Why trust gpg4win?
Jan
takethebus at gmx.de
Fri Jul 26 22:59:05 CEST 2013
Thanks to everyone for their answers.
Thanks for pointing out to me, that MS colaborates with secret services. I
searched the web and learned that Outlook.com, Skype and Skydrive are not
secure:
http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
Further, I learned that it is likely that MS had installed a backdoor for
the NSA in Windows 95:
http://www.heise.de/tp/artikel/5/5263/1.html
Do you know about backdoors in newer versions of windows? Anyway, I agree
that free software is more trustworthy than proprietary software, which is
not open source. Despite that I agree with Werner Koch who wrote here
http://rem.eifzilla.de/archives/2013/07/16/gpg4win-and-the-feds
that it is impossible for a single person to check the entire code that runs
on a PC, even if it is open source. Especially this is not possible for the
average user, since he is not a programer. The average user uses Windows,
whether I like it or not. My comunication partners are average users and I
which they were able to use gnupg in a save way, - at least they should know
about the risk they are taking. That's why I want to produce a free youtube
video which tells windows users how to use gunpg savely/criticaly.
It seems to me the safest way is to have one online PC for surfing and an
offline PC on which gpg4win is installed. This way the operation system
doesn't really matter, - do you agree? If a person posses only one PC, he
must live with higher risk, but then he should not in his key-ID that his
privte key is stored on an online PC. This way people who send him mail will
know their risk.
Still I wonder whether there are many sources for SHA1 sums of gpg4win, that
could be used by a windows user to test the integrity of his download (C't
?). Are the SHA1 sums of gpg4win presented on the download site checked
regularly by their authors?
Kind regards,
Jan
More information about the Gnupg-users
mailing list