1. 35

  2. 9

    Good article! I have personally found the whole “PGP SUX. USE SIGNAL!” thread to be utter garbage.

    They’re radically different tools for radically different use cases - IMO comparing them is yet another pointless attention grab.

    IMO sites like https://keybase.io/ give PGP a nice, usable UI. You can say you don’t want to trust them (and that’s fine) but my point isn’t that you should, but that user interfaces can be augmented.

    1. 1

      So PGP is fine, provided you consider its shortcomings to be features and preemptively dismiss any arguments to the contrary as “mostly bunk”.

      My argument on deniability (warning: may contain bunk): I disagree that people don’t expect deniability from email; meaning they don’t expect there to mathematical proof that they wrote it. When someone writes a letter to someone else are they expecting the second law of thermodynamics to be invoked when proving that they wrote it?

      1. 3

        Humans are not private keys, so there’s never mathematical proof that you wrote something. A PGP signature will probably be accepted in a court of law absent specific evidence that the CIA hacked your computer or whatever. But that’s the same as an ordinary signature on a paper letter.

      2. 1

        I think the main issue with PGP is that other people still have bother to check the signature, sometimes the program does it automatically, sometimes it does not. GitHub displays a “Verified” badge next to commits that have been signed by you, so that’s a step in the right direction.