Why Even Justified Criticisms Of GNU Privacy Guard Miss The Point
from the friend-in-need dept
Recently, there was something of a scare around GNU Privacy Guard (GPG), a “free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP).” An article on Propublica revealed that GPG was essentially the work of one person, who was running out of money. Just at the moment when we needed properly-implemented strong crypto most, it looked like the project was on the verge of collapse. Fortunately, that same article also succeeded in raising people’s awareness of the situation, and enough money was pledged as a result to secure the future of GNU Privacy Guard, at least for the immediate future.
Now GPG is under attack again, and from a surprising quarter. Moxie Marlinspike is the pseudonym of a well-known computer security researcher. You might expect him to be pretty supportive of what GPG is doing, and yet in a recent blog post he is anything but uplifted when he receives encrypted email using it:
When I receive a GPG encrypted email from a stranger, though, I immediately get the feeling that I don’t want to read it. Sometimes I actually contemplate creating a filter for them so that they bypass my inbox entirely, but for now I sigh, unlock my key, start reading, and — with a faint glimmer of hope ? am typically disappointed.
Here’s why:
Eventually I realized that when I receive a GPG encrypted email, it simply means that the email was written by someone who would voluntarily use GPG. I don’t mean someone who cares about privacy, because I think we all care about privacy. There just seems to be something particular about people who try GPG and conclude that it’s a realistic path to introducing private communication in their lives for casual correspondence with strangers.
Increasingly, it?s a club that I don?t want to belong to anymore.
The rest of his interesting post goes on to describe the flaws of GPG. Basically, it is extremely hard to use, not widely deployed, and has turned into impenetrable, backward-looking code — all of which are entirely reasonable criticisms. Marlinspike concludes:
GPG isn’t the thing that’s going to take us to ubiquitous end to end encryption, and if it were, it’d be kind of a shame to finally get there with 1990’s cryptography. If there?s any good news, it’s that GPG?s minimal install base means we aren’t locked in to this madness, and can start fresh with a different design philosophy. When we do, let’s use GPG as a warning for our new experiments, and remember that “innovation is saying ‘no’ to 1000 things.”
In the 1990s, I was excited about the future, and I dreamed of a world where everyone would install GPG. Now I’m still excited about the future, but I dream of a world where I can uninstall it.
Again, those are all good points. And yet for all GPG’s faults, and for all its failings, it seems somewhat ungrateful to berate it in these terms. I suspect that it has saved a good many people living in countries with oppressive and brutal regimes from arrest or worse; it has doubtless helped journalists to receive crucial information they might not otherwise have been sent, and to keep their sources safe; and it certainly made Snowden’s revelations possible — at least once Glenn Greenwald finally worked out how to install it. To say that it could have been better, or that its unintuitive approach may have prevented more people from using it misses the point, which is that in its own idiosyncratic way it was there when people really needed it, and that it did the job asked of it — and for that, we should be hugely grateful, even while hoping that something better will come along soon.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: email, gnu privacy guard, gpg, moxie marlinspike, privacy, security
Comments on “Why Even Justified Criticisms Of GNU Privacy Guard Miss The Point”
Any secure encryption system for person to person communication is going to have the same flaws of use as GPG. Security requires that people manage their own keys, and take precautions to secure them. Making encryption easy to use invariably means relying on someone else to mange keys, and associated key security. SSL is easy to use for the client,but requires that sever and administrators deal with certificates. Any compromise in the certificate system and use, as in Superfish, and the encryption is useless. A more reliable certificate system would require users to manage certificates for themselves, and obtain them from the sites that they wish to have secure communications with, and guess what, that makes certificate use inconvenient.
Misplaced criticism
It’s like berating an engine for being a bad car.
GPG is not an end-user application. It’s the job of a mail client to make use of the provided capabilities. I am using one that does this rather well and seamlessly, but then the mail client itself has a geekish flavor.
So it all boils down to what the mail client writers consider important for their users. You can use GPG even when they don’t consider encryption a priority, just like you can use file attachments even when not supported by your mail client.
But it is not all that much surprising that in this case comfort is not factoring in the equation, just like when figuring out how to make a road trip when all you have is an engine.
Re: Misplaced criticism
Exactly. I’m not entirely sure why Moxie went on the diatribe he did — it seems almost exclusively to deal with how mail clients use GPG, as opposed to how GPG/OpenPGP is used in general.
For example, pretty much every Debian-style repository uses GPG to sign the dpkg archives. This includes Ubuntu, Cydia for iPhone, and countless others. No GPG = no way to verify the validity of these packages (until some other technology just as cryptic is used to replace it).
But in this case, GPG works SO well that for the most part, people are completely unaware that they’re using it. Once email use of GPG reaches this level, there will also be nothing to complain about on that front.
When I first heard of PGP in the early 90s, I read an essay by Phil Zimmermann explaining that, for the time being, there was a serious problem with it. Since adoption rates were very low, actually encrypting your email will call attention to it. However, he argued, early adopters would help spread its use, so once it becomes ubiquitous, then PGP encryption would make your email secure.
That’s not what’s happened at all. Instead, OpenPGP usage is no more common — I’d guess it’s a much smaller proportion of overall email users that use OpenPGP to encrypt their mail now.
Furthermore, we know that using OpenPGP increases your exposure. The NSA, for instance, in infiltrating SIM card manufacturers in order to steal certs, concentrated its efforts on the small numbers of users using OpenPGP encryption in emails, because those were obviously the ones who handled the certificates.
As it stands now, using OpenPGP for email is actually worse than useless.
Re: Re:
“As it stands now, using OpenPGP for email is actually worse than useless.”
That’s why I park my car with the windows down and the keys in the ignition. A thief looking at it will think “there can’t be anything of value there, or it wouldn’t be open with the keys just hanging there.” But a car all locked up just screams that it must be valuable. Securing your car is actually worse than useless.
Re: Re: Re:
When you are climbing in some areas in France, you indeed leave one window down and the car unlocked.
Because otherwise a window will be smashed when you return.
You don’t go climbing in those regions unless you have an old car. Or you don’t have a clue.
Re: Re: Re: Re:
When you are climbing in some areas in France, you indeed leave one window down and the car unlocked.
Because otherwise a window will be smashed when you return.
Exactly.
Re: Re: Re:
That’s why I park my car with the windows down and the keys in the ignition. A thief looking at it will think “there can’t be anything of value there, or it wouldn’t be open with the keys just hanging there.” But a car all locked up just screams that it must be valuable. Securing your car is actually worse than useless.
If everybody else left their cas parked with the windows down and the keys in the ignition a locked car would call itself into suspition. It would scream “Something valuable in here!”.
People do leave their email unlocked, with the windows down and the engine running. Those that lock up their email are screaming “Look at me, go on I dare ya!”
That’s the parent post’s point.
Re: Re: Re: Re:
“People do leave their email unlocked, with the windows down and the engine running. Those that lock up their email are screaming “Look at me, go on I dare ya!”
Just as some people do leave their cars unlocked. Locked cars scream “Open me, go on I dare ya!”
Re: Re: Re:2 French thieves will only rob your car.
Governments sifting through your emails will look for reasons to throw you in prison.
Competing companies will look through your emails for ways to tie you up in litigation, or for loose words hinting at trade secrets.
There are many, many reasons to want to keep private communications secure, even if you haven’t done anything wrong. Ambitious prosecutors make careers from discrediting people due to inconsistencies in their lives.
Not all emailers are climbers on vacation in France.
Misses the point? I agree with a lot of what was stated. GPG is great, but there is room to improve and I too believe (as I do about many technologies) something new should eventually become defacto.
Re: Re:
If the developer needs more help, we ought to help to provide it. This sounds like a case of not enough hands on the deck.
Criticism is absolutely in place
Criticism of GPG is definitely in place. It’s so complicated to use that nobody bothers.
>> I suspect that it has saved a good many people living in countries with oppressive and brutal regimes from arrest or worse
False. Ironically, Mike often bring (valid) point that law enforcement need not to break encryption – tried and true methods are enough. Another side of the coin is that the same methods works for all sides: oppressive regimes including.
Re: Criticism is absolutely in place
Just plain old, absolutely, 100% false?
The major flaws of PGP encryption:
1. Use of a common public key server among clients. IE. I use a SKS key server, and person X uses MIT’s which is not apart of SKS and thus can’t confirm or deny signatures.
2. Lack of revocation of bad keys. My system gets hacked or I simply lose my private key, so basically you are SOL.
These are two of the major flaws with PGP currently off the top of my head that I deal with regularly. Is this the end of the world? I wouldn’t say so, but it’s definitely a security flaw and we’ve seen some of the repercussions already with SSL certificates. Thankfully, there are valid attempts to come up with an alternatives, so I’m in agreement with Moxie, if something like DarkMail actually can solve the problem, I’m all for it. For now though, we are stuck with PGP, so I think he’s actually a bit whiny unless he’s actually got a solution worked out.
Re: Re:
Neither of those are flaws with GPG specifically, and both of those are easy to work around by simply not using key servers. There is nothing that requires their use.
Re: Re:
Actually it does include revocation:
https://www.gnupg.org/faq/gnupg-faq.html#generate_revocation_certificate
That doesn’t prevent someone from decrypting your previously received data with your key but I’m not sure anything would be able to do that.
Re: Re:
There’s the lack of perfect forward secrecy, as previously noted. It was easier to implement PGP without it, especially given that people were often offline in those days (clever key management, e.g. prepublishing keys, could help).
Key management in general is a problem. Where do you keep your public key? On your computer, which may not be so secure? On a smart card (Gemalto…) which is probably a black box? On your phone? (If not, how do you read email on your phone? Your public “key” should be able to say “encrypt to these 5 keys—desktop PC, phone, etc.”—but I don’t think it can. Same for signing.) The keyserver problem is more manageable: with DNSSEC people could grab your key from DNS somehow (there are 2 standards, of course—neither widely implemented).
Darkmail, at first glance, seems way too complicated. You can tell it’s overdesigned given the existence of fields like “alma mater”, “gender”, “political party”—each with a specific integer identifier, because for some reason RFC822 or JSON or vCard data is no good. Some actual important areas are underdesigned, though: no attempt is made to hide which servers are communicating, so traffic analysis will still work quite well for entities that run their own mail servers. (Why not just have an MX-type record pointing to a .onion address? Even without message body encryption it would help.)
Re: Re: Re:
“Where do you keep your public key? On your computer, which may not be so secure?”
The whole point of the public key is that it can be safely and widely distributed to the public. There is no need to keep the public key a secret (indeed, doing so eliminates the advantage of PKE! If you’re doing that, you’d be better off using a stronger symmetrical key crypto).
You probably meant private key here. I keep my private keyring on a small USB memory device. It is never stored on a computer at all.
Your underlying point, that key management is the big problem with PKE, is perfectly on point. However, for all the key management problems of PKE, the key management situation for symmetrical key ciphers is much, much worse.
Where are all the user interface and interaction designers? Oh, wait, never mind. They all became user experience designers dedicated to figuring out how many pastel tiles generate the most Likes.
I respect Moxie’s pragmatism and his coding chops, but building ostensibly secure apps (Signal, TextSecure) with proprietary dependencies (Google Cloud Messaging, iOS Messaging Service) doesn’t make people more secure it makes them more reliant on centralized structures of control.
Privacy
I would have thought that by now it was obvious that there are a lot of people who don’t care one bit about privacy, at least online.
If it were otherwise, we wouldn’t have so many people who consistently fight against it.
Re: Privacy
If it were otherwise, nobody would know who Mark Zuckerberg is.
Thank you Moxie for your enthusiasm in the 1990s (wow it’s already 20 years since 1995!) about End-to-End encryption for the masses using GPG
Since you probably didn’t contributed much to this open source development, most of the disappointment you have is brought about by you for not doing anything.
So we are just going to take good points in your criticism, and ignore your bi*ching.
thank you and come again!
Re: Re:
Re: Re: Re:
“It would behoove you to do a few seconds of searching before you make a monkey out of yourself.”
Hmm, I looked at that page and didn’t really see much contribution to “this open source development” (i.e. PGP).
Perhaps actually reading that page before citing it might help you keep from looking like the south end of a north bound baboon.
Re: Re: Re: Re:
“I looked at that page and didn’t really see much contribution to “this open source development” (i.e. PGP).”
You aren’t really asserting that only people who contribute code to a project have the right to criticize the project, are you? I hope not. If that were the prevailing attitude, it would pretty much ensure that open source projects will be of low quality.
Re: Re:
Moxie Marlinspike is responsible for the development of TextSecure, the end-to-end encrypted instant messaging app, which was already majorly influential in the arab spring.
OpenWhispersystems also developed the axolotl ratchet which is as of now the best and most modern asymmetric cryptography scheme for an asynchronous world, building on OTR.
You’re not doing him justice.
His main issue and why I believe he made that post is because right now GPG has like 50,000 users, and it would be FINE if those users continued to torture themselves using it – HOWEVER – big companies like Google and Yahoo, and who knows, maybe more later, are planning to work it into an extension and support it in their email services.
And he believes it’s better to design something new from scratch, if they’re going to do this effort anyway, and then push it to tens if not hundreds of millions of users.
Re: Re:
Just look at this – could’ve been easily fixed if PGP supported forward secrcy – but it doesn’t so now they’re screwed as all past email can be read, if intercepted:
https://twitter.com/nilssonanders/status/573598804496228352
I’m on the edge regarding GPG. It offers and has offered encryption that is unbreakable even now.
But because it has always been there, nothing better was developed. The biggest enemy of progress is “good enough”.
Enigmail for Thunderbird falls under the exact same category. Too hard to use, thereby sabotaging wider spread. Already sufficient in features, so Thunderbird devs never implemented PGP into TB directly.
“Don’t reinvent the wheel” applied wrongly. Because this wheel is crooked and flat.
a signature which can be recognized, but not faked
this thought is from Whitfield Diffie — as expressed in his tesimony on behalf of NewEgg v TQP Holdings
to do business in a digital network world we need a means by which we can authenticate a document in public and at the same time retain personal control over the means of doing that
For example: the IRS should expect you so offer a digital signature on your 1040 — and if you don’t — or if an invalid signature is offered — the the form would be rejected as invalid . this programming could be included with tax software; all the user would need to do is enter his|her passphrase for the signature just before the submit is transmitted
the same thinking is applicable to transmittals of any importance,– software, e/mail, online commerce,… the Thunderbird eMail client provides an excellent interface th GPG — in the ENIGMAIL plug-in .
x.509 certificates would be a lot better — if they were distributed with only marginal trust — you would need to countersign just the ones you actually needed to use
local services such as credit unions should become involved in authenticating personal user keys and getting them uploaded to help with this
the thing that should be totally obvious is: if we continue business into the future on the same basis that we have used in the recent past — hackers will make fools of us all.
This reminds me of when AOL was berated for the jerks who used AOL
…which is to say the late-adopter crowd, who we had to educate one. at. a. time. as to netiquette and flaming and trolling and why we don’t do such things.
Ironically, AOL’s sin was being too easy to use, which gave a tidy push towards email becoming the norm for human communication.
It sounds like the same kind of complaint here. That the GNU club is full of losers isn’t a criticism of the GNU technology rather of the limited number of people who still use it. That’s solved by the AOL solution: make it too easy to use, so that you have to educate the inept late-adopters.
beats me, but...
Would be nice to see this stuff worked into the leading email and webmail providers so it was relatively easy to set up.
At the very least, you could could get your regular personal communications encrypted as a standard thing. If everyone started doing it — THAT would probably get the various intelligence services doing actual targeting far more than any legislative, judicial, or silly constitutional/justice based reasons will.
Make it easy enough so it is just another couple clicks in setup for *whatever*, and the only people who need help are special circumstances (hi Mom & Dad!).
GPG as a back-end system, with user friendly graphical front-ends written to interact with the GPG bank-end. Enigmail would be an example of a GUI front-end for GPG.
Enigmail requires Thunderbird, which isn’t very user friendly compared to web based Gmail.
I simply think Moxie Marlinspike is trying to express how un-user friendly all the graphical front-ends for GPG email have historically been.
That’s not GPG’s fault through. If Gmail incorporated the GPG back-end into it’s web mail software. Then Moxie’s point about GPG email being an exclusive club would become moot.
Moxie's textsecure seems to be just as bad as gpg
I installed redphone and textsecure today and I have to say, it’s a huge fucking mess. I’m not able to register my number, or unregister, it fucked up my ability to text regular users, and I’m already sick of it. GPG might not be very simple, but Moxie’s apps are absolutely crap.
Re: Moxie's textsecure seems to be just as bad as gpg
It’s a shame Google requires a google+ account to rate apps.
ohh do this
“People do leave their email unlocked, with the windows down and the engine running. For all those who want a good search for good result http://www.ncrcities.com is great search engine!!!!!
Open source goes commercial
I think the mess of GPG might well be an object lesson in what happens when a commercial organisation takes over an open source project. A lot of the current mess of PGP/GPG can be laid at the door of the PGP Corporation that took over Zimmerman’s code.
If only dissidents use GPG
I can sort of see why the author of that piece is upset though. Isn’t the point of encryption to make sure that email originating from political dissidents and activists cannot be distinguished from email going between ordinary people? I don’t doubt that it has already proved its worth with people like Snowden, but I can’t help but feel it would be far more useful if everyone was using it (and not just Snowden and others like him); in that context, the criticism seems even more understandable.
A load of bull
I can’t understand people saying GPG is hard to use. I’ve been using it since the 90’s, I was in primary school then. I was no kid genius, I just knew how to read. All the docs are there, it only requires that one understands how asymmetric crypto works and the rest is very very easy.
So unless “IQ’s dropped suddenly while I was away” it’s no harder to use today than it was nearly 20 years ago. I’d say it’s a lot easier to use today, especially on GNU/Linux. On window$ maybe not, but nobody sane uses that platform anyway :-P.
Re: A load of bull
Many things in life are greatly simplified when you consult the manual.
But here’s the thing: substantially fewer than 1% of the general public will read a manual. If they can’t figure out proper usage from the user interface, they’ll either use the product incorrectly (and be dissatisfied), or they won’t use the product.
In a world of mobile apps, any software package designed for use by the general public that requires reading of anything to achieve basic functionality is pretty well doomed from the outset.
Re: Re: A load of bull
“substantially fewer than 1% of the general public will read a manual”
Sad, but true. My friends often tease me because I always read the manual. I recently bought a toaster and got grief because I even read the manual for that!
However, the fact that I read manuals is precisely why my friends often seem to think I have some kind of supernatural power to make things work correctly. I can’t count the number of times that reading the manual for something that everyone already knows how to use has revealed hidden “gotchas”.
So we are grading crypto based on gratefulness now?
In that case you should switch your WiFi encryption back to RC4 and tell all critics of that algorithm to STFU.
For all its failings, it would be ungrateful to berate a developer who has done as much for cryptography as Ron Rivest. To say that it could have been better misses the point, which is that in its own idiosyncratic way, it was there when people needed it.
GnuPG
GnuPG is quite convenient if you use it via IceDove or Thunderbird. See emailselfdefense.fsf.org for a tutorial.
The other reasons Marlinspike cites are irrelevant — even if true, they shouldn’t enter into your decision about what software to use.
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)