A security engineer is advising that internet users stop bothering to secure emails with PGP encryption and instead just use encrypted chat messenger apps like WhatsApp or Signal if they really want to communicate securely.
Filippo Valsorda is an engineer working in the Cryptography team at leading internet security services firm Cloudflare, and he is currently working to improve the HTTPS web browsing security protocol.
Security experts have been touting the benefits of PGP encryption for the last two decades, and NSA whistleblower Edward Snowden himself advocates using it, having taught journalist Glenn Greenwald to use it in early 2013 when he first contacted him about leaking classified documents.
However, despite its many benefits, PGP is still really hard to implement – Snowden had to create a 12-minute-long instructional video for Greenwald – even with handy browser extensions, like the one listed in our How to encrypt your emails using PGP guide, and Valsorda says we shouldn't even bother with public long-term keys anymore.
"I have the arrogance of saying that I understand PGP. In 2013 I was dissecting the packet format to brute force short IDs. I devised complex silly systems to make device subkeys tie to both my personal and company master keys. I filed usability and security issues in GnuPG and its various distributions. All in all, I should be the perfect user for PGP: competent, enthusiast, embedded in a similar community. But it just didn't work," Valsorda writes in a blog post.
His blog post was published on 6 December, but it is quite timely given Yahoo has just admitted that in 2013, one billion Yahoo Mail accounts were hacked. The data breach is the largest to date and exposed names, email addresses, telephone numbers, dates of birth and hashed passwords.
He argues that the biggest problems with PGP are that no one else is using it to encrypt their emails, but even more importantly, he realised that as time went on, he began to trust the security of his long-term keys less and less.
"The more time passed, the more I would feel uneasy about any specific key. Yubikeys would get exposed to hotel rooms. Offline keys would sit in a far away drawer or safe. Vulnerabilities would be announced. USB devices would get plugged in. A long-term key is as secure as the minimum common denominator of your security practices over its lifetime. It's the weak link," he writes.
"Worse, long-term key patterns, like collecting signatures and printing fingerprints on business cards, discourage practices that would otherwise be obvious hygiene: rotating keys often, having different keys for different devices, compartmentalisation. Such practices actually encourage expanding the attack surface by making backups of the key."
Instead, Valsorda says he's just going to switch to WhatsApp or Signal if he wants to make sure that communications go through a secure channel, because these apps offer "vastly better endpoint security on iOS, ephemerality, and smoother key rotation".
"If you need to securely contact me, your best bet is to DM me [on Twitter] asking for my Signal number. If needed we can decide an appropriate way to compare fingerprints. If we meet in person and need to set up a secure channel, we will just exchange a secret passphrase to use with what's most appropriate: OTR, Pond, Ricochet," Valsorda explains.
"If it turns out we really need PGP, we will set up some ad-hoc keys, more à la Operational PGP. Same for any signed releases or canaries I might maintain in the future. To exchange files, we will negotiate Magic Wormhole, OnionShare, or ad-hoc PGP keys over the secure channel we already have. The point is not to avoid the gpg tool, but the PGP key management model."
Valsorda is not the only one to think this way - the New York Times is now asking for readers who want to share tips to contact it primarily on WhatsApp, Signal and an open source, Tor-powered encrypted whistleblower submission system called SecureDrop.