A couple of weeks ago, Facebook released support for PGP, and that's great. Facebook is a leader in the security space as they support SPF, DKIM, DMARC, and opportunistic TLS for email; https for standard browsing; and a Tor site for users who need secrecy. And now, they've added PGP support.
The problem is that they haven't solved PGP's biggest problem - how to get ordinary people to use it. I'm not picking on Facebook, though. This is a problem in the security industry. The tools are available to become secure but the process to get there is too cumbersome. PGP requires users to install PGP software and then create and distribute keys. They then have to convince others to install PGP plugins and then get them to send them email using their key. And, they have to do this on every device they own, and they sometimes even have to type in a passphrase, even on a mobile client. Ugh!
While PGP is good, the usability is a mountain and that's the problem the security industry should be solving. In this episode, I think aloud about this problem and wonder if there's a better way. We need to do it on the user's behalf if they won't do it themselves, behind the scenes. Users shouldn't even be aware of what's going on if they don't have to be.
|Listen in iTunes||https://itunes.apple.com/us/podcast/terry-zink-security-talk/id964400682#|
|Direct download link||The Terry Zink Security Talk podcast episode 6 - Facebook's new PGP feature is nice, but...|
|Blog foot notes||1. Securing email communications from Facebook with PGP|
Or, you can listen to it below by streaming it in your browser with podbean.