Furthermore, if you're using PGP to evade a state-level adversary, the odds are overwhelming that you've own-goaled yourself many times over:
* You keep plaintext archives and drafts of your messages, because that's a fundamental feature of email clients going back 3 decades.
* You use a server-mediated PGP provider like Protonmail that has your security one surreptitious Javascript injection on an XHR call away from complete collapse.
* Your peer accidentally forgot to encrypt a response and quoted your own plaintext back to you.
These things aren't intrinsic problems of encrypted messaging systems, which is something I feel like HN is not doing a good job of grokking. They're intrinsic problems of email.
You keep plaintext archives and drafts of your messages, because that's a fundamental feature of email clients going back 3 decades.
To my knowledge, mutt doesn't store decrypted archives. Drafts are stored in /tmp which can be a filesystem stored in RAM. I think using Mutt also takes care of your second point.
Your third point is the biggest problem with any system where security is bolted on (e.g. SMTP, POTS, etc.) - your end may be secure but your interlocutor is liable to compromise you one way or another. Though, as you say, this isn't a fundamental property of all encrypted messaging systems.
"You keep plaintext archives and drafts of your messages, because that's a fundamental feature of email clients going back 3 decades."
No it's not, you don't have to keep it at all or in plaintext and it's irrelevant for new clients supporting encryption, their UX have to be redesigned anyway. So it's a UX issue at most.
"Your peer accidentally forgot to encrypt a response and quoted your own plaintext back to you."
Again, just a UX issue. Although all messaging apps actually have incentives to provide a UX that lets them spy on most people's communications or be open to add that possibility some time in the future.
"that has your security one surreptitious Javascript injection on an XHR call away from complete collapse"
This is a problem of centralization that you are trying to ignore and none of those messaging apps can solve it. Any centralized system is one tiny change away from a complete collapse. It can also be shut down by the state just to force people to use plaintext or backdoored alternatives. The problem is even bigger than it looks, even if you make a completely decentralized protocol there will still be incentives to centralize as much of it as possible to make money and still leave a strategic possibility to spy on everyone also for money. Makes sense?
> You keep plaintext archives and drafts of your messages, because that's a fundamental feature of email clients going back 3 decades.
Name one PGP-enabled MUA that actually does this? None of the popular ones (mutt, enigmail, claws) do it. They didn't do it in the 90s, because that would have been stupid, and they don't do it now.
You could have said indexing and search if you wanted to point out actual usability problems with PGP-enabled MUAs.
I disagree that these aren't intrinsict to any messaging system. Those are intrinsic problems of any electronic data storage and transfer system. Data tends to deleted or public, as Quinn Norton says.
I've been thinking this problem through for a while, and I'm starting to think we simply need to have a different mindset for thinking of electronic data as for hardcopy. I'm leaning toward "data physics", in the sense that there are different "rules of physics" which apply -- a metaphor, though close enough to the truth:
* Data have effectivley no inertia. They can move anywhere at the speed of light.
* Data violate the principle of location. Information can be in two (or more) places at the same time.
* Data can be exfiltrated without awareness of the subject. Most especially when held on third-party systems.
* Encryption isn't a safe. If you lose a safe key (or combination), you can drill it out. If you lose an encryption key, an entire corpus is no longer accessible. This has absolutely massive implications from a user-support standpoint, as such key loss will be an everyday (or, at global scale, every second) occurrance. Which means some sort of reliable, useful, but still sufficiently safe, and cheap key recovery system.
Essentially: you can be compromised at any time, by any number of actors, without notice. There may be some ways to address this, but throwing more crypto at the problem may not be it. "Canaries" or fictitious entries and sentries (URLs, emails or phone numbers which should never be contacted, but which if they are, you know you've been had), might be part of that.
Another realisation I had a while back was that as much as this hits the ordinary citizen, it's as much a concern for those in or near power (finance, politics, military, journalism, business, etc.) as well. See open speculation that the White House has been compromised, quite possibly by multiple intelligence operators from multiple nation-state, and possibly other, actors. Including those of the United States itself.
Which is to say: media change the societies in which they operate, and always have. Elizabeth Eisenstein made hay with this in her 1979 book The Printing Press as an Agent of Change, though I'm finding her 1968 paper prefacing that work a more concise and sufficient summary of the principles: "Some Conjectures about the Impact of Printing on Western Society and Thought: A Preliminary Report"
* You keep plaintext archives and drafts of your messages, because that's a fundamental feature of email clients going back 3 decades.
* You use a server-mediated PGP provider like Protonmail that has your security one surreptitious Javascript injection on an XHR call away from complete collapse.
* Your peer accidentally forgot to encrypt a response and quoted your own plaintext back to you.
These things aren't intrinsic problems of encrypted messaging systems, which is something I feel like HN is not doing a good job of grokking. They're intrinsic problems of email.