Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

So what, it's all or nothing for you? Even if there is an easy to use solution that you can set someone up with in about 10 minutes, that's absolutely valueless because it means that less than 100% of messages will use it?


What do you want to hear from me? Part of this is my own bias against email, but that's not all it is: I'm not making up the "emerging consensus" bit.


I'm a little concerned that the emerging consensus in question may be led by you, as you are a famous information security expert and people take your concerns and views very seriously. When you mention your view about this here or on Twitter, lots of people quarrel with you about it (some of them engaging with it seriously). A number of people have been persuaded by your arguments but a number of people keep strongly disagreeing.

But it's possible that more people agree with you and fewer disagree in contexts where people have more information security expertise or where more of them work on it professionally.


There is a presentation[1] by grugq on how to communicate securely. Using gpg with email is hard. Anecdotally, people reply in cleartext quoting the encrypted message. If you can train and test your co-conspirators before sending them incriminating evidence about yourself, maybe it can be done. But mistakes happen so often, people who have secrets that can get them killed or jailed for a long time just switched to Signal. That's what tptacek means.

1 - https://grugq.github.io/presentations/COMSEC%20beyond%20encr...




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: