Pgp/gpg (even I can't clearly separate) was a premiere solution to encrypted communications.
How did the implementation get fumbled so hard even InfoSec people dropped it and it's basically unused?
@arichtman Well, as it happens, most people don't have the desire to learn, so the people who know can't use the more secure way.
I think the issue is that communication normally just works as
sender -> recipient
Whereas with PGP/GPG, the recipient has to also do something to receive the message.
Of course, that can be configured away, but that also is work that people don't want to do.
@arichtman agree with the broad point but it's used heavily in my workspaces at least.
All day, every day, over and over again.
All automated too, so I never interact directly with GPG. Massive edge case though 🤣
@craige honest question - is there any straightforward guide to set-and-forget of this ? I'd be happy to use it and ask others to if it wasn't esoteric incantations and so siloed
@arichtman your assessment is spot on.
The closest I've come to what you're asking for in what must be nearly 30 years is:
https://github.com/drduh/YubiKey-Guide#nixos
...and that not only doesn't meet your criteria but also involves using proprietary hardware.
So yeah, slick and seamless setup but at a compromise of other values.
@isabel oh you're not the target audience here. But your point stands!
@arichtman I'm never the target audience. I'm just always here.
@isabel owowowowwoeo shit! Damn Isabel. You're worth it being you and we love having you here. That's enough for us. Is it enough for you?
@phil sure, but stuff with utility like this often makes it's way into mainstream programs in a way that's palatable to even casual end users. I'm not following why pgp didn't wind up in regular keyrings or password managers etc. Surely it would have been possible to reduce friction with integration
@arichtman
Yes, but it breaks communication with people who are both important and tech-illiterate, and who don't have the software installed/ updated/ set up yet.
Older family, bosses, friends who don't grok things and just use whatever big tech serves...
Besides, there's interests that are pushing hard against encryption - governments and advertising groups. It's against their interests for us to have privacy.
@phil yes - relevant lately. Pgp has had over 30 years to get integrated. Why hasn't it become the norm?