So, to distinguish, there's web-of-trust things and general pgp/gpg encryption (and signing) UX. Both of these are pretty abysmal for non-technical users.
I don't think "muggle" users would be interested in the web of trust at all, and I doubt they can really handle it all that well. But I'm a pretty technical person (MS in Computer Science, PhD in a different field), and well:
I don't think the web of trust really matters- would you look at that and say, "hey, this Eric fellow has a 2004 key for his gmail, and an unrelated 2016 one, I'd better not trust him." Doubtful.
Honestly, in today's internet (I know, dangerously political...) I think there should be a stronger move toward broad-spectrum encryption of all emails. I actually generate trust with most of my email correspondents independently, but I sure would like to encrypt my communication. Signal is good for shorter messages, but email is still email.
It isn't like I have state secrets in my email, but I do have stuff I don't want random government snoops reading, especially if they're bulk-collecting. Furthermore, I think it's important for more people (even people who don't need it) to encrypt their correspondence, so we can provide cover for people who really do need it. Journalists and dissidents won't stand out as much if everybody is encrypting.
To that end, I think pgp / gpg is still pretty cruddy for UX. There are decent solutions for each platform, but nothing really good, and my friends / family aren't likely to use a mail client or webmail that's not at least almost as good as gmail/inbox just because I am worried about privacy.
I've recently moved to protonmail for most mail, since it has a very slick user experience and I want to know it well enough to be able to recommend it to other people. However, protonmail doesn't let me have my private key (or its analogue - I'm not 100% sure how things really work, but I have a public key that I can give to other people, and those other people can send me encrypted stuff from off-platform. I just can't reply in the same fashion). That means if I lose my protonmail account, woops, I can't read the emails you sent me encrypted to my @protonmail.com account, even if I get the emails. This is more of A Thing now that you can set up protonmail as your MX, and therefore get emails addressed to domains you control on the platform - if I ever swapped my personal domain around, I'd like to have the key.
So, for end-to-end encrypted simple messages, signal is great. I just wish protonmail did interop, and then I'd really recommend it to other people.
I don't think "muggle" users would be interested in the web of trust at all, and I doubt they can really handle it all that well. But I'm a pretty technical person (MS in Computer Science, PhD in a different field), and well:
http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=eric...
I don't think the web of trust really matters- would you look at that and say, "hey, this Eric fellow has a 2004 key for his gmail, and an unrelated 2016 one, I'd better not trust him." Doubtful.
Honestly, in today's internet (I know, dangerously political...) I think there should be a stronger move toward broad-spectrum encryption of all emails. I actually generate trust with most of my email correspondents independently, but I sure would like to encrypt my communication. Signal is good for shorter messages, but email is still email.
It isn't like I have state secrets in my email, but I do have stuff I don't want random government snoops reading, especially if they're bulk-collecting. Furthermore, I think it's important for more people (even people who don't need it) to encrypt their correspondence, so we can provide cover for people who really do need it. Journalists and dissidents won't stand out as much if everybody is encrypting.
To that end, I think pgp / gpg is still pretty cruddy for UX. There are decent solutions for each platform, but nothing really good, and my friends / family aren't likely to use a mail client or webmail that's not at least almost as good as gmail/inbox just because I am worried about privacy.
I've recently moved to protonmail for most mail, since it has a very slick user experience and I want to know it well enough to be able to recommend it to other people. However, protonmail doesn't let me have my private key (or its analogue - I'm not 100% sure how things really work, but I have a public key that I can give to other people, and those other people can send me encrypted stuff from off-platform. I just can't reply in the same fashion). That means if I lose my protonmail account, woops, I can't read the emails you sent me encrypted to my @protonmail.com account, even if I get the emails. This is more of A Thing now that you can set up protonmail as your MX, and therefore get emails addressed to domains you control on the platform - if I ever swapped my personal domain around, I'd like to have the key.
So, for end-to-end encrypted simple messages, signal is great. I just wish protonmail did interop, and then I'd really recommend it to other people.