On 06/05/2014 06:19 PM, Zak Rogoff wrote:
Hi all,
https://EmailSelfDefense.fsf.org
We just released this guide to GnuPG with Enigmail and are quite happy
with it. Thanks to all of you who gave feedback on the draft. More is
welcome :).
I appreciate clear guides like this one.
I have one criticism and one comment.
Criticism:
You do not adequately warn current webmail users about the inconvenience
of pinning the content of their encrypted messages to a single machine.
Every encrypted message they send or receive is a message they cannot
access on their other devices. This could lead to a self-defeating
process where the more work a non-technical (or not very technical) user
does to encrypt the content of their messages, the harder it becomes for
them to generally access or manage their data. And because the setup
doesn't protect them from metadata surveillance (and even leaks data
through the subject line as you point out), there is likely to be a
fairly low threshold before the user just abandons the setup altogether.
I read Richard Stallman's recent blog, I would agree that inconvenience
is clearly a separate and less pressing issue than oppression.
Nevertheless, there ought to be a clear warning that following this
guide _will_ degrade the very ease of access which popular cloud
services provide. Without that, users of the system will suffer undue
frustration. Non-technical users-- even ones who fully grasp the wide
chasm between inconvenience and oppression-- don't know how difficult it
is to do decentralized and secure syncing of their data. All they will
know is that it looks and feels more and more constrained, like using
the internet a decade ago (you even use the word "desktop" in one of the
initial paragraphs).
Comment:
It would be neat if you encouraged the users to exchange keys with
someone who is already using a PGP key in a free software community
(Debian, etc.). Like a reverse outreach program:
Dear Expert,
Greetings! I just read a tutorial on using PGP for encrypted mail, and
I heard from a friend that you know a lot about computers. I read in
the news that the internet is sorta broken atm, so if you wouldn't mind
helping me use my computer safely and securely until y'all get this mess
fixed I'd sure appreciate it. Let's get together and exchange keys.
Best,
Normal Person
-Jonathan
--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change
to digest, or change password by emailing moderator at [email protected].
