I receive a tremendous amount of emails from strangers. My email address is public, which doesn’t seem to be a popular choice these days, but over the years I’ve received enough inspirational correspondence to leave it up.
when i get one gpg encrypted However, an email from a stranger makes me immediately realize that I don’t want to read it. Sometimes I actually consider creating a filter for them so they can bypass my inbox entirely, but for now I sigh, open my key, start reading, and – with a faint glimmer of hope – usually end up disappointed.
I didn’t start thinking this way. After all, I also have my GPG key posted under my email address on my website. It’s a feeling that has slowly crept in on me over the past decade, but I didn’t immediately understand where it came from. The content of these emails has no clear unifying theme, and they are always written honestly – not spam or any form of harassment.
Eventually I realized that when I receive a GPG encrypted email, it simply means who the email was written by Someone who would willingly use GPGI don’t mean someone who cares about privacy, because I think we all care about privacy, There seems to be something special about those who try GPG and conclude that it is a realistic path from introducing private communication into their lives for casual correspondence with strangers,
Increasingly, this has become a club I don’t want to be a member of anymore.
a philosophical impasse
In 1997, at the dawn of the Internet’s potential, the working hypothesis for privacy-enhancing technology was simple: We would develop truly flexible power devices for ourselves, and then teach everyone to be like us. Everyone sending messages to each other will need to understand the basic principles of cryptography.
GPG is the result of that original story. Rather than developing opinionated software with a simple interface, GPG was written to be as powerful and flexible as possible. It is up to the user whether the underlying cipher is SERPENT or IDEA or TwoFish. The GnuPG man page is over sixteen thousand words long; For comparison, the novel Fahrenheit 451 Only 40k words.
Worse, it turns out that no one else finds all this attractive. Even though GPG has been around for 20 years, the “strong set” only has ~50,000 keys and less than 4 million keys Sometimes SKS is published to the keyserver pool SometimesBy today’s standards, this is a surprisingly small user base for a month’s activity, which is less than 20 years,
a technology impasse
Apart from design philosophy, technology is also a product of the same era. As Matthew Green has said, “Searching through OpenPGP implementations is like visiting a museum of 1990s crypto.” The protocol reflects layers of toughness built over the 20 years it took cryptography (and software engineering) to actually develop, and PGP’s fundamental architecture also leaves no room for important concepts like forward secrecy.
All this stuff has been distilled into a ballooning penumbra of OpenPGP specifications and notes so that it’s almost impossible to understand the whole picture. Even projects that are engaged in the process of writing a simplified experience on top of GPG suffer from this legacy: the mailpile had to write 1400 lines of code. Python Code to interface with a native GnuPG installation for basic operations, and it’s still not solid.
what do we have
Today, journalists use GPG to communicate securely with sources, activists use it to coordinate around the world, and software companies use it to help secure their infrastructure. Some truly heroic people have put in an enormous amount of effort, at considerable personal cost, and with little support, to get us here.
However, looking forward, I think of GPG as a brilliant experiment that has done its job. Journalists who rely on it struggle with it and often mess it up (“I send you the private key to communicate privately, okay?”), workers who use it do so relatively little (“Wait, this thing wants my fingerprints?”), and no other sane person is willing to use it by default. Even projects that try to use it as dependencies conflict.
These are deep structural problems. GPG is not the thing that will get us to ubiquitous end-to-end encryption, and if it were, it would be a shame to finally get there with 1990s cryptography. If there’s any good news, it’s that GPG’s minimal install base means we’re not tied into this madness, and can start fresh with a different design philosophy. When we do, let’s use GPG as a warning to our new experiments, and remember that “innovation is saying ‘no’ to 1000 things.”
In the 1990s, I was excited about the future and I dreamed of a world Everyone Will install gpg. Now I’m still excited about the future, but I dream of a world where I You can uninstall it.