Why Even Justified Criticisms Of GNU Privacy Guard Miss The Point
from the friend-in-need dept
Recently, there was something of a scare around GNU Privacy Guard (GPG), a "free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP)." An article on Propublica revealed that GPG was essentially the work of one person, who was running out of money. Just at the moment when we needed properly-implemented strong crypto most, it looked like the project was on the verge of collapse. Fortunately, that same article also succeeded in raising people's awareness of the situation, and enough money was pledged as a result to secure the future of GNU Privacy Guard, at least for the immediate future.
Now GPG is under attack again, and from a surprising quarter. Moxie Marlinspike is the pseudonym of a well-known computer security researcher. You might expect him to be pretty supportive of what GPG is doing, and yet in a recent blog post he is anything but uplifted when he receives encrypted email using it:
When I receive a GPG encrypted email from a stranger, though, I immediately get the feeling that I don't want to read it. Sometimes I actually contemplate creating a filter for them so that they bypass my inbox entirely, but for now I sigh, unlock my key, start reading, and -- with a faint glimmer of hope – am typically disappointed.
Here's why:
Eventually I realized that when I receive a GPG encrypted email, it simply means that the email was written by someone who would voluntarily use GPG. I don't mean someone who cares about privacy, because I think we all care about privacy. There just seems to be something particular about people who try GPG and conclude that it's a realistic path to introducing private communication in their lives for casual correspondence with strangers.
The rest of his interesting post goes on to describe the flaws of GPG. Basically, it is extremely hard to use, not widely deployed, and has turned into impenetrable, backward-looking code -- all of which are entirely reasonable criticisms. Marlinspike concludes:
Increasingly, it’s a club that I don’t want to belong to anymore.GPG isn't the thing that's going to take us to ubiquitous end to end encryption, and if it were, it'd be kind of a shame to finally get there with 1990's cryptography. If there’s any good news, it's that GPG’s minimal install base means we aren't locked in to this madness, and can start fresh with a different design philosophy. When we do, let's use GPG as a warning for our new experiments, and remember that "innovation is saying 'no' to 1000 things."
Again, those are all good points. And yet for all GPG's faults, and for all its failings, it seems somewhat ungrateful to berate it in these terms. I suspect that it has saved a good many people living in countries with oppressive and brutal regimes from arrest or worse; it has doubtless helped journalists to receive crucial information they might not otherwise have been sent, and to keep their sources safe; and it certainly made Snowden's revelations possible -- at least once Glenn Greenwald finally worked out how to install it. To say that it could have been better, or that its unintuitive approach may have prevented more people from using it misses the point, which is that in its own idiosyncratic way it was there when people really needed it, and that it did the job asked of it -- and for that, we should be hugely grateful, even while hoping that something better will come along soon.
In the 1990s, I was excited about the future, and I dreamed of a world where everyone would install GPG. Now I'm still excited about the future, but I dream of a world where I can uninstall it.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: email, gnu privacy guard, gpg, moxie marlinspike, privacy, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Misplaced criticism
GPG is not an end-user application. It's the job of a mail client to make use of the provided capabilities. I am using one that does this rather well and seamlessly, but then the mail client itself has a geekish flavor.
So it all boils down to what the mail client writers consider important for their users. You can use GPG even when they don't consider encryption a priority, just like you can use file attachments even when not supported by your mail client.
But it is not all that much surprising that in this case comfort is not factoring in the equation, just like when figuring out how to make a road trip when all you have is an engine.
[ link to this | view in chronology ]
Re: Misplaced criticism
For example, pretty much every Debian-style repository uses GPG to sign the dpkg archives. This includes Ubuntu, Cydia for iPhone, and countless others. No GPG = no way to verify the validity of these packages (until some other technology just as cryptic is used to replace it).
But in this case, GPG works SO well that for the most part, people are completely unaware that they're using it. Once email use of GPG reaches this level, there will also be nothing to complain about on that front.
[ link to this | view in chronology ]
That's not what's happened at all. Instead, OpenPGP usage is no more common -- I'd guess it's a much smaller proportion of overall email users that use OpenPGP to encrypt their mail now.
Furthermore, we know that using OpenPGP increases your exposure. The NSA, for instance, in infiltrating SIM card manufacturers in order to steal certs, concentrated its efforts on the small numbers of users using OpenPGP encryption in emails, because those were obviously the ones who handled the certificates.
As it stands now, using OpenPGP for email is actually worse than useless.
[ link to this | view in chronology ]
Re:
That's why I park my car with the windows down and the keys in the ignition. A thief looking at it will think "there can't be anything of value there, or it wouldn't be open with the keys just hanging there." But a car all locked up just screams that it must be valuable. Securing your car is actually worse than useless.
[ link to this | view in chronology ]
Re: Re:
Because otherwise a window will be smashed when you return.
You don't go climbing in those regions unless you have an old car. Or you don't have a clue.
[ link to this | view in chronology ]
Re: Re: Re:
Because otherwise a window will be smashed when you return.
Exactly.
[ link to this | view in chronology ]
Re: Re:
If everybody else left their cas parked with the windows down and the keys in the ignition a locked car would call itself into suspition. It would scream "Something valuable in here!".
People do leave their email unlocked, with the windows down and the engine running. Those that lock up their email are screaming "Look at me, go on I dare ya!"
That's the parent post's point.
[ link to this | view in chronology ]
Re: Re: Re:
Just as some people do leave their cars unlocked. Locked cars scream "Open me, go on I dare ya!"
[ link to this | view in chronology ]
French thieves will only rob your car.
Competing companies will look through your emails for ways to tie you up in litigation, or for loose words hinting at trade secrets.
There are many, many reasons to want to keep private communications secure, even if you haven't done anything wrong. Ambitious prosecutors make careers from discrediting people due to inconsistencies in their lives.
Not all emailers are climbers on vacation in France.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Criticism is absolutely in place
>> I suspect that it has saved a good many people living in countries with oppressive and brutal regimes from arrest or worse
False. Ironically, Mike often bring (valid) point that law enforcement need not to break encryption - tried and true methods are enough. Another side of the coin is that the same methods works for all sides: oppressive regimes including.
[ link to this | view in chronology ]
Re: Criticism is absolutely in place
[ link to this | view in chronology ]
1. Use of a common public key server among clients. IE. I use a SKS key server, and person X uses MIT's which is not apart of SKS and thus can't confirm or deny signatures.
2. Lack of revocation of bad keys. My system gets hacked or I simply lose my private key, so basically you are SOL.
These are two of the major flaws with PGP currently off the top of my head that I deal with regularly. Is this the end of the world? I wouldn't say so, but it's definitely a security flaw and we've seen some of the repercussions already with SSL certificates. Thankfully, there are valid attempts to come up with an alternatives, so I'm in agreement with Moxie, if something like DarkMail actually can solve the problem, I'm all for it. For now though, we are stuck with PGP, so I think he's actually a bit whiny unless he's actually got a solution worked out.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
https://www.gnupg.org/faq/gnupg-faq.html#generate_revocation_certificate
That doesn't prevent someone from decrypting your previously received data with your key but I'm not sure anything would be able to do that.
[ link to this | view in chronology ]
Re:
Key management in general is a problem. Where do you keep your public key? On your computer, which may not be so secure? On a smart card (Gemalto...) which is probably a black box? On your phone? (If not, how do you read email on your phone? Your public "key" should be able to say "encrypt to these 5 keys—desktop PC, phone, etc."—but I don't think it can. Same for signing.) The keyserver problem is more manageable: with DNSSEC people could grab your key from DNS somehow (there are 2 standards, of course—neither widely implemented).
Darkmail, at first glance, seems way too complicated. You can tell it's overdesigned given the existence of fields like "alma mater", "gender", "political party"—each with a specific integer identifier, because for some reason RFC822 or JSON or vCard data is no good. Some actual important areas are underdesigned, though: no attempt is made to hide which servers are communicating, so traffic analysis will still work quite well for entities that run their own mail servers. (Why not just have an MX-type record pointing to a .onion address? Even without message body encryption it would help.)
[ link to this | view in chronology ]
Re: Re:
The whole point of the public key is that it can be safely and widely distributed to the public. There is no need to keep the public key a secret (indeed, doing so eliminates the advantage of PKE! If you're doing that, you'd be better off using a stronger symmetrical key crypto).
You probably meant private key here. I keep my private keyring on a small USB memory device. It is never stored on a computer at all.
Your underlying point, that key management is the big problem with PKE, is perfectly on point. However, for all the key management problems of PKE, the key management situation for symmetrical key ciphers is much, much worse.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Privacy
I would have thought that by now it was obvious that there are a lot of people who don't care one bit about privacy, at least online.
If it were otherwise, we wouldn't have so many people who consistently fight against it.
[ link to this | view in chronology ]
Re: Privacy
[ link to this | view in chronology ]
Since you probably didn't contributed much to this open source development, most of the disappointment you have is brought about by you for not doing anything.
So we are just going to take good points in your criticism, and ignore your bi*ching.
thank you and come again!
[ link to this | view in chronology ]
Re:
It would behoove you to do a few seconds of searching before you make a monkey out of yourself.
http://www.thoughtcrime.org/software.html
[ link to this | view in chronology ]
Re: Re:
Hmm, I looked at that page and didn't really see much contribution to "this open source development" (i.e. PGP).
Perhaps actually reading that page before citing it might help you keep from looking like the south end of a north bound baboon.
[ link to this | view in chronology ]
Re: Re: Re:
You aren't really asserting that only people who contribute code to a project have the right to criticize the project, are you? I hope not. If that were the prevailing attitude, it would pretty much ensure that open source projects will be of low quality.
[ link to this | view in chronology ]
Re:
OpenWhispersystems also developed the axolotl ratchet which is as of now the best and most modern asymmetric cryptography scheme for an asynchronous world, building on OTR.
You're not doing him justice.
[ link to this | view in chronology ]
And he believes it's better to design something new from scratch, if they're going to do this effort anyway, and then push it to tens if not hundreds of millions of users.
[ link to this | view in chronology ]
Re:
https://twitter.com/nilssonanders/status/573598804496228352
[ link to this | view in chronology ]
But because it has always been there, nothing better was developed. The biggest enemy of progress is "good enough".
Enigmail for Thunderbird falls under the exact same category. Too hard to use, thereby sabotaging wider spread. Already sufficient in features, so Thunderbird devs never implemented PGP into TB directly.
"Don't reinvent the wheel" applied wrongly. Because this wheel is crooked and flat.
[ link to this | view in chronology ]
a signature which can be recognized, but not faked
to do business in a digital network world we need a means by which we can authenticate a document in public and at the same time retain personal control over the means of doing that
For example: the IRS should expect you so offer a digital signature on your 1040 -- and if you don't -- or if an invalid signature is offered -- the the form would be rejected as invalid . this programming could be included with tax software; all the user would need to do is enter his|her passphrase for the signature just before the submit is transmitted
the same thinking is applicable to transmittals of any importance,-- software, e/mail, online commerce,... the Thunderbird eMail client provides an excellent interface th GPG -- in the ENIGMAIL plug-in .
x.509 certificates would be a lot better -- if they were distributed with only marginal trust -- you would need to countersign just the ones you actually needed to use
local services such as credit unions should become involved in authenticating personal user keys and getting them uploaded to help with this
the thing that should be totally obvious is: if we continue business into the future on the same basis that we have used in the recent past -- hackers will make fools of us all.
[ link to this | view in chronology ]
This reminds me of when AOL was berated for the jerks who used AOL
Ironically, AOL's sin was being too easy to use, which gave a tidy push towards email becoming the norm for human communication.
It sounds like the same kind of complaint here. That the GNU club is full of losers isn't a criticism of the GNU technology rather of the limited number of people who still use it. That's solved by the AOL solution: make it too easy to use, so that you have to educate the inept late-adopters.
[ link to this | view in chronology ]
beats me, but...
At the very least, you could could get your regular personal communications encrypted as a standard thing. If everyone started doing it -- THAT would probably get the various intelligence services doing actual targeting far more than any legislative, judicial, or silly constitutional/justice based reasons will.
Make it easy enough so it is just another couple clicks in setup for *whatever*, and the only people who need help are special circumstances (hi Mom & Dad!).
[ link to this | view in chronology ]
Enigmail requires Thunderbird, which isn't very user friendly compared to web based Gmail.
I simply think Moxie Marlinspike is trying to express how un-user friendly all the graphical front-ends for GPG email have historically been.
That's not GPG's fault through. If Gmail incorporated the GPG back-end into it's web mail software. Then Moxie's point about GPG email being an exclusive club would become moot.
[ link to this | view in chronology ]
Moxie's textsecure seems to be just as bad as gpg
[ link to this | view in chronology ]
Re: Moxie's textsecure seems to be just as bad as gpg
[ link to this | view in chronology ]
ohh do this
[ link to this | view in chronology ]
Open source goes commercial
[ link to this | view in chronology ]
If only dissidents use GPG
[ link to this | view in chronology ]
A load of bull
So unless "IQ's dropped suddenly while I was away" it's no harder to use today than it was nearly 20 years ago. I'd say it's a lot easier to use today, especially on GNU/Linux. On window$ maybe not, but nobody sane uses that platform anyway :-P.
[ link to this | view in chronology ]
Re: A load of bull
But here's the thing: substantially fewer than 1% of the general public will read a manual. If they can't figure out proper usage from the user interface, they'll either use the product incorrectly (and be dissatisfied), or they won't use the product.
In a world of mobile apps, any software package designed for use by the general public that requires reading of anything to achieve basic functionality is pretty well doomed from the outset.
[ link to this | view in chronology ]
Re: Re: A load of bull
Sad, but true. My friends often tease me because I always read the manual. I recently bought a toaster and got grief because I even read the manual for that!
However, the fact that I read manuals is precisely why my friends often seem to think I have some kind of supernatural power to make things work correctly. I can't count the number of times that reading the manual for something that everyone already knows how to use has revealed hidden "gotchas".
[ link to this | view in chronology ]
So we are grading crypto based on gratefulness now?
For all its failings, it would be ungrateful to berate a developer who has done as much for cryptography as Ron Rivest. To say that it could have been better misses the point, which is that in its own idiosyncratic way, it was there when people needed it.
[ link to this | view in chronology ]
GnuPG
The other reasons Marlinspike cites are irrelevant -- even if true, they shouldn't enter into your decision about what software to use.
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
[ link to this | view in chronology ]