The argument is that PGP with email is weak protection for multiple reasons: literally decades old cryptography, hard to use and easy to misuse, but most of all the very mail protocol mandates that some metadata remains in clear, and in practice most of it is easily available to third parties, first of which the servers hosting mail for me. As much as I want to see this ubiquitous protocol be used everywhere and get rid of the millions of chat protocols once and for all, that criticism is valid and requires at least a substantiated answer.
Right, all that is true. None if it justifies giving up on encrypted email, which is based on OPEN STANDARDS and is FEDERATED. I don't care if the subject leaks, I use generic subjects when discussing private matters with friends over PGP encrypted mails. Now I understand people are not happy with the state of encrypted email, which has more to do with support of popular email providers than with GPG per-se. But suggesting we use PROPRIETARY service for which only one official ELECTRON APP exists, which they host on AMAZON WEB SERVICES, which requires me to use PHONE NUMBER to sign up, and which is just waiting for enough VC money to transform into yet another analytic company, is just travesty.
Is Signal using crypto tokens to pay these blog promotions? I find it hard to believe that people writing these blogs do not realize the hypocrisy they commit. "Trust our service, we won't betray you. We promise. ;-)"
The Subject is part of data; you can't say you want end-to-end encryption and agree that some parts of the content is in clear.
I understand why you're saying Signal is proprietary, but it's also the standard for encrypted messenger that scales. Any protocol (or group of protocol) aiming to provide encryption and claiming to protect privacy should be doing at least as much as Signal. That bar is impossible to reach with email, short of coming up with an incompatible protocol in which case we might as well do it proper... that's what XMPP is for ;)
> Signal currently requires phone numbers for all its users. It does this not because Signal wants to collect contact information for its users, but rather because Signal is allergic to it: using phone numbers means Signal can piggyback on the contact lists users already have, rather than storing those lists on its servers.
But that's wrong? Signal totally has to build a global phone number database for the system to work, otherwise discovery wouldn't work. It doesn't matter if it hashes those numbers before, since the total range of phone numbers can be bruteforced with ease. Signal is a horrible examle for anonymous private messaging.
Yeah, I don't like using (unencrypted) email but it's ubiquitous from work to online authentication. Secure online communication is still an unsolved problem in practical terms.
I practice what i preach to the users in the company i work for:
Only put in Email what you would also put on a postcard or a piece of paper you leave for someone open on his desk. For everything else: Put it in our Nextcloud, send the receiver the link, CALL the receiver, give him the password (if he don´t have already an account).
