What I'm really seeing here is a person documenting a whole lot of performative stuff they do --- grooming their keys, fastidiously using 4096-bit RSA (whatever breaks 2048 bit RSA is going to end RSA, by the way), signing other people's keys, creating lots of separate PGP keys and grooming the metadata on them, publishing a "proper canary" --- or wish they were doing.

Which is a big problem with PGP. All the ceremony repels normal users, makes the system far harder to use, but also tightly binds enthusiasts to its subculture, making it that much harder to improve.

PGP seems like a leaky abstraction. I am highly technical and my eyes glaze over when I see terms like elliptic curve.

What should I use if want to send dead simple, foolproof encrypted email? (Foolproof in that I can trust that updating the program will patch vulnerabilities and incorporate the state of the art methods)

tptacek

You can't send a foolproof encrypted email. Email is insecure and always will be. The idea that PGP could make it secure was always a fantasy. Efail should have been the final nail in the coffin. If you want to talk to other people securely, use a secure messenger; secure messenger cryptography is its own distinct subfield of cryptography research, and real secure messengers have cryptography purposely designed for it. It involves elliptic curves, but you don't have to think about that.

Signal is the best of the lot, but Wire, or anything else that uses Signal Protocol is fine.

johnisgood

> Signal uses standard cellular mobile numbers as identifiers

This is a big no. Even Wire uses metadata but only requires an e-mail account. I would like to see Ricochet (https://ricochet.im/) picked up by someone. Tor hidden services have been improved with added features which Ricochet does not utilize. I skimmed through the codebase and I came across some issues, heck, even the design is a bit obsolete as we have better algorithms with better parameters. Regardless, the idea is great and this is definitely doable, even by modifying Ricochet's codebase.

There is Cwtch (https://cwtch.im/) that extends Ricochet to support multi-party messaging. I did not dig deep into it, but it may use the same algorithms. Additionally, it uses a language with a GC.

I think a Ricochet-like IM software written in Ada/SPARK using libsparkcrypto (https://github.com/Componolit/libsparkcrypto) would be ideal.

dngray

> Signal uses standard cellular mobile numbers as identifiers

Exactly and what's to say I want some random guy on the internet being able to call my phone.

Keep in mind tptacek quite literally pastes replies gushing about Signal/Wire in any thread related to PGP or instant messaging. They even paste it in threads which mention PGP but talk about other issues such as file encryption, signing etc, ie the uses not covered by an instant messaging platform. I have come to just skimming over anything they say because of it. Come on, put a bit of effort into your reply.

> Wire uses metadata but only requires an e-mail account.

It also doesn't offer federation. At this point I think Matrix is the best hope if you're okay with minimal metadata. It is also making huge strides of progress if you keep up to date with their development, so that's exciting. https://matrix.org/blog/posts

> There is Cwtch (https://cwtch.im/) that extends Ricochet to support multi-party messaging. I did not dig deep into it, but it may use the same algorithms. Additionally, it uses a language with a GC.

I have high hopes for Cwtch. It seems to be a common thing people don't want to address: metadata. That said you can have a fairly meta-dataless experience with Matrix if you run a server and don't federate.

Ideally I'd like to see this get solved https://github.com/vector-im/riot-web/issues/2320#issuecomme...

pvg

quite literally pastes replies

Can you find a concrete example of that?

dngray

> Can you find a concrete example of that?

I should have been more clear on that. Their own replies, look at their post history.

It's usually something like "Use Signal/Wire blah blah they are so good and will solve all the worlds problems". Someone then always points out that Signal requires you to share your phone number. Who wants to do that publicly?

Then people usually say the desktop client is pretty bad experience and you need Signal on your phone anyway to be able to use it. Even if you use a disposable SIM, the issue comes up with the number going back into the carrier distribution pool to be issued to new customers.

Phone numbers are a terrible way to identify people. Unlike email, where you can have spam filters, phone numbers have virtually no user controls for stopping unsolicited communications. Hell even IRC has that it's called /ignore.

Often then the next thing that gets mentioned is Signal does not like people making third party clients, so that means no nice TUI client or something that is native for your platform. I dunno about you, but I go out of my way to avoid Electron. I am thankful that at least with Matrix, there are other clients being developed, and tools like Pantalaimon that will allow for easy encryption everywhere. https://github.com/matrix-org/pantalaimon

I have blind friends and they say Electron applications are terrible. By that I mean non-functional with their screen readers, so that's a 0/10 for accessibility.

And then someone else always points out Wire has metadata and isn't even federated like Matrix so you're back to square one.