Isn’t that a repost on Ars of the original article that we already had somewhere here?
This post originally appeared on his blog and is re-printed with his permission.
It’s only slightly edited and was discussed here: https://lobste.rs/s/r2kckg/im_giving_up_on_pgp
I suspected it would be discussed here, I’m a new user and relied on it being reported as a duplicate URL on submission. I never thought of checking whether it was a “reprint” from another source.
A thoughtful rebuttal - http://arstechnica.co.uk/information-technology/2016/12/signal-does-not-replace-pgp/
I thought keybase.io might make it so that I used PGP more often but it really hasn’t. I don’t know if this says more about my lack of want for secrecy or the technology though.
For me it’s a network effects issue at the core. I got a keybase.io account, sent a couple messages and files to the two people I know who also have accounts, and then never used it again.
However, I’ve spent some time thinking about this, and I realized that I just don’t care that much about electronic privacy or identity verification. If I don’t want people to know about something, I don’t talk about it online. Plain and simple. I also don’t worry that the people with whom I’m communicating are not who they say they are.
Of course this is a form of privilege. I live in a country that (for now) isn’t going to kidnap and torture me for complaining about politicians, etc. I also don’t deal with sensitive information or anything terribly valuable, so I’m not a lucrative victim for any kind of targeted attack.
This seems like a rewording of “nothing the hide”…
That’s the fun thing - it isn’t. It seems like the person stating their position in this manner is perfectly aware of the fact that they might have something to hide, and their choice is to not take this online (as that seems to be possible). As pointed out, that’s a privileged position given political and social circumstances, but IMHO it seems to be coherent. At that point it’s a matter of whether you want the hassle of using systems like PGP and get the benefits, or whether you avoid their usecases altogether.
EDIT: I should add that such a position obviously has a drawback: it gets increasingly difficult to maintain it comfortably while not complicating your communication with people.
In a way, maybe. But the important bit of the “nothing to hide” argument, in my mind, is that other people only need encryption if they have something to hide, and that “something to hide” necessarily means something sinister.
I am perfectly happy for others to use encryption. I signed up for keybase.io partly so that I would be able to communicate with people in the event that someone wanted to tell or send me something and keep it hidden. And I recognize that there are countless things that perfectly honest people might want to keep hidden.
I should have added that I’m totally in favor of using encryption and other means to frustrate dragnet surveillance. I minimize my social networking footprint, run TLS on my web site (though I didn’t do this until Let’s Encrypt made it dead simple), use an email provider that doesn’t scrape my messages, run HTTPS Everywhere in my web browsers, etc.
I just don’t get enough value out of PGP to warrant the annoyance.