Interesting OpEd from Ars Technica on PGP


His main premise is that the web of trust model fundamentally breaks several important things, such as encouraging long-lived keys. I’m a fan of GPG for encryption, but I’ve always found it unwieldily for communication. Thoughts?


(oaktree) #2

Just use protonmail. Services should encrypt by default without your even noticing.

1 Like

(Leader & Offsec Engineer & Forum Daddy) #3

That is super surprising. PGP has been an industry standard for so long. I would surely trust PGP more than Signal. IMO.

Nice share!

1 Like

(Not a N00b, but still learning) #4

Of course as it has been established for a longer time (and therefore more people should have looked over the code), it should be more trustworthy. He does state that PGP for encryption is secure, it is rather about the entire design of long term key usage. My interpretion is that for everyday messaging, Signal is better than GPG

1 Like

(Leader & Offsec Engineer & Forum Daddy) #5

For everyday messaging of course.

1 Like


Exactly. His beef is that it encourages bad behavior with the key management and WoT.