You make two good points, but only the first one is structural. How do you keep information secure if it's meant to be semi-public? That's a rather fundamental question, and I don't have an answer to it. There must be a better way than storing everything in plain text in a centralized database, though.
Just think about it: the current communication tools store all the world's communication in plain text databases on American soil. No wonder the NSA engineered access to it - it is a prize too good to be true. I think we can and should at least try to change that.
Regarding the availability and use of PGP key pairs and related technology: you're right. Almost no one uses them, save for security enthusiasts. They're difficult to use, overly technical, make you feel like a paranoid conspiracy theorist and are frankly a pain. Those are all issues that could be overcome, though. There are no real, actual, structural reasons why good security has to be difficult to use.
But what I'm really wondering about is the best way forward. Like I said, I would strongly prefer a political solution, but I'm skeptical if that will ever pan out. I've been mulling this for a while, and if we would really want decentralized, encrypted, open source means of communications, shouldn't we take a structural approach to this?
The Diaspora guys had some ideas – but they were either not good enough ideas or too difficult to execute on to gain much traction, from what I can see.
It's an interesting question – who's going to fund writing the software that effectively needs to replace Facebook while making it impossible to monetise in the ways Facebook can?
(Random half-baked ideas: what about something built on top of BitTorrentSync? A distributed encrypted file storage repo with sufficient storage/bandwidth on every users machine to store many encrypted blobs, some of which are encrypted using your public key. A client-side app that gives you a personal view of that data showing only the stuff meant for you. Work backwards from there to a Facebook or Twitter like service, with a whole bunch of strong crypto using PGP keypairs and self-signed TLS certs authenticated with your social graph's web of trust. It's almost certainly more difficult than that though - I feel like like this guy: http://xkcd.com/793/ – and we're now back at the "everyone just needs a PGP keypair" showstopper…)
Just think about it: the current communication tools store all the world's communication in plain text databases on American soil. No wonder the NSA engineered access to it - it is a prize too good to be true. I think we can and should at least try to change that.
Regarding the availability and use of PGP key pairs and related technology: you're right. Almost no one uses them, save for security enthusiasts. They're difficult to use, overly technical, make you feel like a paranoid conspiracy theorist and are frankly a pain. Those are all issues that could be overcome, though. There are no real, actual, structural reasons why good security has to be difficult to use.
But what I'm really wondering about is the best way forward. Like I said, I would strongly prefer a political solution, but I'm skeptical if that will ever pan out. I've been mulling this for a while, and if we would really want decentralized, encrypted, open source means of communications, shouldn't we take a structural approach to this?