undefined | Better HN

0 points6d0debc07112y ago0 comments

I don't think having to sign into other websites is that much of a bother, nor that people are that motivated to talk to their bank or physician on a regular basis that would drive adoption of this sort of thing.

And in return you have to stick all your eggs in one basket, get what would probably end up being a single persistent online identity that goes under your real name (if it's tied to an email address you use for business stuff), and that's owned by a company and may not even be willing to give them back to you (would you even own the private keys if it was being implemented on the server?)

0 comments

leot12y ago

There's really an amazing lack of imagination here, both from a threat avoidance perspective and a potential awesomeness one.

The deployment model is this: one large webmail provider starts doing PGP by default via its webclient. Maybe it provides your with private keys, maybe it doesn't. Fact is that it doesn't much matter, because as soon as a large webmail provider starts doing PGP/PKI, the two biggest problems with adoption (namely, that there's no one to use it with, and it's kind of a pain to use anyhow) are basically solved. And as soon as this happens, there starts being a competitive market where providers can begin improving on each other's implementations. Any provider that doesn't give users their private keys won't have much of an ethical argument for doing so, and so it probably would, anyway. There will, as always happens, be a feature war, except with PGP involved some of that war will involve privacy/encryption/reliability concerns.

(PGP also makes spear phishing much harder).

j / k navigate · click thread line to collapse

0 points6d0debc07112y ago0 comments

0 comments

leot12y ago

There's really an amazing lack of imagination here, both from a threat avoidance perspective and a potential awesomeness one.

(PGP also makes spear phishing much harder).

j / k navigate · click thread line to collapse