We have GOT TO make things simpler

Phillip Susi phill at thesusis.net
Fri Oct 11 15:18:08 CEST 2019


Jeff Allen via Gnupg-users writes:

> So what?  If the goal is private communication, ProtonMail and Tutanota
> are nearly effortless ways to achieve it.  Sign up for a free account

How do you figure that?  If they aren't encrypting mail then how is it
private?  Or or is it using some other form of encryption ( s/mime )?
If that's the case then why don't you just use that yourself and skip
the centralized web site for holding your key?

> I disagree.  No widely used OpenPGP implementation is going to
> automatically encrypt replies to encrypted email out of the box.  With

Of course they do.  If they don't, then they utterly fail to maintain
your privacy.

> ProtonMail you have to import your correspondent's public key and flip
> an encryption switch in settings. You have to do that with GnuPG too,
> whether you are working from the command line or using
> Thunderbird/Enigmail or a GUI front-end.

iirc, it may poke you to import the key, but at least it tells you "hey!
I can't encrypt this without the key.  Unless you *really* don't want to
encrypt this?"  Silently sending the reply unencrypted is entirely unacceptable.

> Sure it's a solution.  I have accounts at both.  Most of my email is not
> encrypted because, as the original poster pointed out, most people I
> communicate with are not particularly interested in privacy.  When a
> private discussion _is_ required, I suggest that we have it on one of
> those platforms.  All my family members have ProtonMail accounts.  They
> don't use them most of the time.  They have Gmail accounts for daily
> use.  But when we discuss financial matters or anything else we'd rather
> not have Google a party to, ProtonMail is the answer.  If someone tells
> me they have a Tutanota account or are willing to get one, I say "fine!"
> and give them my Tutanota address.

So you think it is easier to sign up for some dedicated private webmail
service that can only communicate securely with other people using that
service than to run proper e2e on a real mail client?  I suppose that's
a matter of opinion, but it certainly is less secure and conveinient.
And by conveinient I mean it is annoying to have both parties switch to
some silly web site instead of just following their normal and preferred
email routine.




More information about the Gnupg-users mailing list