I suspect this was a state actor funded operation, for this has effectively, and significantly reduced the usefulness of PGP/GNUPG.
Many people I know were starting to use it, now they do not. It doesn't matter that security should overcome conveniences, conveniences often win.
And state actors hate encryption at rest.
If it was, they did us all a favour, because PGP as means of encrypting emails is a steaming pile of garbage, as it requires both, client support, and the counterparty to have the same OPSEC as you (e.g. not just forwarding the email unencrypted to someone else)
Email was never meant to be encrypted, and the existing implementations (including S/MIME) suck for this exact reason. And the worst thing is that it’s simply not possible to make it work.
Same for images inline, and the idea of attachments was an add-on. Other examples abound.
While I don't use html in my emails, it's effectively a standard now. So much so, that I have to prod some corporations to fix their stuff.
My point is, the "email was never meant" ship sailed decades ago. Change happens.
And there is no way to encrypt anything, ever, and send it to someone, who can't see it, and then copy it and send to others. A person can take a screen shot, or just take a phone and take a pic of the screen! So even if it's not simple, this problem is a non-solve, because if a human can read it, it can be copied to others.
Which means, I do not believe your criticism on this point is valid.
All encrypted communication protocols have this requirement. And all of them will in the future. By definition, you need the counterparty to be able to decrypt your message, which means you're always vulnerable to them forwarding the unencrypted message to anyone they want.
I must assume you are an opponent of privacy
And "state actor funded"? Come on, the spam attack was absolutely trivial. It required no state funding, just a single person with an axe to grind, a target, and a trivial shell script. Attaching spam signatures was a thing decades ago already and didn't require any real resources of technical knowledge.
There are plenty of keyservers that are usable. There is a visualization diagram of the forest of replication partners.
So feature was basically there only to shoot oneself in the foot.
If it was popular, they wouldn't axe it.
My comment was certainly about facebook dropping it, but also about how this is a larger picture issue. You don't need to weaken encryption standards(NSA, others), or have back doors(loads of states), if people just find it too annoying to use!
And if your email is compromised, well, it is game over already, for every single thing you have access to.
So it is just a poor excuse. I guess the main reason is that virtually nobody knew this feature existed and the intersection between the population privacy savy enough to use PGP and using Facebook is ridiculously small.
Hell, even amongst my peers, I'm continually shocked at how many people have never used gpg, ever. And, anecdotally, the number gets lower as age gets lower. Young people aren't using it. It's dying.
The original PGP manual talked about secretly communicating with your lover. That was the usage model, transmitting secret messages to people you could sometimes meet in person, and where the model was you talking to people you directly know.
Try to verify the GPG signature on say, the Tor Browser. It's signed by "Tor Browser Developers (signing key)". Have you ever met this "Tor Browser Developers" person?
Okay, what about the web of trust? Well, GPG offers no help whatsoever in finding a way of making a connection.
And that's why it's dying, because the model it targets ceased to be relevant, and we developed plenty new needs like verifying software signed by random people on the other side of the globe, while GPG did nothing to accommodate that use.
That's actually a really common use-case for GPG. I've seen it used for this more than for email...
Mailvelope makes it sort-of easier, but it also fails at UX because it doesn't support clear signatures. Gmail and such should address this. Proton is an improvement but it doesn't allow using an external GPG key. keybase sort-of solved the scalability of effort problem / barrier that is web of trust, countersigning keys, and the bad UX of keyservers.
There is no readily suitable admixture of keybase, Mailvelope, and Proton that doesn't suck while supporting maximum flexibility.
They HATE encryption, it's why control of the Bitcoin GitHub repo is so critical, an encrypted peer to peer payment option is even more dangerous than encrypted peer to peer communication.
People just have too much trust, are too lazy, or were just giving a job for whatever reason.
[1]: https://datatracker.ietf.org/doc/html/draft-koch-openpgp-web...
[2]: https://wiki.gnupg.org/WKD#Mail_Service_Providers_offering_W...
I’ve received a PGP encrypted email by a non-proton user. It worked fine. But I was unable to encrypt my reply to him.
Proton support told me that he needs to attach his public key to his message so I can use it.
It seems that the Proton interface doesn’t offer any way to automatically try to find the public key of an user (from which you have an email address and probably a signature).
We have plans to also look up keys on keys.openpgp.org as well, to offer an automatic solution in case the provider doesn't support WKD.
Can you give a quick explanation for someone too dumb to understand your first citation?
I use pgp for years but struggle to understand how proton can say email is encrypted when I never have to decrypt it myself.
If proton has the key how is that different from Google just encrypting everything until right before it displays?
I used proton for a couple years but moved back to Gmail cause I figured all the encryption talk was just promotional and using pgp your self is the only way.
Then, when you log in, the client fetches the encrypted private key, decrypts it with your password, and decrypts your emails with the private key. All of this is done automatically but it's still end-to-end encrypted.
The first citation (WKD draft specification) simply describes how to publish (and look up) public keys for a given email address on its domain. So for twiss@proton.me (hypothetical example), the key is published at https://openpgpkey.proton.me/.well-known/openpgpkey/proton.m....
> This renders recovery emails sent to the user’s email address unreadable, as only the hacker has the encryption keys.
So: PGP encrypted emails were rarely used, except to lock out the legit user after account was compromised.
They're just looking for excuses
Comically I forgot all about it until I had to reset my password and got an encrypted email. Was a pain to dig out my keys and decrypt it, but it worked.
Shamefully I also turned on the pgp messages from Facebook. I never found value with it, but to this day it’s still enabled and I don’t care to log in to Facebook to disable it.
1. Attacker somehow gets control of email
2. Attacker uses email to "recover" facebook.
3. Attacker uses email to add pgp.
(time passes)
4. User realizes facebook and email are taken over
5. User somehow recovers email
6. User tries to recover facebook using email but is unable to
It's quite disingenuous to make it sound like PGP was the problem here.
Read that sentence again: "Once a hacker gains access to a Facebook account" regardless of PGP or not... then, of course, they own the account and can do what they want!! But that's the problem, not that they can enable PGP encryption. If you had PGP encryption to start with, ironically you wouldn't be "susceptible" at all as it's the hacker who wouldn't be able to read your emails even after compromising your account (though they may do worse thing at that point).
Of course they could've just fixed that instead of sunsetting encryption entirely, but note that Facebook didn't say this was the reason why they're killing the feature, that's just speculation from the news article. Facebook didn't give an official reason, so maybe it's really just because of low adoption.
You could make the same case against 2FA. Most sites don't require email verification when you enable it. Someone with your password could lock you out by adding a TOTP app. But I wouldn't consider that a vulnerability. It is, if anything, a consequence of not locking down the account in the first place.
I left after tagging people in photos became a thing but before "privacy" controls existed.
