What could make GnuPG + Enigmail "easier"?
fejj at gnome.org
Mon Apr 10 02:21:01 CEST 2017
On 4/9/2017 6:24 PM, Anthony Papillion wrote:
> There's been some discussion both on and off this list about the fact
> that people don't use GnuPG (even with Enigmail) because it's 'too
> hard'. I have friends that are reasonably intelligent who just can't
> figure it out and, for the life of me, I just don't see why.
You aren't seeing why because you aren't really listening. You are
focusing on the button clicks required and thinking "but it's just a
click of a button or a checkbox in my email configuration options!"
What you *aren't* hearing is:
1. *Why* should I care about signing my emails? Other people trying to
impersonate me by falsifying emails from me is extremely low, other than
perhaps the odd spam message here and there. And that's not *my*
problem, that's *their* problem.
2. *Why* should I care about encrypting my emails? None of my emails are
worth encrypting. Seriously, though, the risk of "hackers" or who-ever
getting a hold of my emails is low and there's nothing really vital in
3. Sure, clicking a button or checkbox might be easy, but what about the
added hassle of managing my PGP keys? Now I have to upload them to a
server so other people can get them? Ugh. I also have to copy them back
and forth between the different computers that I use? More work. And I
gotta keep my keys safe, as well? Jeez.
4. Just because I have a PGP key and sign my emails, it doesn't mean
other people can automatically trust that they are from me. First they
have to verify that the key id/fingerprint matches the key that I
created. This means that for all practical purposes, unless I'm going to
get involved in a *community* of PGP users that all sign each others
keys, it's worthless.
For the average email user, signing their emails has little-to-no added
In general, they either know the person personally in which case they
probably have a good idea whether or not an email is actually from said
person or not simply based on pattern recognition of their writing style
and/or topics being discussed. They can also verify emails by talking to
the other person face-to-face or over the phone, skype, etc - for
*important* emails, this often happens anyway.
In other words, the people you are trying to convince to use PGP with
Enigmail are saying "it's too hard" because that is the result of their
cost/benefit analysis. It's not that clicking buttons or a checkbox is
"too hard", it's that they don't *want to* for the minimal gain it will
Hope that helps,
More information about the Gnupg-users