2 comments

[ 3.1 ms ] story [ 7.1 ms ] thread
Here's an interesting twist from the above post: "No wait, let's use PGP just a little bit longer. Jacob Appelbaum recommends to use PGP over Pond instead of over E-Mail. Indeed, in that case most weaknesses listed above are no longer a problem. Also you don't depend totally on the safety of Tor and Pond..."

My conclusion: use several nested layers of techniques if you want security (don't use just PGP, for example). This should be true not only for secure personal communication but also for designing secure software.

I feel GPG is only useful for signing, when you might want to verify whether the text had been manipulated. Other than that, I think encryption is just too hard to gain any kind of widespread acceptance.

Personally, I treat email like a postcard: I hardly use it and I don't expect any privacy.