negative zero

Why I Stopped Signing my Emails

2021 October 12

[email] [messaging] [opinion] [privacy] [tech]

At one point in time, I would attach an OpenPGP signature to all of my unencrypted emails.

Why I did this

  1. to indicate to my contacts that I used OpenPGP, so it was possible to encrypt emails for me
  2. to allow the recipient of each email to verify the authenticity and integrity of the email

Why I stopped

  1. People who don't already use OpenPGP don't bother (or generally know how) to verify signatures.
  2. The fact that I attached little mysterious files to my emails worried and confused people.
  3. What I actually want is for most of my communication to be off-the-record. Signing my emails made them non-repudiable, which is not a property I desire.

I've generally given up on OpenPGP. We should have collectively learned in 2004 to stop using it for private communication.