Folks,
I’m an ardent reader of this (and a few other) mailing lists,
but usually stay quiet and in the background. However, in light of global
events and paradigm shifts in the last few months, I’m tempted to speak up.
While I do use PGP/GPG, I have to admit that the usage has been
minimal and sporadic over the last few years, with the usual suspects as
reasons. But the biggest reason of course is “adoption” i.e. very few in my
social/professional circle use it. Now, we all (probably, subconsciously?)
know/acknowledge why that is, we are in 2014 after all.
My personal belief is that the awareness for secure
communications is starting to rise, not just for the niche users who are
already using it/know how to use it, but for the “average Joe user” as well. My
definition of the “average Joe user” btw is someone who:
- Has at least one computing device, if not more
- Is familiar with email
- Is already using various online mediums
- Has usually never thought about “secure communications” or maybe in an
abstract fashion
Now, the barrier to entry of secured communications is high. I realize that.
I’m sure a lot of you do as well. It’s not easy, it takes time, patience, a
certain level of expertise and a tacit acknowledgement that they need to use it
in the first place (probably the most important).
The “secure communications” paradigm of course spans a whole spectrum from “I
don’t give a ****” to “I’ll do anything to protect my communications, including
giving away my first born”. I suspect the “average Joe user” in 2014 is
slightly above the former, but way below the latter. Without going to the other
end of the spectrum, what will make adoption of secure communications a bit
more palatable to the “average Joe user”?
Let’s list a few arguments:
- I don’t even know what I need. – Well, assuming they are starting to
recognize the need, I suspect they will find out relatively easily as to what
they need. With a few caveats of course. There’s way more FUD/noise/BS out
there than the average person can decipher, so it’ll probably end as being
word-of-mouth recommendations or such.
- Even if I know what I need, getting it/installing it is hard. – It is.
The setup/install needs to be simpler, i.e. as simple as installing an “app”.
That is what the average Joe user is capable of.
- WTF is a key pair/public key/private key/<insert more arcane
terminology>… - This IS a big problem. I may get it, you may get it, how does
the average Joe user gain that understanding? The nomenclature needs to be,
well, something that the average Joe user can understand as well. They
understood SSL (well, for the most part).
- … several more similar arguments.
Now, what will help drive this adoption more?
- A better install experience?
- A “dumbed down” (if you will) taxonomy that they can understand?
- Simpler UIs? (without sacrificing secure functionality)
- Better integration with existing systems?
- Education? i.e. ongoing information dissemination that educates people
on these things. Newsletters? How tos? Youtube videos (shudder)? And others.
- Start hitting them on the head with a baseball bat?
All thoughts are very much welcome and appreciated.
Kapil Aggarwal.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
