Interesting: Basecamp are launching a new email service called Hey:

My educated guess would be that they won't bother with PGP support at all.

However, at this point, anything that gets people out of GMail is a net win in my book. No one company should hoard that much unencrypted personal communication.

@zensaiyuki How so? I don't know of any other widely used e2e standard for email.

@raucao i am no security expert but the current advice seems to be “don’t use email”

@zensaiyuki I consider that bad advice, and the advice to use Signal instead is even worse. The EFF didn't make a lot of friends with that recommendation, and I still don't see why they did that.

@raucao using nothing and knowing it is a better state of affairs than a false sense of security

@zensaiyuki It is objectively more secure than switching to plaintext emails. That's a simple fact.

@zensaiyuki Or, as people in instant messenger e2e like to put it: bad encryption is better than no encryption.

@zensaiyuki Yes, but targeted attacks by actors that would murder you are not exactly the default situation. Telling everyone else to switch to plaintext and Signal is just achieving that people don't encrypt their email at all, and that's arguably less secure than encrypting them.

@raucao what people should be doing is assuming that their emails will be viewed by people who may attempt to murder them. that may not be the default situation *now* but things change, and governments can become more murderous. the key poing is previously encrypted emails, the ones that were written with an expectation of secrecy, can now be decrypted. that’s dangerous and telling people it’s okay to use that for anything that needs secrecy is dangerous.

@zensaiyuki You still don't see the point. Not encrypting all of your email at all is more dangerous for the average person over the long term in my opinion, and you haven't brought forward any argument as to why that's not the case. Thanks for the convo, but I think you will disagree no matter what. So let's just keep it at that.

@raucao i see your point, I just don’t buy it. if the average person cares about privacy, the only thing PGP is going to protect you from is people who have access to your email server or some mitm server but are somehow not technically literate enough to find and use the pgp exploit. it’s more dangerous to believe pgp is providing any protection at all, and write emails with that expectation. for people that want to violate your privacy, pgp is no barrier

@raucao what you have failed to provide is any argument that a known cracked encryption is better than plain text. that can only seem true if you don’t think about it for very long.

@raucao moreover it’s irresponsible and dangerous to spread that argument to anyone it might harm. and i have seen many people get killed or condemned to life in prison by people like you

@zensaiyuki OK, now I have to mute you. That's an absurd insult and I never said I'd advise people to use PGP email for something that critical. Go away now.

@zensaiyuki Except that PGP itself has not been "cracked", and that my email provider, or anyone trying to extract my data from them, will still not be able to read my encrypted emails.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!