-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PGPfreeware 8.0: Not so good news for crypto newcomers - ------------------------------------------------------ 2002/12/05 pplf webmaster of "OpenPGP in french" site http://www.openpgp.fr.st Michel Bouissou network administrator Philip Zimmermann created PGP in 1992 as a freeware and a tool to promote free encryption. He even described it as being "guerilla software". PGP is the legendary piece of software that forced governments, in the USA and in several other countries, to rethink and soften their anti-crypto regulations. In 1996, Philip Zimmermman and associates created a compagny called PGP Inc to make profit from PGP. They started to sell it, but also committed to continue promoting free encryption by giving a version called "freeware" which individuals and non-profit organizations could use without charges. This freeware version contained easy-to-use e-mail plugins to automatically encrypt / decrypt / sign / verify e-mails in Outlook Express or Eudora. PGP Inc couldn't generate enough revenue from PGP software sales, and collapsed. Then, in 1997 NAI acquired PGP Inc. Despite NAI was interested in PGP only as a commercial product, they kept on giving a PGPfreeware with e-mail plugins. But NAI didn't succeed in making revenue from it better than PGP, Inc had done, and decided to terminate the PGP product line. In 2002, the PGP creators (including Phil Zimmermann) created PGP Corp and bought the PGP rights back from NAI. PGPfreeware 8.0, the new PGP version produced by PGP Corp, was released December 3, but it doesn't contain any e-mail plugin. If you want plugins, you have to purchase the commercial version. PGPfreeware 8.0 only includes clipboard and file encryption features. The issue is that newbies to crypto are unable to use PGP for e-mail encryption if it doesn't come with at least one plugin for a widely used e-mail software. PGPfreeware 8.0 is bad news for encryption freedom because people will download the most famous encryption software, PGP in its freeware version, to discover encryption, and the first thing they will discover is its great deal of complexity (public key encryption being genuinely complex) without understanding how they could possibly send or receive encrypted e-mails, which is the very reason for which they first downloaded it. In our opinion, PGPfreeware 8.0 will be of little help to crypto newcomers, and as such, won't help promote free encryption for the masses. Furthermore, to be really accessible to beginners, besides offering an e-mail software plugin and proposing the creation of a keypair at installation time, PGPfreeware should offer to the user the opportunity of sending the newly generated public key by e-mail to the user's usual correspondents, along with a short notice explaining the purpose of this key, and a link for downloading PGPfreeware. With PGPfreeware 8.0, the PGP 2.3 dream is over, Philip Zimmermann himself confirms this on his web site with a very deceiving sentence which is a parody of the Free Software slogan (and could even be considered as an attack against GnuPG, the OpenPGP UNIX free version) : "You may have a constitutional right to use crypto software, but someone has to pay the developers. Free Speech is not the same as Free Beer." (http://www.philzimmermann.com/findpgp.shtml) PGP corp has the right to sell PGP, which is a very good software. But PGP is not a software like others and PGP Corp has a moral obligation, in regard to its history since 1992, to promote free encryption. We think that making a PGPfreeware 8.1 version that would include a MS-Outlook Express plugin (Windows) and an AppleMail (MacOS X) plugin, and the file encryption support, but without clipboard encryption support, nor PGP keyservers direct access, or free space wipe, or PGPdisk, would be a better move, which would respect the free encryption promotion spirit as well as PGP Corp business. We also suggest that PGP price should be urgently reconsidered: in Europe, $ 165 (165 euros) is much too expensive for personal users; most utilities that personal users are used to purchase being priced around 40-50 E. It's already often difficult enough to convince "the average computer user" of the interest of using crypto, and to convince him to make the effort of learning its basics and understanding its principles. So, having personal crypto software priced much too high will be very dissuasive in such a context, and thus will be an obstacle to the spreading of cryptography -- and to PGP software sales as well. Furthermore, having PGP priced too high will probably lead newcomers to turn to a lot of "snake oil" encryption softwares and "personal security suites" that already encumber the shelves of computer software shops and are much cheaper than PGP. So there is a risk that uninformed users will turn away from PGP, and purchase cheaper snake oil instead. Last thing : PGPfreeware 8.0 is a good piece of software, much better that PGPfreeware 7.0.3 was. It is compact, quick and smart, and it worked really fine when we tested it under Windows 98. Unfortunately, the choice that was done of "free features" vs. "paying features" is wrong. And this is highly regrettable. pplf & Michel Bouissou. - ----------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE976YbG2bqPcqgjJQRAmBYAJ46IooKzKruffK+V2Uoi/WDt8vz4ACeJ+8h KviZEuZSQSu/GHIBwlCZ63Q= =JDuL -----END PGP SIGNATURE-----