Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> only the most competent criminal organisations will do this correctly.

All it takes is for one criminal to write a one-page guide to using GPG and circulate it to the group ....

I know I mentioned paying a cryptographer earlier, but in reality downloading and using GPG is a crude and effective way of defeating an E2EE backdoor.

Are the GPG devs going to backdoor GPG to satisfy governments ? Probably not.



> All it takes is for one criminal to write a one-page guide to using GPG and circulate it to the group

If cybersecurity was that easy, we wouldn't have so many examples of businesses getting it wrong.

Just because everyone here can follow instructions like that, doesn't make it common knowledge for anyone else.


> If cybersecurity was that easy, we wouldn't have so many examples of businesses getting it wrong.

There are almost no consequences for anyone working at a business that gets it wrong.

The consequences for being a nonce are quite severe so the motivation to get it right will be quite high.


> If cybersecurity was that easy, we wouldn't have so many examples of businesses getting it wrong.

I can only partially agree with this point. Businesses getting cybersecurity wrong has almost no material and significant consequences. At best, they get a tiny slap on the wrist or asked to answer some questions. Nobody in said businesses goes to jail for it or personally pays any fines. Compare that to criminals who have a lot more to lose if they get caught — jail time, fines they have to pay, not having freedom for quite sometime, life not being the same after they’ve served their sentence, and more. Businesses have it extremely easy compared to this. No wonder cybersecurity is so poor among all businesses, including very large ones (like Microsoft, as a recent example).


> jail time, fines they have to pay

Fear of these is the reason for the (maliciously compliant) GDPR popups, and that despite discussion about extra-territoriality and relativity limited capacity-to-websites ratio.

The law and threats of punishment are clearly not hugely significant to anyone involved in the specific topic of this thread regardless; in the UK at least, it's the kind of thing where if someone is lynched for it, the vigilantes have to be extremely stupid (like attacking a paediatrician because they can't tell the difference, which happened) to not get public sympathy.


>one-page guide to using GPG

GPG is infamous for being difficult to use correctly and for an antiquated design (IIRC forward secrecy is impossible?). And assuming E2EE backdoor actually exists, the gov is likely to be able to get at your key.

>Are the GPG devs going to backdoor GPG to satisfy governments?

No, but most users are unlikely to verify their GPG build is the right build.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: