Not a flame, but I recommend that you should not knock it before you try it. 1. it takes some time and effort to learn how to use it. 2. Lets say you encrypt a message with my key. I am the only person that can open and read that encrypted message. Even if my computer was compromised, the person would have to know the passphrase that I used to make the key. But, you are right, just because someone has a gpg does not automatically make them legit. But, its one less red flag and one more layer of security. Another example: Lets say Silk road gets compromised (god forbid) and the feds are now in control of the market. If you were to purchase something and use the gpg key, no-one but the vendor that you encrypted it to would be able to decrypt and see your home address. So, if you get the grasped of the whole thing, it really does make a lot of sense. Plus, its free!