Comment by acqq
7 years ago
PGP has issues, but for many use scenarios there is effectively no ready alternative at the moment.
Until there is, whoever already uses or knows how to use GPG is still better off using GPG than not using anything.
Signal is especially not a good replacement for anybody who doesn't want to have "secure" communication connected to his (or any) phone number and to the central server.
The major issue with GPG is that in some (many?) cases a user could believe to be more protected by using it than the user is. But the same can be said for other technologies.
And the article rightly notes that the GPG defaults are often bad.
The right question to ask first is always:
https://www.usenix.org/system/files/1401_08-12_mickens.pdf
Are you "dealing with Mossad or not-Mossad"? (Also worth noting is that somehow Edward Snowden managed to "deal with" NSA and still remain out of prison. At least he knew from the start the answer to the question.)
Still, anybody who wants to replace PGP in some PGP use-case should provide a really good alternative for that use-case.
As of right now, there isn't any better for even such a simple need as encrypting a file. Let's discuss it once we have that one, at least. And even then, we'll need to be able to open our old files, meaning we'll still need GPG for that.
No comments yet
Contribute on Hacker News ↗