I use it to sign and encrypt documents more than I use it for e-mail.
Xavier
· 6 months ago
I use PGP to encrypt files and (not very often) e-mail. Or at least sign them!
Pirate Jack
· 6 months ago
I do what I must because I can.
PI
· 6 months ago
I used it regularly for about a month, and then lost interest. Too much work given that hardly anything I send out or receive via email is worth reading.
Doc Rice
· 6 months ago
My problem is that almost everyone I correspond with don't know what encryption is and wouldn't be bothered to use it even if they did. They probably figure that since their web-based mail interface is running with "the yellow lock icon," their messages are transmitted securely. Well, we know how that goes...
Daniel Miessler
· 6 months ago
I think the main problem with PGP signing and encryption (for email, anyway) is that in the vast majority of cases it's a solution looking for a problem.
I want to have to use it, because it's cool, and it satisfies some sort of OCD / neatness thing for me to have everything signed that I send. But if you really look at it, how often are there challenges to email that isn't signed? When is the last time you heard from a friend that they wish your message was signed?
Right, probably never. Same here. So I'm less interested in the technology than I wish I was. It just doesn't seem as necessary as it is cool.
To me it's best use is for software developers who are putting out releases to be consumed by the masses. At that point the signature becomes crucial rather than just a novelty--although even then I wonder how many people even check the signature for downloads.
Doc Rice
· 6 months ago
I suspect the demand for its use isn't there simply because most people's e-conversation are 1) not deemed sensitive enough to require privacy, 2) Average Joe isn't going to understand the concept of signing especially if you try and relate what private / public keys are, and 3) folks probably expect e-mail messages to be already private, just like they expect phone conversations to be so, even if they somehow know that phone lines can be tapped because unlike physical messages (such as on paper) you can't "see" network transmissions unless you've heard of the term "packet sniffer."
This kind of rolls into the same thing with PKI. Many browsers (until recently) didn't do automatic CRL checks. Almost all users blindly click "accept" when they see a server certificate that's self-signed or signed by an untrusted authority. One could argue the old "user education" rhetoric, but the average person's expectation of security is grossly over-simplified when it comes to things like this to make it practical, IMO.
All Comments
I want to have to use it, because it's cool, and it satisfies some sort of OCD / neatness thing for me to have everything signed that I send. But if you really look at it, how often are there challenges to email that isn't signed? When is the last time you heard from a friend that they wish your message was signed?
Right, probably never. Same here. So I'm less interested in the technology than I wish I was. It just doesn't seem as necessary as it is cool.
To me it's best use is for software developers who are putting out releases to be consumed by the masses. At that point the signature becomes crucial rather than just a novelty--although even then I wonder how many people even check the signature for downloads.
This kind of rolls into the same thing with PKI. Many browsers (until recently) didn't do automatic CRL checks. Almost all users blindly click "accept" when they see a server certificate that's self-signed or signed by an untrusted authority. One could argue the old "user education" rhetoric, but the average person's expectation of security is grossly over-simplified when it comes to things like this to make it practical, IMO.