First, thank you so much for putting together this list (you say "we", so I assume you are part of it); a great first step. What was your role? Do you endorse this list now and going forward?
Second, whoever made this list should include names that endorse it. They must be names of people trusted by various communities: IT security community, journalists (e.g., NY Times), activists (e.g., EFF), etc. Otherwise, it's just another list of very many on the Internet; who knows how reliable it is?
> It's been jarring to realize how many compromises are required to make things workable for groups of non-experts to use.
Third, I am very familiar with this problem, and that assumes you can persuade them that there's sufficient risk to justify the effort. The only solution is for someone to create secure, foolproof, user-friendly and appealing software that is effortless to install and maintain. I know it's easy for me to say "someone", but I don't have the expertise and this project absolutely requires expertise; it can't be yet another hack claiming to be secure.
Fourth, that will create another problem: If that software becomes widely used it will become a very appealing target for extremely well-resourced attackers. I'm not sure of the solution to this problem; can software really be secured effectively against those attackers? Really, we need more than one secure option; or, what if most communication software was fundamentally secure? One step at a time.
Second, whoever made this list should include names that endorse it. They must be names of people trusted by various communities: IT security community, journalists (e.g., NY Times), activists (e.g., EFF), etc. Otherwise, it's just another list of very many on the Internet; who knows how reliable it is?
> It's been jarring to realize how many compromises are required to make things workable for groups of non-experts to use.
Third, I am very familiar with this problem, and that assumes you can persuade them that there's sufficient risk to justify the effort. The only solution is for someone to create secure, foolproof, user-friendly and appealing software that is effortless to install and maintain. I know it's easy for me to say "someone", but I don't have the expertise and this project absolutely requires expertise; it can't be yet another hack claiming to be secure.
Fourth, that will create another problem: If that software becomes widely used it will become a very appealing target for extremely well-resourced attackers. I'm not sure of the solution to this problem; can software really be secured effectively against those attackers? Really, we need more than one secure option; or, what if most communication software was fundamentally secure? One step at a time.