What could make GnuPG + Enigmail "easier"?

Rainer Hoerbe rainer at hoerbe.at
Mon Apr 10 12:01:34 CEST 2017


I think that we could reach a better mutual understanding when we put the arguments into context.

Context A: non-technical users, such as Jenny, who encrypt mail with sensitive content, or sign a message.
Context B: IT-experts with typical use cases of SW-signature or SSH-login.

I think that many arguments on this thread make a lot of sense in their respective contexts.

- Rainer

> Am 10.04.2017 um 09:11 schrieb Robert J. Hansen <rjh at sixdemonbag.org>:
> 
>> What you *aren't* hearing is:
> 
> [good points snipped]
> 
> Shirley Gaw's 2006 paper addresses these factors dead-on.
> http://www.soe.ucsc.edu/classes/cmps223/Spring09/Gaw%2006.pdf
> 
> It's worth reading.  A major additional factor Gaw found inhibiting
> adoption was the fear of being seen as paranoid.  The following excerpt
> talks about various employees (all under pseudonyms) at an
> environmental-action NGO which participated in a variety of illegal
> direct action campaigns.  You'd think these people would view paranoia
> as a good thing, but the reality was quite different.
> 
> A couple of passages are _underlined_ to reflect italics in the original
> text.
> 
> =====
> 
> "Many of the employees interviewed at [this NGO] had limits to their
> willingness to be more secure. In fact, moving beyond that limit was
> seen as abnormal or paranoid. While Woodward was especially vigilant,
> even the technical support staff admitted he might be excessively
> protective. Was the effort justified? Was it reasonable precaution?
> 
> Abe explained how someone could 'go overboard' when he described how a
> representative of the PGP Corporation visited [the NGO]. Instead of a
> typical password authentication, the representative took off his
> necklace and used a removable flash drive that held his private key. The
> demonstration discouraged Abe:
> 
> 'It was too over-the-top and definitely too complicated... it was like a
> movie.'
> 
> He saw the presenter as paranoid. He went on to say:
> 
> 'Yeah, I admire him because he comes in and puts his passphrase ...
> every single day, three times a day, so that's very dedicated to his
> stuff. He must either be very scared or very motivated.'
> 
> He was not sure whether this vigilance was justified. In fact, he
> associated it with being fearful, perhaps irrationally fearful.
> 
> Abe reiterated this when asked to speculate on why a colleague sent
> every e-mail message encrypted. He figured this man has an automated
> system for encrypting e-mail 'or he's nuts.'
> 
> When Sandra was asked why she said her e-mail communications were not
> anything people were 'dying to get their hands on,' she explained:
> 
> 'I'm not paranoid enough to think the CIA is monitoring my emails or
> anything to that effect.'
> 
> Not only was encrypting messages excessive for someone who had no
> secrets, it was _paranoid_ _behavior_ to assume anyone would be
> interested in eavesdropping on her communications.
> 
> Jenny also thought it was abnormal to encrypt non-secret information.
> When the interviewer abstractly explained that people in security
> suggest all users encrypt all messages, Jenny was baffled:
> 
> 'So you're saying that ... people should just--even _normal_ people?
> That you're sending e-mail to ... your mom, like "hey, things are going
> ...", that you should encrypt your e-mail?  That people should do all
> that?'
> 
> Jenny emphasizes 'normal people.' _Normal_ _people_ wouldn't encrypt
> normal messages."
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users




More information about the Gnupg-users mailing list