For several years, there has been an uprasing agains GPG. Every now and then someone writes up a blog post and condemn OpenPG and it's implementations for being too hard to use or too easy to mess up. The GPG side is mostly silent... So, this article is in defence of GPG.
For several years, there has been an uprasing against GPG. Every now and then someone writes up a blog post and condemn OpenPG and it's implementations for being too hard to use or too easy to mess up. The GPG side is mostly silent... So, this article is in defence of GPG.
Main points made against GPG can be listed like this:
@ -50,15 +50,15 @@ PGP, the preceder of GPG, was conceived in 1991 and this era was shaped by hacke
That brings us to the point: GPG is hard for people, but so was the general purpose computers around 20 years ago. Everything requires individual dedication and determination to learn and maintain. What happened with computers is that some people capitalised on the opportunity, poured money into devices and after hundred hours of R&D those computers became "easy". The outcome of that process was a loss of the right to fix, more enclosed and restricted user environments and computers that works against us! So those who invested in computers can profit for their investment.
The same problem exists for encryption. There was no real incentive for capitalists to invest in publicly accessible encryption. Solid encryption would make data impossible for only the user own and this would be counter intuitive to the interest of capitalism. But today there is an incentive: people are afraid of what our digital world has become. They are afraid of their [government's abuse of power](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)), they are afraid of [companies taking advantage of their lives](https://www.theguardian.com/technology/2017/sep/26/tinder-personal-data-dating-app-messages-hacked-sold), they are afraid that their [involment in democracy will be lost](https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal). People are afraid and there is no better time to sell something. That's why Apple is now selling [privacy as a product](https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute) and that is why every communication service regardless their privacy invasive tendencies are [promoting encryption](https://faq.whatsapp.com/en/android/28030015/). What is missing is that people are still an object in this case. Whoever holds the key holds the future and there is no alternative to GPG that gives the user the best self determination!
The same problem exists for encryption. There was no real incentive for capitalists to invest in publicly accessible encryption. Solid encryption would make reaching data possible for only the user who owns it and this would be counter intuitive to the interest of capitalism. But today there is an incentive: people are afraid of what our digital world has become. They are afraid of their [government's abuse of power](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)), they are afraid of [companies taking advantage of their lives](https://www.theguardian.com/technology/2017/sep/26/tinder-personal-data-dating-app-messages-hacked-sold), they are afraid that their [involment in democracy will be lost](https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal). People are afraid and there is no better time to sell something. That's why Apple is now selling [privacy as a product](https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute) and that is why every communication service regardless their privacy invasive tendencies are [promoting encryption](https://faq.whatsapp.com/en/android/28030015/). What is missing is that people are still an object in this case. Whoever holds the key holds the future and there is no alternative to GPG that gives the user the best self determination!
So, how is GPG doing while the craze to own the next killer encryption app continiue? [**Werner Koch**](https://en.wikipedia.org/wiki/Werner_Koch), is the single person maintaining GPG. He was almost about to give up on GPG for [economic reasons](https://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke) when the [Snowden incident](https://en.wikipedia.org/wiki/Edward_Snowden) has chanced his decision. The world's whole server infrastructure and personal freedom rests on his shoulder and he had to ask for help. It is a huge difference in investment/impact ratio when compared to every other encryption tool. GPG exist by determination and not throguh capital pressurae.
So, how is GPG doing while the craze to own the next killer encryption app continiue? [**Werner Koch**](https://en.wikipedia.org/wiki/Werner_Koch), is the single person maintaining GPG. He was almost about to give up on GPG for [economic reasons](https://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke) when the [Snowden incident](https://en.wikipedia.org/wiki/Edward_Snowden) has chanced his decision. The world's whole server infrastructure and personal freedom rests on his shoulder and he had to ask for help. It is a huge difference in investment/impact ratio when compared to every other encryption tool. GPG exist by determination and not through capital pressure.
In every "GPG is dead" cry almost always includes some **killer** new technology that makes more **sense** than GPG. Let's talk about them for a while.
## Signal
A big hit in secure instant messaging. Signal is build upon proprietary software Textsecure and RedPhone that had been once developed by Merlinspike and his co-founder Stuart Anderson. Signal Protocol utilizing [double ratchet](https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm) encryption is a game changer for modern connectivity and implemented in several applications. Signal applications and server code is free software but [their developers and business model is not](oyd signal yazısı bağlantısı). It is [yet another walled garden with no federation](#https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom/) and [claiming GPG is dead](https://moxie.org/blog/gpg-and-me/).
A big hit in secure instant messaging. Signal is build upon proprietary software Textsecure and RedPhone that had been once developed by Merlinspike and his co-founder Stuart Anderson. Signal Protocol utilizing [double ratchet](https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm) encryption is a game changer for modern connectivity and implemented in several applications. Signal applications and server code is free software but [their developers and business model is not](https://oyd.org.tr/en/articles/stop-saying-freedom-is-a-private-matter/). It is [yet another walled garden with no federation](#https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom/) and [claiming GPG is dead](https://moxie.org/blog/gpg-and-me/).
## Matrix Protocol
@ -96,7 +96,7 @@ All these functions have been added in recent years and more are probablys on th
## GPG is single source of concern
Being in control of your key also enables you to use and tie wide array of possible uses to your key. You can use it for SSH, sign your code, use it as a trust source for your actions, use it to encrypt anything and store them anywhere without the fear of loosing your access to the data. While utilising this wide range of options you don't have to deal with multiple softwares and keys. One key backed up safely will handle **EVERYTHİNG!** The size of that key or what other marginally safer algorithm does not matter much.
Being in control of your key also enables you to use and tie wide array of possible uses to your key. You can use it for SSH, sign your code, use it as a trust source for your actions, use it to encrypt anything and store them anywhere without the fear of loosing your access to the data. While utilising this wide range of options you don't have to deal with multiple softwares and keys. One key backed up safely will handle **EVERYTHING!** The size of that key or what other marginally safer algorithm does not matter much.
You only have to keep one key file that is basically your identity and need only worry about that. Every dedicated app will generate a purpose built key for their functions and if you are not willing to take care of it either your key will be uploaded to a server or you will loose your data if you ever loose your devices. A GPG key on a [Yubikey](https://www.yubico.com/) or a smartcard will manage all your identity and encryption needs. It is convenient.
