He doesn't have one. Sometimes I wonder how difficult would be to sneak a sabouteur into the crypto community, who advocated for ditching proven and safe crypto tools, wanted his solutions on top of centralized servers owned by others, opposed distribution of signed binaries in FOSS markets, recommended the people to use stock OSs with binary and who-knows-what google libs inside, instead of installing the free counterparts, etc..
Is like people have forgotten that they should trust only the algorithms and the implementations, not the persona behind them. And that persona, should be the first saying "don't trust me! trust my algorithms!".
The 50k number comes from the number of people who can reach each other through the web of trust.
If you take every key uploaded to the key servers ever, then it's more like 4 million. However most of those aren't active.
TextSecure, in contrast, has vastly more users than PGP has ever had, despite being a lot newer.
Sometimes I wonder how difficult would be to sneak a sabouteur into the crypto community, who advocated for ditching proven and safe crypto tools
Sometimes I wonder if the best way to sabotage the crypto community would be to fill it with people aggressively advocating for obsolete technologies that have zero chance of any meaningful impact :)
Moxie is unusual in the strong crypto space, in that he is willing to make pragmatic engineering choices in order to ship a working product. That is why he and his team have had a lot more impact than most others have.
Having it installed doesn't mean using it, like you said, for the PGP keys being generated but not necessarily in use.
On textsecure usage
In my experience, very very few people actually sign keys, and few people upload them on keyservers.
Also, I know very very few people who use textsecure. I used it for a few month, trying to get others to talk to me with it and gave up. And I'm in the bay area working with IT people, most of my friends are IT people mind you, we're exactly the people who try that stuff all the time.
It doesn't mean its bad tech or a bad attempt at all, heck, I would LOVE for it to catch up. But I seriously doubt it has 4 millions active users or more.
On PGP usage
From a key server perspective there are still a large number of keys being downloaded, refreshed and updated daily.
Let's look at Mozilla's stats and they just seem to peer with one low traffic guy and themselves... http://gpg.mozilla.org/pks/lookup?op=stats
that's 1k new keys a day, and about 500 updated a day. We're far from the 50k claim since it would reach that in 50 days no matter what.
Of course saying there's only, say a few millions PGP users doesnt mean AT ALL the same as 50k.
On misinformation
Thus I'm calling bullshit. Purposefully misrepresenting data (large order of magnitudes, at that) is a big minus in my book. Being well-known shouldn't mean you can tell people bullshit - if anything, you have a greater responsibility when you do.
> It doesn't mean its bad tech or a bad attempt at all, heck, I would LOVE for it to catch up. But I seriously doubt it has 4 millions active users or more.
The 4 million figure was total users of GPG ever, not TextSecure. TextSecure for Android has had about 1 million installs.
However, it's also been integrated into the Cyanogen mod which added about 10 million users, and the tech has been integrated into WhatsApp, which got the underlying crypto code (though not the UI) to about 400 million+ users.
So if by "TextSecure" we mean the technology rather than the actual UI widget code, which is generic anyway, then it's in a whole other league by orders of magnitude.
You compared the total of PGP users to textsecure saying textsecure has more hence my reply on that (just clarifying)
Or least, that was my understanding of your previous comment
You're basically kinda saying there is between 11millions and 400 millions users, and, you know, i dont trust that at all and would compare it to notepad/paint being installed on windows but not actually used.
Anyway, whichever tech really catches up would be a good thing. I just dislike the manipulation of information for marketing of one tech over another for fame, money, power etc.
Specially when that means bad mouthing free and open source projects :)
Is like people have forgotten that they should trust only the algorithms and the implementations, not the persona behind them. And that persona, should be the first saying "don't trust me! trust my algorithms!".