PGP/MIME use

Robert J. Hansen rjh at sixdemonbag.org
Wed Feb 1 17:19:08 CET 2012


On 2/1/12 10:47 AM, Hauke Laging wrote:
> Of course not. I just don't believe that there are many examples of
> this type out there. To me a serious user is one who actively signs,
> encrypts, and/or verifies data and knows what he is doing. He has
> created a key and verified at least one. Everything else seems like
> special use to me.

Then yes, you are selecting for email users.  There are quite a lot of
people who use GnuPG primarily for themselves -- for instance, a system
administrator who signs each backup, a lawyer who encrypts files when in
transit on a flash drive, etc.

The overwhelming majority of the users you see are using email, yes, but
only because email is the method by which you come to see them.  Users
who never announce their usage (the system administrator, the lawyer,
etc.) are completely invisible to you.

I can't give an estimate on the number of 'invisible' users: they're
invisible to me, too.  But I'm not going to believe they don't exist, or
that they don't exist in good numbers.

> That's not what I would call a serious user.

A 'serious user' is, to me, someone who will send angry emails if things
break.  If a program can fail and not have an immediate adverse effect
on a user, the program is not important to the user and the user can be
said to not be a "serious user."

If GnuPG breaks, a whole lot of the Linux experience breaks.  You get
warnings left and right about installing packages with bad signatures,
important updates don't happen, etc.  This will result in a lot of angry
people strangling whoever is responsible for breaking their PC.

Yes, this definition means that you're a serious user of your OS kernel.
 And why wouldn't you be?  You demand your PC make thousands of kernel
calls each second.  Is that not serious use?

> Counting that way some big distributors would just have to add
> Enigmail to their (graphical) default installation and to you the
> numer of Enigmail "users" would get boosted by a factor of 100
> without any real change.

Think about what you're saying:

	(a) a major distro would have to ditch their email client for
	    Thunderbird
	(b) a user would have to download and install Enigmail, since
	    it's not a standard part of Thunderbird

Ubuntu will be switching to Thunderbird in 12.04, apparently, so that
takes care of (a).  I doubt we will see a huge surge in Enigmail users
as a result, though, since (b) is unchanged.

As soon as both Thunderbird *and* Enigmail are part of a standard Linux
installation, let me know.  I'd love to know about it.  Until then, I
think Enigmail is going to remain a niche player.

>> (GnuPG is already on your system.)
> 
> That's not true for a certain quite popular OS.

Quite in context, please.  In context, that sentence obviously referred
to Linux users.  Quoting people out-of-context to score points is a pet
peeve of mine.

>> GnuPG would still crush us with between 100,000 and 350,000
>> 'knowing' users.
> 
> Knowing is not the point to me.

Well, clearly the install base isn't the point, you've already said
those aren't what you'd call 'serious users'.  And if users who know of,
are aware of, who pay attention to, how GnuPG works behind the scenes
aren't relevant to you, then what is?  Each benchmark I use to represent
a class of users, you reject as being not what you're talking about, so
please tell me precisely what you *are* talking about.

> And which of these scenarios is more probable? Who will after
> starting to sign emails start to send emails to people he is not
> familiar with?

Quite a lot, apparently.  There are a whole lot of people on this
mailing list.  I'm sending a message to all of them, including people I
don't even know.

Your question: "Who will after starting to sign emails start to send
emails to people he is not familiar with?"

The answer is Facebook.  Google+.  eHarmony.  Match.com.  JDate.
Bear411.  ChristianSingles.com.  The list goes on and on and on.  (Note:
my mention of any service is not an endorsement.  If so, I'd be a weird
mess of contradictions: a nice Jewish boy who happens to be a
Pentecostal bear...)

People love to talk and to meet new people.  You can't stop people from
talking to each other.  It's part of the human experience.  Something
about creating social connections tickles something deep in our brains.
 It's like a drug.  It's so much part of the human experience that we do
it even when it's risky and dangerous, and for those who *don't* love to
talk and meet new people we hang words like "misanthrope" or "hermit"
off them -- words with powerful connotations of psychological dysfunction.

> You probably wouldn't even have to because everyone who is in regular
> contact with you would know that.

Yes, but that's completely irrelevant.  I don't mean to be callous, but
you've missed a very important point.

The people who would be complaining about my conduct would be people who
don't know me from the wind.  *They're* the ones who would have to be
persuaded I was on the up-and-up.  Persuading them would be an uphill
road to hoe.

What would the Dean say to them?  "I've known Rob for three years and
he's never once expressed any sentiments like this?"  They'd point out
that yes, I've never expressed sentiments like that openly around the
Dean because those opinions are so offensive they'd get me canned.

Best case scenario, the aggrieved parties would demand the Dean make a
full investigation.  The Dean would know there would be no investigation
that could either clear me or condemn me: there's simply not enough
evidence to draw conclusions either way.  The Dean would know that I was
on the up and up, but since trust isn't transitive, he couldn't convince
the concerned college community I was on the up and up.

So the Dean would quietly relieve me of teaching duties, give me a
research job in some office somewhere that I didn't have to interact
with anyone, keep me out of public view, and he'd tell the affected
people "the investigation is underway, and until it's resolved we've
relieved him of teaching duties."  Then in a semester or two I'd be
quietly reinstated as a TA.

Welcome to politics.  That's how it works.

>> And then I imagined my dean answering, "That proves nothing: after
>> all, if I was posting this stuff I wouldn't sign it, either."
> 
> Would not make much sense to use the name but not sign it, though.

Sure it would.  Deniability.



More information about the Gnupg-users mailing list