The fact that nobody uses PGP is disturbing to me. It's simple,
it's effective and it's easy yet it is failing. You can't really
protect your privacy if other people don't care about theirs. Well,
you could choose to stop communicating with people all together. I'm
not sure that would work out in the long run
though. The
New Cryptography by Bruce Sterling is a great read, it reminds us
of the struggle to bring strong crypto to the public. What did we do
with it?
Most common excuse I have read a thousand times: "I have nothing
to hide", well they should rethink that one as I'm sure they
place their snail mail
in envelopes. The
situation is getting worse every day yet nobody gives a damn. If there
is anyone that should care I would expect it to be "hackers". I would
be wrong. On a regional hackmeeting last year when we worked
on the schedule a key signing was arranged for the last day
of the event. But it was skipped, it was the last thing on anyone's
mind. I mentioned it and someone said "we'll do it next
year". Yeah right, if "hackers" don't care then who will?
Later in the year I was interested in a job opening. I got the contact
information where I was to send my CV, it turned out to be from a
fellow GNU enthusiast. I grabbed his key from a key
server and was glad my resume was securely on its way. It was a
surprise
when this
came in the reply. It was funny, I'll admit, but it wasn't his
complete personal record on the line. You published your key and
expected people not to use it? Ever heard of the revocation
certificate? Ah, but it turns out he was "just testing"
and probably "forgot" how to use it too. Again, if you don't
care then who will?
All this also reflects on instant messaging. Even more so, as
it's probably in wider use then e-mail
today. My favorite IM client has
both GPG
and e2e support
while OTR was removed temporarily (but it lives in
an independent
branch). That would be just great if it wasn't for the fact that
practically nobody uses Gajim, or Jabber for that
matter. From there it gets worse as private IM networks usually don't
offer encryption. In case of MSN, the most popular network in
existence, it could even breach their TOS - to which so many
conform, so easily renouncing their privacy:
[...] we may monitor your communications and disclose information about you, including the content of your communications, if we consider it necessary to: (1) comply with the law or to respond to legal process; (2) ensure your compliance with this contract; or (3) protect the rights, property, or interests of Microsoft, its employees, its customers, or the public [...]