Bjarni Rúnar, the author of Mailpile released a blog about recent blogs disparaging OpenPGP. It's a good read.

There's one reason to support OpenPGP missing from the blog: OpenPGP protects you if your mail server is hacked. I'm sure that Debbie Wasserman Schultz wishes she had been using OpenPGP.

Having said all of this... OpenPGP didn't make my recent list of security tips. That ommission is for two reasons:

  • I've never trusted my phone enough to store my OpenPGP keys on it. However, now that I am encrypting my data partition on the phone, should I re-consider? I use the K-9 email client which has had OpenPGP support for years, should I recommend that other people use K-9 and upload their keys to their phones? Suggesting that people use OpenPGP without the ability to use it on your phone seems like an empty suggestion. What about OpenPGP on the iPhone?
  • I'm waiting for Mailiple 1.0 to be released so I have a viable suggestion for how people can start using encryption now on their desktops. The complexity of using Thunderbird with Enigmail (and the uncertain future of Thunderbird) make it a hard sell. Should I re-consider? What about Mailvelope? Should I be encouraging people to use Mailvelope with their Gmail, etc. accounts?

You might be interested in PEP at https://pep.foundation/ and https://prettyeasyprivacy.com/. They do PGP “under the hood”, and is loads better than doing nothing at all, which is what people will do if we don’t push anything.

Comment by Anonymous Fri 16 Dec 2016 02:42:39 AM EST
If your phone does not run Debian or something similar, but Android/iOS/whatever, I would not trust it. I already got rid of my Android/CM phone and will buy a miniature PC (e.g. a Pyra) running Debian. Phone calls can be made using SIP, XMPP, etc.
Comment by Anonymous Fri 16 Dec 2016 07:57:23 AM EST