Why I still want to understand PGP
Disclaimer before I say anything: I’m not a privacy expert by any means! I’m sure there’ll be lots of misconceptions both technical and conceptual. It’s a record of what PGP means to me as someone outside the community and why I personally want to learn it. I’d love to hear your feedback.
This is a companion to an upcoming post on learning PGP to justify the effort. And to be honest it’s kind of tough. The more I research PGP the harder it becomes to justify it. In short, it is [pretty] [garbage] at what it aspires to be. Those two articles alone are enough to put me off using PGP for basically anything and running to a modern alternative like [age]. I’m not going to repeat their arguments here. This post is not an argument for using PGP, just understanding it.
So with all that said, why do I still want to know about PGP? I care for a few reasons.
Complex software is irreducibly insecure
This is a general argument for using simple and transparent encryption tools like Age, not just PGP.
As Nicole Perlroth describes in her book [This Is How They Tell me the World Ends], it is extremely difficult to secure code. You don’t need to be tin-hat paranoid about the trustworthiness of Signal to accept that the code might have vulnerabilities despite everyone’s best efforts. James R. Gosler got a vulnerability through the NSA in an application with fewer than 3,000 lines of code. Signal’s Android app has 260,588 lines of Java alone.
The simplicity and transparency of the PGP algorithm (the PGP ecosystem is a [different beast altogether]) provides the peace of mind that, to know that no one can understand your communication besides the person who holds the recipient’s private key, you only need to trust the math. And all evidence points to encryption being magnitudes harder to crack than software.
Which isn’t to say that I think we should eschew secure messenging apps, of course not. Privacy is not an all-or-nothing proposition. Signal democratized “pretty good privacy” in a way that PGP never will. The average person’s threat model does not include nation-state threat actors.
Factoring out the encryption from our communication software is a way of gaining control of this part of the communication. Again, it adds a nontrivial layer of operational complexity and is not necessary except with the most sensitive data. But I still think it’s worth knowing that there is a way out there of communicating with others that circumvents the irreducible risk of complex software, as a way of reclaiming some certainty and power.
Sometimes you can’t trust the infrastructure
Another general argument that applies to Age and for situations warranting the most extreme paranoia.
You need something like PGP when a [distrust of infrastructure] precludes a centralized trust model. Today’s communications pass through layers and layers of third-party infrastructure to which we grant varying levels of trust, from the firmware on our devices to the applications we use to the networks our packets swim through. The major leaks of the past decade have shown us that basically every joint connecting two device is a candidate for exploitation. No one can avoid trusting infrastructure entirely, and for most of us it’s not worth the paranoia and the inconvenience to try. But standalone encryption can help when you really need to.
Encryption can only do so much; PGP definitely does not have all of the answers. Snowden had to jump through [a lot of hoops] and by its very nature I doubt there’s a technical solution to this problem. Somewhere in the process we have to talk to people we trust or put away our phones and go outside.
People actually use it
For all of its signs of old age, maybe the biggest reason to know about PGP is that people use it. Off the top of my head, it’s used for [canaries], [identity verification], and [working with credit card data]. People incessantly point out the flaws in PGP and they’re right. It sucks. But after reading about PGP I feel the way about PGP how I’ve heard many people feel about email: it’s outdated in many aspects but it’s still worth understanding because it’s still one of the most common ways that people communicate with each other.
A flawed solution that people actually use is better than nothing at all, and we can extol the virtues of a better solution all we want but that can’t be the end of the discussion if, for a conflux of reasons, it sits on the metaphorical shelf.
That said, don’t PGP encrypt your emails!
It’s an important lesson on what not to do
Understanding the choices that PGP made and why they’re bad is a lesson in good cryptographic design through example. Sometimes it’s easier to understand why a choice was made when you understand the pitfalls of tried and tested alternatives. I think of implementation as the interface between the rock-solid mathematical foundations of cryptographic algorithms and the people who try to use it to do things. Building that bridge is fraught with dangerous decisions. Reading about PGP is a good way of understanding some of the ways it can go wrong, both in design and in cryptography.
Anyway, onto actually learning about this thing!
-Yukihide