Should we be pushing OpenPGP?

2016-12-15 One-minute read

Bjarni RĂșnar, the author of Mailpile released a blog about recent blogs disparaging OpenPGP. It’s a good read.

There’s one reason to support OpenPGP missing from the blog: OpenPGP protects you if your mail server is hacked. I’m sure that Debbie Wasserman Schultz wishes she had been using OpenPGP.

Having said all of this… OpenPGP didn’t make my recent list of security tips. That ommission is for two reasons:

  • I’ve never trusted my phone enough to store my OpenPGP keys on it. However, now that I am encrypting my data partition on the phone, should I re-consider? I use the K-9 email client which has had OpenPGP support for years, should I recommend that other people use K-9 and upload their keys to their phones? Suggesting that people use OpenPGP without the ability to use it on your phone seems like an empty suggestion. What about OpenPGP on the iPhone?
  • I’m waiting for Mailiple 1.0 to be released so I have a viable suggestion for how people can start using encryption now on their desktops. The complexity of using Thunderbird with Enigmail (and the uncertain future of Thunderbird) make it a hard sell. Should I re-consider? What about Mailvelope? Should I be encouraging people to use Mailvelope with their Gmail, etc. accounts?