We have GOT TO make things simpler

Jeff Allen jrallen at runbox.com
Tue Oct 8 15:21:49 CEST 2019

On 10/7/19 4:59 PM, Sheogorath via Gnupg-users wrote:
> On 9/30/19 4:38 PM, Jeff Allen via Gnupg-users wrote:
>> On 9/30/19 4:58 AM, Roland Siemons wrote:
>>> Dear GNUPG developers,
>>> We have GOT TO make things simpler.
>> <snip>
>>> 3/ Please do appreciate that the persons who we are convincing and
>>> instructing are not particularly interested in privacy. They need simple
>>> approaches.
>> ProtonMail or Tutanota.  Both ensure far more privacy and security than
>> Gmail.  Both offer free accounts and smartphone apps.  If you need to
>> communicate privately with someone, have them get an account.
> I'm sorry to disappoint you here: Neither ProtonMail nor Tutanota speak
> proper OpenPGP (by default) with outside services. Tutanota doesn't
> speak OpenPGP at all and completely bound to their own way of doing
> "email"(?)[1].

So what?  If the goal is private communication, ProtonMail and Tutanota
are nearly effortless ways to achieve it.  Sign up for a free account
and have at it.  Most folks could care less about speaking proper
OpenPGP with outside services.  Those who do will use ProtonMail, not

> Protonmail on the other hand is able to speak OpenPGP, they just don't
> do it. Not even when you answer to a OpenPGP encrypted email, which will
> result in the answer getting send to you in plaintext. And since a reply
> contains a copy of the original email at the bottom you also get your
> own, previously encrypted mail as answer without encryption.

I disagree.  No widely used OpenPGP implementation is going to
automatically encrypt replies to encrypted email out of the box.  With
ProtonMail you have to import your correspondent's public key and flip
an encryption switch in settings. You have to do that with GnuPG too,
whether you are working from the command line or using
Thunderbird/Enigmail or a GUI front-end.

> I had this experience recently when sending emails with their support.
> So it's not just a user error, but their UI simply doesn't think about
> sending emails properly encrypted to the outside world. Sadly.
> And no, making a mail account at each of those providers is no solution.
> We have email to explicitly not run into this problem.

Sure it's a solution.  I have accounts at both.  Most of my email is not
encrypted because, as the original poster pointed out, most people I
communicate with are not particularly interested in privacy.  When a
private discussion _is_ required, I suggest that we have it on one of
those platforms.  All my family members have ProtonMail accounts.  They
don't use them most of the time.  They have Gmail accounts for daily
use.  But when we discuss financial matters or anything else we'd rather
not have Google a party to, ProtonMail is the answer.  If someone tells
me they have a Tutanota account or are willing to get one, I say "fine!"
and give them my Tutanota address.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191008/853cc177/attachment.sig>

More information about the Gnupg-users mailing list