Two dumb ideas: abandoning encrypted email and using phone numbers as account names
The text below is NOT mine. But I agree with pretty much everything it says, and it says things about email, instant messaging and online identity that everybody should know, here it goes.
Background: PGP (Pretty Good Privacy) is a decades-old software standard and program that is still used to encrypt email. In mid-May 2018 a critical bug was discovered in PGP. The text below is a comment of the critiques to PGP, and suggestions for its replacement, made in those days. I probably copied it from some email, or Facebook discussion, but I stupidly forgot to write down also who the author was. So if you are the author, please email me because I want to credit you.
“Cryptography experts are right. But I still think they’re mostly wrong”
(Emphasis is mine)
The experts are right about many things. OpenPGP is old and more recent tools with more modern designs have a lot going for them. But I still think they’re mostly wrong.
The experts, by and large, have yet to offer any credible replacements for PGP. And when they suggest abandoning PGP, what they’re really saying is we should give up on secure e-mail and just use something else. That doesn’t fly. Many people have to use e-mail. E-mail is everywhere. Not improving the security of e-mail and instead expecting people to just use other tools (or go without), is the security elite proclaiming from their ivory tower: “Let them eat cake!”
Furthermore, if that “something else” also requires people use their phone number for everything… well, that’s the messaging world’s equivalent of the widely despised Facebook Real Name Policy. If you ever needed a clear example of why the lack of diversity (and empathy) in tech is a problem, there it is!
Compartmentalization, presenting different identities in different contexts, is a fundamental, necessary part of human behaviour. It’s one of the basics. If you think taking that away and offering fancy crypto, forward secrecy, deniability instead is a win… well, I think your threat models need some work! You have failed and people will just keep on using insecure e-mail for their accounting, their work, their hobbies, their doctor visits and their interaction with local government. Because people know their needs better than you do.
But I digress.
The ridiculous phone number thing aside, I also take issue with the fact that when our opinionated experts do suggest replacements, the things they recommend are proprietary, centralized and controlled by for-profit companies. Some of them (mostly the underdogs) may be open source, but even the best of those use a centralized design and are hostile to federation. In pursuit of security and convenience (and, let’s be honest, control, power and money), openness has been hung out to dry.
This is short-sighted at best.
These cool new apps may be secure today. But what about tomorrow? Odds are, they will be compromised by government mandate, blocked or shut down.
What else could I (Marco) add? Only the confirmation of one thing: the context collapse brought by Facebook, WhatsApp and yes, even Telegram, with their “ridiculous phone number thing” is indeed ridiculous. Really ridiculous. If the unknown author above hasn’t convinced you yet, please read my own version of the same thesis.
Who writes this, why, and how to help
I am Marco Fioretti, tech writer and aspiring polymath doing human-digital research and popularization.
I do it because YOUR civil rights and the quality of YOUR life depend every year more on how software is used AROUND you.
To this end, I have already shared more than a million words on this blog, without any paywall or user tracking, and am sharing the next million through a newsletter, also without any paywall.
The more direct support I get, the more I can continue to inform for free parents, teachers, decision makers, and everybody else who should know more stuff like this. You can support me with paid subscriptions to my newsletter, donations via PayPal (mfioretti@nexaima.net) or LiberaPay, or in any of the other ways listed here.THANKS for your support!