What do you think that looks like, though? Is it TextSecure on the desktop, with file attachments? Is it Pond? Is it just email, but with a different crypto layer?
I feel like a lot of the things GPG aims to do are fundamentally hard. It's not the technology that sucks, it's the problem. I completely agree that the answer will come from thinking about user interactions first, but I'm not sure that the solution will look much different than a better GPG client.
I don't have a definite answer. There's the path we're executing on at Open Whisper Systems, but there are a bunch of other projects working in this area as well (Mailpile, LEAP, etc).
I think the problems are solvable, but only if we have a different design approach. So when I see projects trying not-PGP, I'm interested. When I see projects building on PGP, I'm less interested.
I'll take the opportunity to say that it saddens me that I still can not communicate using TextSecure with iOS users. It's been almost two years[1] since iOS support was "promised". TS is great, but we need to be able to communicate with iOS users.
Also, any vague timeline available for arrival of the desktop Signal version? What about video-chat support? Would that be possible with WebRTC? (although you should probably wait until ORTC is supported within WebRTC - v1.1 I think?) and then add ZRTP on top of it. Or is a desktop, Javascript version, just not secure enough for that to happen? What if you do it like Whatsapp's "web app", that basically only connects locally to the phone?
> It's not the technology that sucks, it's the problem.
This is my feeling as well. To optimize for security and privacy, it seems like it needs to be difficult by design. If it's too easy, it's probably less secure.
I'm not sure if anyone has given it seriuos attempts to make it more user friendly, though? Would be surprised if no one has, there should be a great opportunity here. Escpecially now that it has so much focus.
Literally the second tweet on their twitter account is 'Damn, it works. Got a lawyer who resisted all other methods to encrypt our comms with @Peerio. Big score for usability. Bravo @kaepora & co.' which kind of bugs me, too.
I also believe that some complexity is inherent to secure communication, so people are required to learn a little to properly use this. Hopefully, this will be taught in high school or earlier at some point.
However, I also (like Moxie) believe PGP is not at the sweet spot. It has too much complexity for the most popular use cases. Thank you Moxie and others who are searching for the sweet spots.
I feel like a lot of the things GPG aims to do are fundamentally hard. It's not the technology that sucks, it's the problem. I completely agree that the answer will come from thinking about user interactions first, but I'm not sure that the solution will look much different than a better GPG client.