I receive a fair amount of email from strangers. My email address is public, which doesn’t seem to be a popular choice these days, but I’ve received enough inspiring correspondence over the years to leave it be.
When I receive a GPG encrypted email from a stranger, though, I immediately get the feeling that I don’t want to read it. Sometimes I actually contemplate creating a filter for them so that they bypass my inbox entirely, but for now I sigh, unlock my key, start reading, and – with a faint glimmer of hope – am typically disappointed.
I didn’t start out thinking this way. After all, my website even has my GPG key posted under my email address. It’s a feeling that has slowly crept up on me over the past decade, but I didn’t immediately understand where it came from. There’s no obvious unifying theme to the content of these emails, and they’re always written in earnest – not spam, or some form of harassment.
Eventually I realized that when I receive a GPG encrypted email, it simply means that the email was written by someone who would voluntarily use GPG. I don’t mean someone who cares about privacy, because I think we all care about privacy. There just seems to be something particular about people who try GPG and conclude that it’s a realistic path to introducing private communication in their lives for casual correspondence with strangers.
Increasingly, it’s a club that I don’t want to belong to anymore.
A philosophical dead end
In 1997, at the dawn of the internet’s potential, the working hypothesis for privacy enhancing technology was simple: we’d develop really flexible power tools for ourselves, and then teach everyone to be like us. Everyone sending messages to each other would just need to understand the basic principles of cryptography.
GPG is the result of that origin story. Instead of developing opinionated software with a simple interface, GPG was written to be as powerful and flexible as possible. It’s up to the user whether the underlying cipher is SERPENT or IDEA or TwoFish. The GnuPG man page is over sixteen thousand words long; for comparison, the novel Fahrenheit 451 is only 40k words.
Worse, it turns out that nobody else found all this stuff to be fascinating. Even though GPG has been around for almost 20 years, there are only ~50,000 keys in the “strong set,” and less than 4 million keys have ever been published to the SKS keyserver pool ever. By today’s standards, that’s a shockingly small user base for a month of activity, much less 20 years.
A technology dead end
... continue reading