Is there an ELI5, foolproof, step-by-step tutorial? I tried Kleopatra on my own and was so completely befuddled; why is that, like, literally the only app out there in the whole world for PGP or GPG or whatever? Shouldn’t there be dozens of such encoders?
It heavily depends in your usecase but if you want to use gpg to encrypt emails and dont want to do it all in the terminal i really recommend using Thunderbird it integrates gpg very well and makes it mostly seamless.
Other than that afaik Kleopatra is the only standalone GUI for gpg simply because most of the time gpg is integrated in workflows (simply using the cli interface vor gpg libraries) and plain gpg for simple tex/file encryption/signing is just not a usecase.many people have
even better - as far as I am aware the client isn’t open (and even if it were, is your installed build from the same source?).
so, even if the keys are local only, who says there isn’t a hidden API that simply sends locally decrypted content back to a remotely calling endpoint?
The most important question to ask when evaluating end-to-end encryption: who manages the keys?
If Facebook manages all of the keys and is responsible for telling which public key belongs to who, then of course Facebook can read every message.
oh lol. the trust chain is harder and harder to verify these days. i miss the good old days where I would write emails in vi and encrypt with gpg.
I still write emails with vi. but I lost touch with the one other friend I had who knew how to use gpg 😂😂😂
There are dozens of us! Dozens!
Is there an ELI5, foolproof, step-by-step tutorial? I tried Kleopatra on my own and was so completely befuddled; why is that, like, literally the only app out there in the whole world for PGP or GPG or whatever? Shouldn’t there be dozens of such encoders?
It heavily depends in your usecase but if you want to use gpg to encrypt emails and dont want to do it all in the terminal i really recommend using Thunderbird it integrates gpg very well and makes it mostly seamless.
Other than that afaik Kleopatra is the only standalone GUI for gpg simply because most of the time gpg is integrated in workflows (simply using the cli interface vor gpg libraries) and plain gpg for simple tex/file encryption/signing is just not a usecase.many people have
Cory Doctorow still uses pgp if you email him, I think his key is on his website, IIRC
even better - as far as I am aware the client isn’t open (and even if it were, is your installed build from the same source?).
so, even if the keys are local only, who says there isn’t a hidden API that simply sends locally decrypted content back to a remotely calling endpoint?
Or steganographically leaks back the keys …
thought it was proper e2e
https://signal.org/blog/whatsapp-complete/
but if whatsapp owns both ends, what is stopping them from just reading the decrypted text? i duno crypto good enough
That, and if WhatsApp has the keys, then no amount of encryption is going to help.
If I remember, the allegation was that they did keep all the keys and many employees could request them to decrypt specific sessions.