Because people should not be using PGP for secure messaging.

PGP isn't user friendly, but from the Snowden leaks we learned it is one of the few encryption standards the NSA hasn't been able to break. TLS and most configs of VPN protocols were shown to be easily compromised. PGP was basically shown to be a show stopper.

1. http://m.spiegel.de/international/germany/a-1010361.html

Agreed. It has many problems but it's still one of the only games in town.

> TLS and most configs of VPN protocols were shown to be easily compromised.

This is a major claim to be making, and it is false. It is not helpful to spread misinformation like this.

Easily was, perhaps, not the correct adverb, but the linked article above as well as this one below go into it more. It does not appear to be false.

http://www.theverge.com/2014/12/28/7458159/encryption-standa...

Bruce Schneier has said while large government actors may be able to exploit it, it's still recommended: https://www.theguardian.com/world/2013/sep/05/nsa-how-to-rem...

Perhaps older versions of SSL, but there is no evidence that anyone has compromised TLS.

There is evidence that encrypted traffic was stored and research was done on the metadata of these connections but that is no surprise. That may be what they were referring to.

Also, threat models are important here...not everyone includes needs to include the five eyes as your threat model.

Of course. I am just using it as a yardstick for security strength.

I really think you're vastly exaggerating the difficulty of using PGP properly. With Enigmail and a small sheet of instructions, anyone slightly computer literate should do fine.

And there simply aren't any better alternatives for encrypting emails or files for transmission. I'd love to be wrong about that, but I haven't seen anything.

Agree, that's why we have it in. Even things like Mailvelope, can make it easier for a semi-technical user.

On what grounds? on what threat models? on what attacks? what alternatives?