Good article! I have personally found the whole “PGP SUX. USE SIGNAL!” thread to be utter garbage.
They’re radically different tools for radically different use cases - IMO comparing them is yet another pointless attention grab.
IMO sites like https://keybase.io/ give PGP a nice, usable UI. You can say you don’t want to trust them (and that’s fine) but my point isn’t that you should, but that user interfaces can be augmented.
So PGP is fine, provided you consider its shortcomings to be features and preemptively dismiss any arguments to the contrary as “mostly bunk”.
My argument on deniability (warning: may contain bunk): I disagree that people don’t expect deniability from email; meaning they don’t expect there to mathematical proof that they wrote it. When someone writes a letter to someone else are they expecting the second law of thermodynamics to be invoked when proving that they wrote it?
Humans are not private keys, so there’s never mathematical proof that you wrote something. A PGP signature will probably be accepted in a court of law absent specific evidence that the CIA hacked your computer or whatever. But that’s the same as an ordinary signature on a paper letter.
I think the main issue with PGP is that other people still have bother to check the signature, sometimes the program does it automatically, sometimes it does not. GitHub displays a “Verified” badge next to commits that have been signed by you, so that’s a step in the right direction.
Good article! I have personally found the whole “PGP SUX. USE SIGNAL!” thread to be utter garbage.
They’re radically different tools for radically different use cases - IMO comparing them is yet another pointless attention grab.
IMO sites like https://keybase.io/ give PGP a nice, usable UI. You can say you don’t want to trust them (and that’s fine) but my point isn’t that you should, but that user interfaces can be augmented.
So PGP is fine, provided you consider its shortcomings to be features and preemptively dismiss any arguments to the contrary as “mostly bunk”.
My argument on deniability (warning: may contain bunk): I disagree that people don’t expect deniability from email; meaning they don’t expect there to mathematical proof that they wrote it. When someone writes a letter to someone else are they expecting the second law of thermodynamics to be invoked when proving that they wrote it?
Humans are not private keys, so there’s never mathematical proof that you wrote something. A PGP signature will probably be accepted in a court of law absent specific evidence that the CIA hacked your computer or whatever. But that’s the same as an ordinary signature on a paper letter.
I think the main issue with PGP is that other people still have bother to check the signature, sometimes the program does it automatically, sometimes it does not. GitHub displays a “Verified” badge next to commits that have been signed by you, so that’s a step in the right direction.