One of the main UK computer security websites (Get Safe Online, GSO, a public/private partnership) has recently changed to using a website for security alerts, instead of sending emails that contained a “secret” word. Of course, a non-SSL website is not really safer or easier to verify than the emails, so I asked them: why don’t you use OpenPGP or GPG, like debian’s excellent security advisories?
The reply essentially boils down to “our target audience doesn’t use encryption software and we’re not going to educate them and other countries don’t either.” The encryption instructions on their site consists of an extremely vague explanation and links to a dozen or so other websites, along with insulting open source programs (which is disappointingly usual for GSO). The site is a little better than it was last year, but not much.
I think it’s a terrible shame that the gov.uk-supported site is failing to encourage encryption software use. Do you think this stems from a fear of strong encryption making it harder for the public sector to snoop on us?
So I guess this falls to the common/civil sector to promote personal security. How could we spread encryption software to the masses? GnuPG and as many mail client plugins as you can find? Icedove/Thunderbird and Enigmail?