GPG And Me

Feb 24, 2015

I receive a fair amount of email from strangers. My email address is public, which doesn’t seem to be a popular choice these days, but I’ve received enough inspiring correspondence over the years to leave it be.

When I receive a GPG encrypted email from a stranger, though, I immediately get the feeling that I don’t want to read it. Sometimes I actually contemplate creating a filter for them so that they bypass my inbox entirely, but for now I sigh, unlock my key, start reading, and – with a faint glimmer of hope – am typically disappointed.

I didn’t start out thinking this way. After all, my website even has my GPG key posted under my email address. It’s a feeling that has slowly crept up on me over the past decade, but I didn’t immediately understand where it came from. There’s no obvious unifying theme to the content of these emails, and they’re always written in earnest – not spam, or some form of harassment.

Eventually I realized that when I receive a GPG encrypted email, it simply means that the email was written by someone who would voluntarily use GPG. I don’t mean someone who cares about privacy, because I think we all care about privacy. There just seems to be something particular about people who try GPG and conclude that it’s a realistic path to introducing private communication in their lives for casual correspondence with strangers.

Increasingly, it’s a club that I don’t want to belong to anymore.

A philosophical dead end

In 1997, at the dawn of the internet’s potential, the working hypothesis for privacy enhancing technology was simple: we’d develop really flexible power tools for ourselves, and then teach everyone to be like us. Everyone sending messages to each other would just need to understand the basic principles of cryptography.

GPG is the result of that origin story. Instead of developing opinionated software with a simple interface, GPG was written to be as powerful and flexible as possible. It’s up to the user whether the underlying cipher is SERPENT or IDEA or TwoFish. The GnuPG man page is over sixteen thousand words long; for comparison, the novel Fahrenheit 451 is only 40k words.

Worse, it turns out that nobody else found all this stuff to be fascinating. Even though GPG has been around for almost 20 years, there are only ~50,000 keys in the “strong set,” and less than 4 million keys have ever been published to the SKS keyserver pool ever. By today’s standards, that’s a shockingly small user base for a month of activity, much less 20 years.

A technology dead end

In addition to the design philosophy, the technology itself is also a product of that era. As Matthew Green has noted, “poking through an OpenPGP implementation is like visiting a museum of 1990s crypto.” The protocol reflects layers of cruft built up over the 20 years that it took for cryptography (and software engineering) to really come of age, and the fundamental architecture of PGP also leaves no room for now critical concepts like forward secrecy.

All of this baggage has been distilled into a ballooning penumbra of OpenPGP specifications and notes so prolific that the entire picture is almost impossible to grasp. Even projects that are engaged in the process of writing a simplified experience on top of GPG suffer from this legacy: Mailpile had to write 1400 lines of python code just to interface with a native GnuPG installation for basic operations, and it still isn’t rock solid.

What we have

Today, journalists use GPG to communicate with sources securely, activists use it to coordinate world wide, and software companies use it to help secure their infrastructure. Some really heroic people have put in an enormous amount of effort to get us here, at substantial personal cost, and with little support.

Looking forward, however, I think of GPG as a glorious experiment that has run its course. The journalists who depend on it struggle with it and often mess up (“I send you the private key to communicate privately, right?”), the activists who use it do so relatively sparingly (“wait, this thing wants my finger print?”), and no other sane person is willing to use it by default. Even the projects that attempt to use it as a dependency struggle.

These are deep structural problems. GPG isn’t the thing that’s going to take us to ubiquitous end to end encryption, and if it were, it’d be kind of a shame to finally get there with 1990’s cryptography. If there’s any good news, it’s that GPG’s minimal install base means we aren’t locked in to this madness, and can start fresh with a different design philosophy. When we do, let’s use GPG as a warning for our new experiments, and remember that “innovation is saying ‘no’ to 1000 things.”

In the 1990s, I was excited about the future, and I dreamed of a world where everyone would install GPG. Now I’m still excited about the future, but I dream of a world where I can uninstall it.

© 2012 Moxie Marlinspike