Quote from: tree on May 06, 2013, 06:43 pmI completely agree with pine about privnote, it can only be less safe than using SR, as I said before.And I was wondering when you'd first start talk about OTR pine. It seems way better than PGP to me... There are also other forms of deniable encryption that just seem better than PGP. Why isn't anyone recommending them?It's partly because they often aren't easy to anonymize. Instant messaging that is encrypted is a particular problem due to timing attacks (the enemy can see a message appearing at point A and a reply from point B, and correlate the two to deanonymize the participants). Take BitMessage for example. If it works as planned, then it also provides some kind of deniability and some defense against timing attacks since you're not downloading a specific message for you. But it also has to be ideally anonymized such that nobody can detect the use of BitMessage using traffic analysis. This is because since relatively few people are using it, there is a lack of anonymity. Tor suffers from a less severe version of the same problem, but most geeks also have dozens of ways around that to prevent detection of Tor traffic e.g. bridges, obfuscation proxies, steganography.PGP, used correctly, can be anonymous. It is similar to how Bitcoin is assumed to be anonymous.-> edit the gpg.conf file to remove PGP key id for sender and recipient with either hidden-encrypt-to or throw-key-ids -> edit the gpg.conf file to remove software version and operating system information-> use public keys that use standard encryption algorithms like RSA and standard sizes like 2048 or 4096 bit. Stay in middle of crowd.-> use separate nyms and separate public keys (with same nyms i.e. public key, nym pairs that are different) for the forums and SRIf you analyze one of Pine's encrypted messages using the gpg -v flag, there is only 1 linkable piece of information, which is my name. If I was posting an encrypted message using a different account nym there would be no way to tell it was me.On the other hand if you used the same public key for work as you for SR, then you really are fucked. The Feds will extract the GPG key ID from any one of your messages at work and pair it up with any of your encrypted messages on SR. It's similar to letting them know you post on the Bitcoin Talk forums as well as on SR, they can use your writing style to deanonymize you unless you've been using Tor all along on that forum too.So, as much as I like PGP, I do not like people treating it as a magic bullet like yourself Tree.Edit: The above sentence was badly configured, I meant to say "Like yourself Tree, I do not like people treating it as a magic bullet".The other not-so-insignificant reason for lack of adoption of other encryption technology is simply that people haven't heard of them. The Tor Project people have Tor Project evangelists going around the place for a reason. This is probably the bigger reason even if I haven't dedicated as much text to it.