Why Even Justified Criticisms Of GNU Privacy Guard Miss The Point

from the friend-in-need dept

Recently, there was something of a scare around GNU Privacy Guard (GPG), a “free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP).” An article on Propublica revealed that GPG was essentially the work of one person, who was running out of money. Just at the moment when we needed properly-implemented strong crypto most, it looked like the project was on the verge of collapse. Fortunately, that same article also succeeded in raising people’s awareness of the situation, and enough money was pledged as a result to secure the future of GNU Privacy Guard, at least for the immediate future.

Now GPG is under attack again, and from a surprising quarter. Moxie Marlinspike is the pseudonym of a well-known computer security researcher. You might expect him to be pretty supportive of what GPG is doing, and yet in a recent blog post he is anything but uplifted when he receives encrypted email using it:

When I receive a GPG encrypted email from a stranger, though, I immediately get the feeling that I don’t want to read it. Sometimes I actually contemplate creating a filter for them so that they bypass my inbox entirely, but for now I sigh, unlock my key, start reading, and — with a faint glimmer of hope ? am typically disappointed.

Here’s why:

Eventually I realized that when I receive a GPG encrypted email, it simply means that the email was written by someone who would voluntarily use GPG. I don’t mean someone who cares about privacy, because I think we all care about privacy. There just seems to be something particular about people who try GPG and conclude that it’s a realistic path to introducing private communication in their lives for casual correspondence with strangers.

Increasingly, it?s a club that I don?t want to belong to anymore.

The rest of his interesting post goes on to describe the flaws of GPG. Basically, it is extremely hard to use, not widely deployed, and has turned into impenetrable, backward-looking code — all of which are entirely reasonable criticisms. Marlinspike concludes:

GPG isn’t the thing that’s going to take us to ubiquitous end to end encryption, and if it were, it’d be kind of a shame to finally get there with 1990’s cryptography. If there?s any good news, it’s that GPG?s minimal install base means we aren’t locked in to this madness, and can start fresh with a different design philosophy. When we do, let’s use GPG as a warning for our new experiments, and remember that “innovation is saying ‘no’ to 1000 things.”

In the 1990s, I was excited about the future, and I dreamed of a world where everyone would install GPG. Now I’m still excited about the future, but I dream of a world where I can uninstall it.

Again, those are all good points. And yet for all GPG’s faults, and for all its failings, it seems somewhat ungrateful to berate it in these terms. I suspect that it has saved a good many people living in countries with oppressive and brutal regimes from arrest or worse; it has doubtless helped journalists to receive crucial information they might not otherwise have been sent, and to keep their sources safe; and it certainly made Snowden’s revelations possible — at least once Glenn Greenwald finally worked out how to install it. To say that it could have been better, or that its unintuitive approach may have prevented more people from using it misses the point, which is that in its own idiosyncratic way it was there when people really needed it, and that it did the job asked of it — and for that, we should be hugely grateful, even while hoping that something better will come along soon.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Why Even Justified Criticisms Of GNU Privacy Guard Miss The Point”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Any secure encryption system for person to person communication is going to have the same flaws of use as GPG. Security requires that people manage their own keys, and take precautions to secure them. Making encryption easy to use invariably means relying on someone else to mange keys, and associated key security. SSL is easy to use for the client,but requires that sever and administrators deal with certificates. Any compromise in the certificate system and use, as in Superfish, and the encryption is useless. A more reliable certificate system would require users to manage certificates for themselves, and obtain them from the sites that they wish to have secure communications with, and guess what, that makes certificate use inconvenient.

David says:

Misplaced criticism

It’s like berating an engine for being a bad car.

GPG is not an end-user application. It’s the job of a mail client to make use of the provided capabilities. I am using one that does this rather well and seamlessly, but then the mail client itself has a geekish flavor.

So it all boils down to what the mail client writers consider important for their users. You can use GPG even when they don’t consider encryption a priority, just like you can use file attachments even when not supported by your mail client.

But it is not all that much surprising that in this case comfort is not factoring in the equation, just like when figuring out how to make a road trip when all you have is an engine.

Anonymous Coward says:

Re: Misplaced criticism

Exactly. I’m not entirely sure why Moxie went on the diatribe he did — it seems almost exclusively to deal with how mail clients use GPG, as opposed to how GPG/OpenPGP is used in general.

For example, pretty much every Debian-style repository uses GPG to sign the dpkg archives. This includes Ubuntu, Cydia for iPhone, and countless others. No GPG = no way to verify the validity of these packages (until some other technology just as cryptic is used to replace it).

But in this case, GPG works SO well that for the most part, people are completely unaware that they’re using it. Once email use of GPG reaches this level, there will also be nothing to complain about on that front.

Anonymous Coward says:

When I first heard of PGP in the early 90s, I read an essay by Phil Zimmermann explaining that, for the time being, there was a serious problem with it. Since adoption rates were very low, actually encrypting your email will call attention to it. However, he argued, early adopters would help spread its use, so once it becomes ubiquitous, then PGP encryption would make your email secure.

That’s not what’s happened at all. Instead, OpenPGP usage is no more common — I’d guess it’s a much smaller proportion of overall email users that use OpenPGP to encrypt their mail now.

Furthermore, we know that using OpenPGP increases your exposure. The NSA, for instance, in infiltrating SIM card manufacturers in order to steal certs, concentrated its efforts on the small numbers of users using OpenPGP encryption in emails, because those were obviously the ones who handled the certificates.

As it stands now, using OpenPGP for email is actually worse than useless.

Anonymous Coward says:

Re: Re:

“As it stands now, using OpenPGP for email is actually worse than useless.”

That’s why I park my car with the windows down and the keys in the ignition. A thief looking at it will think “there can’t be anything of value there, or it wouldn’t be open with the keys just hanging there.” But a car all locked up just screams that it must be valuable. Securing your car is actually worse than useless.

Anonymous Coward says:

Re: Re: Re:

That’s why I park my car with the windows down and the keys in the ignition. A thief looking at it will think “there can’t be anything of value there, or it wouldn’t be open with the keys just hanging there.” But a car all locked up just screams that it must be valuable. Securing your car is actually worse than useless.

If everybody else left their cas parked with the windows down and the keys in the ignition a locked car would call itself into suspition. It would scream “Something valuable in here!”.

People do leave their email unlocked, with the windows down and the engine running. Those that lock up their email are screaming “Look at me, go on I dare ya!”

That’s the parent post’s point.

Uriel-238 (profile) says:

Re: Re: Re:2 French thieves will only rob your car.

Governments sifting through your emails will look for reasons to throw you in prison.

Competing companies will look through your emails for ways to tie you up in litigation, or for loose words hinting at trade secrets.

There are many, many reasons to want to keep private communications secure, even if you haven’t done anything wrong. Ambitious prosecutors make careers from discrediting people due to inconsistencies in their lives.

Not all emailers are climbers on vacation in France.

lfroen (profile) says:

Criticism is absolutely in place

Criticism of GPG is definitely in place. It’s so complicated to use that nobody bothers.

>> I suspect that it has saved a good many people living in countries with oppressive and brutal regimes from arrest or worse

False. Ironically, Mike often bring (valid) point that law enforcement need not to break encryption – tried and true methods are enough. Another side of the coin is that the same methods works for all sides: oppressive regimes including.

Anonymous Coward says:

The major flaws of PGP encryption:
1. Use of a common public key server among clients. IE. I use a SKS key server, and person X uses MIT’s which is not apart of SKS and thus can’t confirm or deny signatures.
2. Lack of revocation of bad keys. My system gets hacked or I simply lose my private key, so basically you are SOL.

These are two of the major flaws with PGP currently off the top of my head that I deal with regularly. Is this the end of the world? I wouldn’t say so, but it’s definitely a security flaw and we’ve seen some of the repercussions already with SSL certificates. Thankfully, there are valid attempts to come up with an alternatives, so I’m in agreement with Moxie, if something like DarkMail actually can solve the problem, I’m all for it. For now though, we are stuck with PGP, so I think he’s actually a bit whiny unless he’s actually got a solution worked out.

Anonymous Coward says:

Re: Re:

There’s the lack of perfect forward secrecy, as previously noted. It was easier to implement PGP without it, especially given that people were often offline in those days (clever key management, e.g. prepublishing keys, could help).

Key management in general is a problem. Where do you keep your public key? On your computer, which may not be so secure? On a smart card (Gemalto…) which is probably a black box? On your phone? (If not, how do you read email on your phone? Your public “key” should be able to say “encrypt to these 5 keys—desktop PC, phone, etc.”—but I don’t think it can. Same for signing.) The keyserver problem is more manageable: with DNSSEC people could grab your key from DNS somehow (there are 2 standards, of course—neither widely implemented).

Darkmail, at first glance, seems way too complicated. You can tell it’s overdesigned given the existence of fields like “alma mater”, “gender”, “political party”—each with a specific integer identifier, because for some reason RFC822 or JSON or vCard data is no good. Some actual important areas are underdesigned, though: no attempt is made to hide which servers are communicating, so traffic analysis will still work quite well for entities that run their own mail servers. (Why not just have an MX-type record pointing to a .onion address? Even without message body encryption it would help.)

John Fenderson (profile) says:

Re: Re: Re:

“Where do you keep your public key? On your computer, which may not be so secure?”

The whole point of the public key is that it can be safely and widely distributed to the public. There is no need to keep the public key a secret (indeed, doing so eliminates the advantage of PKE! If you’re doing that, you’d be better off using a stronger symmetrical key crypto).

You probably meant private key here. I keep my private keyring on a small USB memory device. It is never stored on a computer at all.

Your underlying point, that key management is the big problem with PKE, is perfectly on point. However, for all the key management problems of PKE, the key management situation for symmetrical key ciphers is much, much worse.

william (profile) says:

Thank you Moxie for your enthusiasm in the 1990s (wow it’s already 20 years since 1995!) about End-to-End encryption for the masses using GPG

Since you probably didn’t contributed much to this open source development, most of the disappointment you have is brought about by you for not doing anything.

So we are just going to take good points in your criticism, and ignore your bi*ching.

thank you and come again!

Anonymous Coward says:

Re: Re: Re:

“It would behoove you to do a few seconds of searching before you make a monkey out of yourself.”

Hmm, I looked at that page and didn’t really see much contribution to “this open source development” (i.e. PGP).

Perhaps actually reading that page before citing it might help you keep from looking like the south end of a north bound baboon.

John Fenderson (profile) says:

Re: Re: Re: Re:

“I looked at that page and didn’t really see much contribution to “this open source development” (i.e. PGP).”

You aren’t really asserting that only people who contribute code to a project have the right to criticize the project, are you? I hope not. If that were the prevailing attitude, it would pretty much ensure that open source projects will be of low quality.

Anonymous Coward says:

Re: Re:

Moxie Marlinspike is responsible for the development of TextSecure, the end-to-end encrypted instant messaging app, which was already majorly influential in the arab spring.
OpenWhispersystems also developed the axolotl ratchet which is as of now the best and most modern asymmetric cryptography scheme for an asynchronous world, building on OTR.

You’re not doing him justice.

Anonymous Coward says:

His main issue and why I believe he made that post is because right now GPG has like 50,000 users, and it would be FINE if those users continued to torture themselves using it – HOWEVER – big companies like Google and Yahoo, and who knows, maybe more later, are planning to work it into an extension and support it in their email services.

And he believes it’s better to design something new from scratch, if they’re going to do this effort anyway, and then push it to tens if not hundreds of millions of users.

Anonymous Coward says:

I’m on the edge regarding GPG. It offers and has offered encryption that is unbreakable even now.
But because it has always been there, nothing better was developed. The biggest enemy of progress is “good enough”.

Enigmail for Thunderbird falls under the exact same category. Too hard to use, thereby sabotaging wider spread. Already sufficient in features, so Thunderbird devs never implemented PGP into TB directly.

“Don’t reinvent the wheel” applied wrongly. Because this wheel is crooked and flat.

Mike Acker (profile) says:

a signature which can be recognized, but not faked

this thought is from Whitfield Diffie — as expressed in his tesimony on behalf of NewEgg v TQP Holdings

to do business in a digital network world we need a means by which we can authenticate a document in public and at the same time retain personal control over the means of doing that

For example: the IRS should expect you so offer a digital signature on your 1040 — and if you don’t — or if an invalid signature is offered — the the form would be rejected as invalid . this programming could be included with tax software; all the user would need to do is enter his|her passphrase for the signature just before the submit is transmitted

the same thinking is applicable to transmittals of any importance,– software, e/mail, online commerce,… the Thunderbird eMail client provides an excellent interface th GPG — in the ENIGMAIL plug-in .

x.509 certificates would be a lot better — if they were distributed with only marginal trust — you would need to countersign just the ones you actually needed to use

local services such as credit unions should become involved in authenticating personal user keys and getting them uploaded to help with this

the thing that should be totally obvious is: if we continue business into the future on the same basis that we have used in the recent past — hackers will make fools of us all.

Uriel-238 (profile) says:

This reminds me of when AOL was berated for the jerks who used AOL

…which is to say the late-adopter crowd, who we had to educate one. at. a. time. as to netiquette and flaming and trolling and why we don’t do such things.

Ironically, AOL’s sin was being too easy to use, which gave a tidy push towards email becoming the norm for human communication.

It sounds like the same kind of complaint here. That the GNU club is full of losers isn’t a criticism of the GNU technology rather of the limited number of people who still use it. That’s solved by the AOL solution: make it too easy to use, so that you have to educate the inept late-adopters.

psiuuu says:

beats me, but...

Would be nice to see this stuff worked into the leading email and webmail providers so it was relatively easy to set up.

At the very least, you could could get your regular personal communications encrypted as a standard thing. If everyone started doing it — THAT would probably get the various intelligence services doing actual targeting far more than any legislative, judicial, or silly constitutional/justice based reasons will.

Make it easy enough so it is just another couple clicks in setup for *whatever*, and the only people who need help are special circumstances (hi Mom & Dad!).

Anonymous Coward says:

GPG as a back-end system, with user friendly graphical front-ends written to interact with the GPG bank-end. Enigmail would be an example of a GUI front-end for GPG.

Enigmail requires Thunderbird, which isn’t very user friendly compared to web based Gmail.

I simply think Moxie Marlinspike is trying to express how un-user friendly all the graphical front-ends for GPG email have historically been.

That’s not GPG’s fault through. If Gmail incorporated the GPG back-end into it’s web mail software. Then Moxie’s point about GPG email being an exclusive club would become moot.

Jake says:

Moxie's textsecure seems to be just as bad as gpg

I installed redphone and textsecure today and I have to say, it’s a huge fucking mess. I’m not able to register my number, or unregister, it fucked up my ability to text regular users, and I’m already sick of it. GPG might not be very simple, but Moxie’s apps are absolutely crap.

Prashanth (profile) says:

If only dissidents use GPG

I can sort of see why the author of that piece is upset though. Isn’t the point of encryption to make sure that email originating from political dissidents and activists cannot be distinguished from email going between ordinary people? I don’t doubt that it has already proved its worth with people like Snowden, but I can’t help but feel it would be far more useful if everyone was using it (and not just Snowden and others like him); in that context, the criticism seems even more understandable.

Cyber Killer (user link) says:

A load of bull

I can’t understand people saying GPG is hard to use. I’ve been using it since the 90’s, I was in primary school then. I was no kid genius, I just knew how to read. All the docs are there, it only requires that one understands how asymmetric crypto works and the rest is very very easy.

So unless “IQ’s dropped suddenly while I was away” it’s no harder to use today than it was nearly 20 years ago. I’d say it’s a lot easier to use today, especially on GNU/Linux. On window$ maybe not, but nobody sane uses that platform anyway :-P.

sigalrm (profile) says:

Re: A load of bull

Many things in life are greatly simplified when you consult the manual.

But here’s the thing: substantially fewer than 1% of the general public will read a manual. If they can’t figure out proper usage from the user interface, they’ll either use the product incorrectly (and be dissatisfied), or they won’t use the product.

In a world of mobile apps, any software package designed for use by the general public that requires reading of anything to achieve basic functionality is pretty well doomed from the outset.

John Fenderson (profile) says:

Re: Re: A load of bull

“substantially fewer than 1% of the general public will read a manual”

Sad, but true. My friends often tease me because I always read the manual. I recently bought a toaster and got grief because I even read the manual for that!

However, the fact that I read manuals is precisely why my friends often seem to think I have some kind of supernatural power to make things work correctly. I can’t count the number of times that reading the manual for something that everyone already knows how to use has revealed hidden “gotchas”.

Case says:

So we are grading crypto based on gratefulness now?

In that case you should switch your WiFi encryption back to RC4 and tell all critics of that algorithm to STFU.
For all its failings, it would be ungrateful to berate a developer who has done as much for cryptography as Ron Rivest. To say that it could have been better misses the point, which is that in its own idiosyncratic way, it was there when people needed it.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...