As encryption increasingly becomes a championed cause, especially amid government backlash, at least one the world’s foremost cryptologists isn’t encrypting his communications, presumably along with other people both inside and outside the industry.
Phil Zimmermann, the creator of PGP, or Pretty Good Privacy, doesn’t use the service to encrypt or decrypt his messages, according to a tweet from Joseph Bonneau, technology fellow at the Electronic Frontier Foundation (EFF).
Email from Phil Zimmerman: “Sorry, but I cannot decrypt this message. I don’t have a version of PGP that runs on any of my devices”
— Joseph Bonneau (@josephbonneau) September 1, 2015
Zimmermann later clarified in a Motherboard article that PGP, acquired by Symantec in 2010, isn’t compatible with his MacBook, and the technology never worked with any iOS device.
For its part, a Symantec spokesperson told SCMagazine.com in an emailed comment that it couldn’t specifically comment on what version of PGP Zimmermann was using.
However, for background, the spokesperson wrote: “Symantec purchased PGP Corp in June 2010 and has been enhancing the software since acquisition.”
The company’s email encryption products do support Mac OS X, as well as iOS devices.
Naturally, following Bonneau’s tweet, InfoSec Twitter started churning with discussions over PGP’s practicality and alternatives to the popular encryption method.
Jon Callas, a cofounder of PGP, responded to Zimmermann’s thoughts by saying, “We have done a good job of teaching people that crypto is hard, but cryptographers think UX is easy.”
To that, Daniel Ingevaldson, CTO of Easy Solutions, a fraud protection company replied: “PGP. Failure of Function over form.”
Online discussion primarily centered around encryption alternatives, although there certainly seemed to be no consensus on a best method, especially considering the wider public’s difficulty in setting up and using most solutions. Although with this in mind, email providers have started encrypting messages by default, including Yahoo Mail and Gmail.
Zimmermann noted in his comments to Motherboard that he would try to use GPG Tools, which operates with Macs, although he said he’d have to learn how to set it up.
With an embed of Bonneau’s tweet, a security researcher known as The Grugq tweeted:
Good. Let PGP die. There are much better solutions available, let legacy 90s crypto fall by the wayside https://t.co/kbNJdIpfv8
— the grugq (@thegrugq) September 1, 2015
This article previously misspelled Zimmermann’s name and has been changed to reflect this update.