What could make GnuPG + Enigmail "easier"?

Robert J. Hansen rjh at sixdemonbag.org
Mon Apr 10 09:11:14 CEST 2017


> What you *aren't* hearing is:

[good points snipped]

Shirley Gaw's 2006 paper addresses these factors dead-on.
http://www.soe.ucsc.edu/classes/cmps223/Spring09/Gaw%2006.pdf

It's worth reading.  A major additional factor Gaw found inhibiting
adoption was the fear of being seen as paranoid.  The following excerpt
talks about various employees (all under pseudonyms) at an
environmental-action NGO which participated in a variety of illegal
direct action campaigns.  You'd think these people would view paranoia
as a good thing, but the reality was quite different.

A couple of passages are _underlined_ to reflect italics in the original
text.

=====

"Many of the employees interviewed at [this NGO] had limits to their
willingness to be more secure. In fact, moving beyond that limit was
seen as abnormal or paranoid. While Woodward was especially vigilant,
even the technical support staff admitted he might be excessively
protective. Was the effort justified? Was it reasonable precaution?

Abe explained how someone could 'go overboard' when he described how a
representative of the PGP Corporation visited [the NGO]. Instead of a
typical password authentication, the representative took off his
necklace and used a removable flash drive that held his private key. The
demonstration discouraged Abe:

'It was too over-the-top and definitely too complicated... it was like a
movie.'

He saw the presenter as paranoid. He went on to say:

'Yeah, I admire him because he comes in and puts his passphrase ...
every single day, three times a day, so that's very dedicated to his
stuff. He must either be very scared or very motivated.'

He was not sure whether this vigilance was justified. In fact, he
associated it with being fearful, perhaps irrationally fearful.

Abe reiterated this when asked to speculate on why a colleague sent
every e-mail message encrypted. He figured this man has an automated
system for encrypting e-mail 'or he's nuts.'

When Sandra was asked why she said her e-mail communications were not
anything people were 'dying to get their hands on,' she explained:

'I'm not paranoid enough to think the CIA is monitoring my emails or
anything to that effect.'

Not only was encrypting messages excessive for someone who had no
secrets, it was _paranoid_ _behavior_ to assume anyone would be
interested in eavesdropping on her communications.

Jenny also thought it was abnormal to encrypt non-secret information.
When the interviewer abstractly explained that people in security
suggest all users encrypt all messages, Jenny was baffled:

'So you're saying that ... people should just--even _normal_ people?
That you're sending e-mail to ... your mom, like "hey, things are going
...", that you should encrypt your e-mail?  That people should do all
that?'

Jenny emphasizes 'normal people.' _Normal_ _people_ wouldn't encrypt
normal messages."



More information about the Gnupg-users mailing list