It's 2014. Are we there yet?

Kapil Aggarwal kappu at
Wed Apr 9 18:39:44 CEST 2014


                I'm an ardent reader of this (and a few other) mailing
lists, but usually stay quiet and in the background. However, in light of
global events and paradigm shifts in the last few months, I'm tempted to
speak up.


                While I do use PGP/GPG, I have to admit that the usage has
been minimal and sporadic over the last few years, with the usual suspects
as reasons. But the biggest reason of course is "adoption" i.e. very few in
my social/professional circle use it. Now, we all (probably,
subconsciously?) know/acknowledge why that is, we are in 2014 after all. 


                My personal belief is that the awareness for secure
communications is starting to rise, not just for the niche users who are
already using it/know how to use it, but for the "average Joe user" as well.
My definition of the "average Joe user" btw is someone who:


-          Has at least one computing device, if not more

-          Is familiar with email

-          Is already using various online mediums

-          Has usually never thought about "secure communications" or maybe
in an abstract fashion


Now, the barrier to entry of secured communications is high. I realize that.
I'm sure a lot of you do as well. It's not easy, it takes time, patience, a
certain level of expertise and a tacit acknowledgement that they need to use
it in the first place (probably the most important).


The "secure communications" paradigm of course spans a whole spectrum from
"I don't give a ****" to "I'll do anything to protect my communications,
including giving away my first born". I suspect the "average Joe user" in
2014 is slightly above the former, but way below the latter. Without going
to the other end of the spectrum, what will make adoption of secure
communications a bit more palatable to the "average Joe user"?


Let's list a few arguments:


-          I don't even know what I need. - Well, assuming they are starting
to recognize the need, I suspect they will find out relatively easily as to
what they need. With a few caveats of course. There's way more FUD/noise/BS
out there than the average person can decipher, so it'll probably end as
being word-of-mouth recommendations or such.

-          Even if I know what I need, getting it/installing it is hard. -
It is. The setup/install needs to be simpler, i.e. as simple as installing
an "app". That is what the average Joe user is capable of.

-          WTF is a key pair/public key/private key/<insert more arcane
terminology>. - J This IS a big problem. I may get it, you may get it, how
does the average Joe user gain that understanding? The nomenclature needs to
be, well, something that the average Joe user can understand as well. They
understood SSL (well, for the most part).

-           . several more similar arguments.


Now, what will help drive this adoption more?


-          A better install experience?

-          A "dumbed down" (if you will) taxonomy that they can understand?

-          Simpler UIs? (without sacrificing secure functionality)

-          Better integration with existing systems?

-          Education? i.e. ongoing information dissemination that educates
people on these things. Newsletters? How tos? Youtube videos (shudder)? And

-          Start hitting them on the head with a baseball bat? J


All thoughts are very much welcome and appreciated.


Kapil Aggarwal.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140409/bf354847/attachment.html>

More information about the Gnupg-users mailing list