On 21/05/2018 18:12, Ben McGinnes wrote: > Had their publications been limited to the articles on the 13th and > 14th, I could buy that. Unfortunately the updates to the SSD website > on the 15th really strain things, especially the FAQ. Not only is it > potentially panic-inducing, but they recommend an approach of having > end users campaign against using OpenPGP at all with all of their > contacts with no regard for what additional circumstances those > contacts have. > > They've literally created a FUD-virus as a meme which will > self-replicate throughout the web-of-trust. I'm sure we'll be > encountering people advising others not to use OpenPGP long after the > last of those affected MUAs are patched and *that* is stretching the > edges of the term reckless (as it is usually used in legislation, > e.g. reckless endangerment of life as opposed to, say, wilful > endangerment of life). > > I also don't believe they can actually fix this now that they've > created it without a complete reversal of their current position; > which they can't do because of the MUAs which are affected and some > users could be targeted. By the time the conditions are such that > they can consistently give the “all clear” on the matter, the > FUD-virus will have spread too far and be too independent of them to > stop (but will still gain credibility and traction by trading off > their name and reputation).
Indeed but this just seems to me to be one more step in the apparent campaign to unthinkingly and blindly demonise and eliminate email (including encrypted email) in favour of certain other protocols. > Sure; doing nothing and ignoring the affected MUAs does no one any > good, but this response is likely to do more harm than the thing it's > intended to stop and it didn't have to be that way. Not to mention the > little matter that their sole recommendation of a viable alternative > in all circumstances is a service which is entirely dependent on a > centralised server (or network of servers). One which explicitly > cannot be implemented in a federated manner and all attempts to fork > it in order to do precisely that have been abandoned as a result of > Moxie's opposition to them trying to connect to his network to > communicate with Signal users. It's simply not a complete replacement > in spite of EFF's wish that it is. It's a great addition to a suite of > of services and tools, but relying on it as a replacement for OpenPGP > is misguided (not to mention impossible for some people and/or > networks and/or pseudonymity requirements). Quite so. Suspicious and worrying, isn't it. -- Mark Rousell
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
