@aral @jsparknz @resist1984 PGP isn’t a great example of good risk management. Email simply isn’t meant to send sensitive information and PGP is a cumbersome attempt at covering what is a design choice.

See latacora.micro.blog/2020/02/19… but if @dhh argument didn’t land, I doubt this will touch you.

Ultimately, technology cannot and will not solve social problems.

@hypolite @jsparknz @aral I fully reject the "this wasn't meant for that" line of reasoning. Magnetrons were meant for radar not microwave ovens, but one day someone realised magnatrons can be used to cook food. We don't reject a usa case because it doesn't match original intent.

@aral @jsparknz @hypolite When you realize the separation of duties, that email is a means to get data from A to B & crypto serves to mitigate disclosure, then of course email /can/ be used to move a payload without disclosure. It doesn't matter that email predates PGP. PGP over email is cumbersome for many novices with some implementations, but there are exceptions, but this is red herring territory.

@hypolite @jsparknz @aral #Hushmail came close enough to solving the social problem. A novice can open a HM acct as easily as a Yahoo acct. An external expert user can do all the key management on hushtools.com. And for me that worked. I was able to get accountants & lawyers to use crypto effectively. Novice-to-novice => HM-to-HM. BTW, the latacora.micro.blog link is dead for me.

@hypolite If you look at the 10k foot view of my point, you need not accept PGP email. That example muddied the waters. I could have more simply stated: we don't discard encryption in favor of trusting those who see the payload. It's better to use encrytion because it removes some componts of needed trust. I see no case for increasing the need for trust.

@resist1984 Even at 10k altitude, your point isn't about trust in general but about privacy in communications which is a very specific area of trust that blockchain coincidentally doesn't touch. Encryption is a must for communications, even casual ones, but it doesn't remove a larger need for trust in many other areas.

@hypolite Indeed, crypto doesn't remove the need for trust in all situations. But it does remove the need for trust in many cases, and that's a *good thing*. Whenever you can remove trust in a systim, it's /beneficial/ to do so. My thesis is the opposite of the authors.

@resist1984 I agree it applies to remote communications, but you will need more than to apply it to the rest of the trust-based systems, it can't be easily extrapolated because it's a marginal case.

@aral @jsparknz @resist1984 Sorry, it's because of the trailing comma that got included in the link, here's the original one: latacora.micro.blog/2020/02/19…

Close, but no cigar, I'd never heard of Hushmail before you mentioned it. I've heard of several other technical solutions to send sensitive data over the Internet, but not this one. This doesn't say anything about it, it probably is great.

That email /can/ be used to moved a payload without disclosure doesn't mean it /should/. Not sure where you were going with the magnetron, there are microwave ovens in all American households, but secure email including PGP has a marginal use.

@hypolite Ah, I've read that article. It came out shortly after an over reaction to a flaw was discovered (and fixed) in a couple particular PGP implementations. It's FUD. The premise is the same as what you mentioned ("this wasn't designed for that"). A lot of innovations are derivatives of other wildly different innovations. You don't say microwaves are bad for cooking food b/c they were meant to be radars.

@hypolite If you don't like the magnetron example, I'll give a super glue example. Super glue was designed to seal off open wounds in the battlefield, to replace stitches. It turns out the toxicity made it bad for what it was designed for. But it was discovered that it was great for gluing housohold items.. a purpose that it wasn't designed for. We don't reject Super Glue simply because it's not being used for what it was designed.

@resist1984 It's true, but while we don't use Super Glue for sealing open wounds anymore, email's predominant use is to send data insecurely between remote accounts in a decentralized fashion, which it was designed for and performs wonderfully to this date. I don't think the analogy with Super Glue stand either.

@resist1984 Of course not, because magnetrons aren't radars either, they're the base component. For email, the closest to magnetrons is the TCP/IP protocol, which is fine to transmit confidential data, but it turns out email is not, the same way radars can't cook food even if they are made with a magnetron.

@hypolite @resist1984 Sure they can, just set your food in front of the dish.

@resist1984 @hypolite @aral @jsparknz Yes but then you are at their mercy, you don't know they aren't funneling all your data straight to the great NSA data warehouse in Utah.

@nanook @jsparknz @aral @hypolite Mass surveillance would require #Hushmail to push malicious #javascript to everyone, which would work right up until just one user decides to audit the js code one time. I'd say that's unlikely. Targeting is a risk, so HM is not useful if your threat model includes targeted surveillance.

@resist1984 @hypolite @aral @jsparknz No not at all, they can monitor at a server level.