

Kapil Aggarwal kappu at hotmail.com
Wed Apr 9 19:20:58 CEST 2014 

Folks,
                I’m an ardent reader of this (and a few other) mailing lists, but usually stay quiet and in the background. However, in light of global events and paradigm shifts in the last few months, I’m tempted to speak up.

                While I do use PGP/GPG, I have to admit that the usage has been minimal and sporadic over the last few years, with the usual suspects as reasons. But the biggest reason of course is “adoption” i.e. very few in my social/professional circle use it. Now, we all (probably, subconsciously?) know/acknowledge why that is, we are in 2014 after all. 

                My personal belief is that the awareness for secure communications is starting to rise, not just for the niche users who are already using it/know how to use it, but for the “average Joe user” as well. My definition of the “average Joe user” btw is someone who:

-	Has at least one computing device, if not more
-	Is familiar with email
-	Is already using various online mediums
-	Has usually never thought about “secure communications” or maybe in an abstract fashion

Now, the barrier to entry of secured communications is high. I realize that. I’m sure a lot of you do as well. It’s not easy, it takes time, patience, a certain level of expertise and a tacit acknowledgement that they need to use it in the first place (probably the most important).

The “secure communications” paradigm of course spans a whole spectrum from “I don’t give a ****” to “I’ll do anything to protect my communications, including giving away my first born”. I suspect the “average Joe user” in 2014 is slightly above the former, but way below the latter. Without going to the other end of the spectrum, what will make adoption of secure communications a bit more palatable to the “average Joe user”?

Let’s list a few arguments:

-	I don’t even know what I need. – Well, assuming they are starting to recognize the need, I suspect they will find out relatively easily as to what they need. With a few caveats of course. There’s way more FUD/noise/BS out there than the average person can decipher, so it’ll probably end as being word-of-mouth recommendations or such.
-	Even if I know what I need, getting it/installing it is hard. – It is. The setup/install needs to be simpler, i.e. as simple as installing an “app”. That is what the average Joe user is capable of.
-	WTF is a key pair/public key/private key/<insert more arcane terminology>… -  This IS a big problem. I may get it, you may get it, how does the average Joe user gain that understanding? The nomenclature needs to be, well, something that the average Joe user can understand as well. They understood SSL (well, for the most part).
-	 … several more similar arguments.

Now, what will help drive this adoption more?

-	A better install experience?
-	A “dumbed down” (if you will) taxonomy that they can understand?
-	Simpler UIs? (without sacrificing secure functionality)
-	Better integration with existing systems?
-	Education? i.e. ongoing information dissemination that educates people on these things. Newsletters? How tos? Youtube videos (shudder)? And others.
-	Start hitting them on the head with a baseball bat? 

All thoughts are very much welcome and appreciated.

Kapil Aggarwal.

More information about the Gnupg-users mailing list