> Suppose you want to use gpg to encrypt Gmail conversations. Your workflow is basically copy-pasting text into and out of a text editor and then attaching the ciphertext to the email and sending it.
If you're using the web browser. Gmail can use IMAP and so plenty of clients can encrypt the messages natively. There are Android apps (and probably IOS) that do this as well automatically.
The important thing here is that Gmail isn't the standard for email, and the more that you rely on commercial email companies to streamline encryption the more you'll be let down.
> Using GPG (correctly) is a colossal pain in the ass. In a lot of ways it reminds me of git: inconsistent and confusing UI/UX, obtuse documentation, footguns around every corner.
GPG doesn't have a UI/UX. GPG by itself refers to GnuPG which is a library and command line tool for generating, importing/exporting keys, signing, etc. The documentation is available on their website and follows industry standards in documentation, and also including man pages as well.
There is always improvements that can be made in terms of automation for users, but that is what Keybase does. There are also a plethora of third-party GPG tools that a large community of users are happy with and there is nothing stopping you from building your own.
> If you truly grok the internal mechanics, then {gpg,git} can be a good and productive tool. But that bar of grokking the internals is too high for casuals and so there's a plateau of adoption that's inevitable.
Can't you say the same about almost any piece of software. If you tried to understand the internals of almost any piece of software, it can be difficult to understand. Vim has its own scripting language. JavaScript has like 20 different implementations.
That is what the third-party tools are for, and many of them have made it very easy to use.
>The important thing here is that Gmail isn't the standard for email, and the more that you rely on commercial email companies to streamline encryption the more you'll be let down.
Sure, I know that. And you know that. How many muggles know that? The argument can't be "switch to mutt" or something along those lines. Even Thunderbird does not to the best of my knowledge run on mobile, today's premier platform. You can't win people over that way.
>GPG doesn't have a UI/UX. GPG by itself refers to GnuPG which is a library and command line tool for generating, importing/exporting keys, signing, etc.
I think it's pretty obvious I meant the command line tools. They most certainly have a UX and a UI. Painful ones.
>Can't you say the same about almost any piece of software.
Absolutely not. Unlike gpg, successful software doesn't require you to understand its internals to operate successfully. How many people use Windows? Android? iOS? What percentage of those users really understand the internals?
> Sure, I know that. And you know that. How many muggles know that? The argument can't be "switch to mutt" or something along those lines. Even Thunderbird does not to the best of my knowledge run on mobile, today's premier platform. You can't win people over that way.
No one said switch to Mutt. There are multitude of quality email software for both mobile and desktop, including webmail frontends to IMAP. In fact, you can even configure Dovecot with virtual folders to work like Gmail, and there are multiple frontends and even enterprise Helm charts for email servers that also include ActiveSync to work with calendar integration and contacts.
> I think it's pretty obvious I meant the command line tools. They most certainly have a UX and a UI. Painful ones.
How painful can a CLI be to you? If you want encryption for your grandma, then automate the deployment of the software and configuration for your grandma. There are multiple email apps on Android alone that make setting up encryption easy. If you thing GPG UI is painful, then you should look at the rest of the Linux and Go Lang CLI ecosystem. They are all the same, and for what it is GnuPG does a great job at it and for developers and CLI-inclined individuals it works well and is easy to understand.
> Absolutely not. Unlike gpg, successful software doesn't require you to understand its internals to operate successfully. How many people use Windows? Android? iOS? What percentage of those users really understand the internals?
Again, you'd probably be better off not trying to with GPG and just using Thunderbird or installing an Android app with encryption. It sounds like you have no interest in configuring anything more complex or working on solutions to these problems without trying to complain about GPG which isn't the problem at all:
Okay, one of us simply doesn't understand what the other is saying.
I'm telling you why normies don't adopt encrypted email (the tooling is fiddly, confusing and hard to use) and you're coming back at me with stuff like "configure dovecot to use virtual folders" which is not something most email users can do.
>Again, you'd probably be better off not trying to with GPG and just using Thunderbird or installing an Android app with encryption. It sounds like you have no interest in configuring anything more complex or working on solutions to these problems without trying to complain about GPG which isn't the problem at all:
A majority of people will not use Thunderbird because more and more people don't use computers any more. Their phones or tablets are their primary computing devices. Thunderbird is not a solution. And there really aren't many good free email apps out there (remember, you're competing with free because a lot of these people are on Gmail already). The biggest alternative mail client for Android in terms of recommendation tends to be K9 mail which on my OnePlus 3 and my Pixel 3 simply did not work at all.
If you're using the web browser. Gmail can use IMAP and so plenty of clients can encrypt the messages natively. There are Android apps (and probably IOS) that do this as well automatically.
The important thing here is that Gmail isn't the standard for email, and the more that you rely on commercial email companies to streamline encryption the more you'll be let down.
> Using GPG (correctly) is a colossal pain in the ass. In a lot of ways it reminds me of git: inconsistent and confusing UI/UX, obtuse documentation, footguns around every corner.
GPG doesn't have a UI/UX. GPG by itself refers to GnuPG which is a library and command line tool for generating, importing/exporting keys, signing, etc. The documentation is available on their website and follows industry standards in documentation, and also including man pages as well.
There is always improvements that can be made in terms of automation for users, but that is what Keybase does. There are also a plethora of third-party GPG tools that a large community of users are happy with and there is nothing stopping you from building your own.
> If you truly grok the internal mechanics, then {gpg,git} can be a good and productive tool. But that bar of grokking the internals is too high for casuals and so there's a plateau of adoption that's inevitable.
Can't you say the same about almost any piece of software. If you tried to understand the internals of almost any piece of software, it can be difficult to understand. Vim has its own scripting language. JavaScript has like 20 different implementations.
That is what the third-party tools are for, and many of them have made it very easy to use.