To be fair.. maybe it helps to examine the software environment extant at the
time pgp was developed.. ie macos was the gui($$$$), AUX had just been
abandoned by apple. of the day... and dos 3.0 , unix releases were SCO
Microport and Interactive/ all based on Att 5.3.2 sources except for microport
which was SVR4, Linux did NOT exist nor did crypto libraries bsd/386 was an
unforfilled promise and almost no private individual could afford a sun pizza
box to run bsd and xenix was $$$$.. same for qnx(and non standard to boot).
. Almost EVERYTHING was command line dos windows 3.0 was just starting to
become available
pgp 1.0 cli structure was loosely based on CryptMaster(an earlier paid product).
ie pgp 1.0 was posted/published from a tandon 60 laptop(i386) running a dos
command line version of uucp. and additionally fido and sdn clients on the
morning of june 5, 1991 from Santa Cruz,Ca.(this after weeks of prediscussion
on the WELL...) then additional copys were posted from random upload points all
over silicon valley for the next 96 hours.(yes the van/payphone part of the
tale is true also, although the payhones wiring was generally directly accessed
using a testset to allow connection of a trailblazer modem(preferred for 19.2kb
uploads via uucp to usenet.)
pgp 2.0 continues on from there and currently gnupg is the cli choice of
script and integration...(albeit with several flaws security and cryptowise.)
pgp/gpg never was designed for ANYthing but CLI/script/filter/inline usage in
the freeware opensource versions and typically people are incompetent at using
CLI by far and large(even so called CS students)...
On 1/15/14 4:52 PM, coderman wrote:> ---------- Forwarded message ----------
> From: Steve Weis <[email protected]>
> Date: Wed, Jan 15, 2014 at 10:37 AM
>
>
> As one anecdote, when I TAed the MIT Network and Computer security
> course, we assigned "Why Johnny Can't Encrypt" as the first reading.
> We asked the students to send us a PGP encrypted & signed message and
> tell us how long it took.
>
> If I recall correctly, it took an average of 30 minutes for
> non-existing users to figure out how to use PGP. Think about that.
> These were graduate & upperclass undergraduate computer science
> students enrolled in a network security course. Everyone had accounts
> on the same university system and were mostly using standalone email
> clients.
>
> Best of all, someone decided it would be funny to generate a fake key
> for me and post it to pgp.mit.edu. Several students fell for the
> trick, didn't verify the key, and encrypted their homework with the
> wrong key. It was a great way to drive home the lesson, but we asked
> the jokers to kindly revoke their key, which they did.
>
> Long story short, PGP was still hard to figure out for an experienced
> cohort of users, who didn't have the issues of webmail and
> proliferation of mobile platforms we have today. I don't think
> anything has improved to make it viable for a wider audience.
>
>
> On Wed, Jan 15, 2014 at 2:23 AM, Anders Thoresson <[email protected]>
> wrote:
>> Hi all!
>>
>> When doing research on email encryption and why it's still not widely used,
>> I've read Alma Whittens "Why Johnny Canât Encrypt: A Usability Evaluation
>> of PGP 5.0" [1] from '99. I wonder if anyone knows of similar but more
>> recent usability studies on encryption software?
>>
>> Comparing the findings made by Whittens and compare them to the software
>> available today, not much seems to have happened. But does the conclusion
>> still holds, that a lack of mass-adoption of email encryption is due to
>> problematic UX â or are there other reasons that today are seen as more
>> important?
>>
>> [1] â
>> https://www.usenix.org/legacy/events/sec99/full_papers/whitten/whitten.ps
>> ...
>
