this post was submitted on 05 Sep 2023
15 points (80.0% liked)
Git
2899 readers
1 users here now
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
Resources
Rules
- Follow programming.dev rules
- Be excellent to each other, no hostility towards users for any reason
- No spam of tools/companies/advertisements. It’s OK to post your own stuff part of the time, but the primary use of the community should not be self-promotion.
Git Logo by Jason Long is licensed under the Creative Commons Attribution 3.0 Unported License.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I was all set to poopoo this whole suggestion, and I read your linked article, and now I'm convinced too.
So it's difficult. Implement whatever-it-is in code is actually by far the easiest part. The hard part is the social aspect of getting everyone to do it. reddit wasn't the best-functioning link aggregator, ActivityPub is far from the best-designed federation protocol, but they're what everyone uses, so they win. gpg isn't the best, but it wins, but unlike with reddit-until-a-year-ago or ActivityPub, this is a case where that's not an acceptable outcome.
The only other input that I have is that it might be worthwhile to piggyback on existing key distribution infrastructure, like SSL certificates or people's Signal addresses. I feel like that would increase the chance of adoption. But yes, I 100% agree with this message.
The way the author just degrades using email at all isn't doing him any favours imo. Sometimes there are restrictions and certain technologies need to be used. Let's say that I need to use email but need someone to verify that it's me sending the email. PGP is an easy-ish way of doing that. It's trivial to make an SMTP server to send an email as anyone you want and have that email go through down filters. If it isn't signed though, which is much harder to forge, the other user knows I didn't send the email.
Just to be clear, I'm not advocating for PGP, I don't use PGP, I could care less if email disappears. I just think the bias is detrimental to the article
It's "bias" in favor of the truth, though. I don't think he's saying anything against email as a technology or against PGP-signing your emails as a habit -- just saying that encrypting an email with a PGP key and thinking that'll make it un-eavesdroppable is just 100% wrong backwards and forwards. That's accurate, and I think it's worth saying (I mean, I wasn't fully aware that e.g. the subject line of a PGP-encrypted email is still plaintext).