To me, Keybase (https://keybase.io) seems to solve the "PGP has a bad user experience" problem correctly for like 90% of the population. You post proofs of your public key to known media (Twitter, Github, your website, etc.) which you control. These can be checked by anyone.
Even if the remote person doesn't know they are talking to you (as a human entity), they know they are talking to the combined online persona of all those accounts, which is all that matters for the vast majority of them. Yes, it is possible for all these services to collude and post false proofs, but that would be relatively easily detectable, and realistically not a concern for the majority of people out there, whose alternative is to not use any encryption. People who are really concerned can always fall back to standard PGP.
[Edit: Looks like I didn't read the article carefully enough, the author himself says he actually does use Keybase too.]
The combined online persona of those accounts is only as strong as their combined security. aka: Why would services need to collude when they can get the job done by ineptitude?
I agree, a lot of services displayed a shocking amount of incompetence in that post. However,
a) The more proofs you have, the harder it becomes to force them. YC for example is one location, and is run (in my opinion) by very smart people where it would be hard to get a compromise.
b) My point is that this is an excellent alternative to not using anything in a way that is both friendly to people ("just make this post on [website]") and compatible with an older, better method of privacy (PGP) that people have been using for years.
It may not be as perfect as some of the more esoteric alternatives that people have suggested elsewhere in the thread (I'm not sure about this, can an incompetent phone company employee compromise some of the phone-based ones? I've come across a lot of incompetent phone company people), but much easier for the regular person to use.
This is a crazy story but I still think Keybase gives you a lot to defend here. You have to compromise all the accounts and change all the proves to actually be able to send valid messages to somebody else.
That is a tall order, even if you use the same email as a username everywhere. I use long random passwords and 2Fa on a number of the important accounts. I don't trust google and Facebook, but I trust them to have some interest in not letting accounts be compromised.
Also if somebody changes all the proves, they will all be new and a smart system should be able to detect this sort of stuff in the future.
I tried keybase. I find it a novelty. It's just as awful to use as pgp. So regardless of anything else it offers it's a dead end like pgp. It's designed by developers and security nerds I get it. But that's who it will stay with too.
It's not an attack on them just the reality.
People don't mind SSL because they don't have to do anything to get its benefits. It's transparent to the end user.
Is it perfect? Hell no. Managing veers is as bad as managing keys. It's a pita. But only has to be done on one end.
Even Phil Z. Learned this when he made zphone. It has to be transparent to the end user and have a simple way to authenticate the other end.
Keybase: Where I put my GPG keys which I basically only use to sign git commits for repositories that I'm most likely the only person that will ever lay eyes upon them but atleast I can verify that nobody pushed to them...
Even if the remote person doesn't know they are talking to you (as a human entity), they know they are talking to the combined online persona of all those accounts, which is all that matters for the vast majority of them. Yes, it is possible for all these services to collude and post false proofs, but that would be relatively easily detectable, and realistically not a concern for the majority of people out there, whose alternative is to not use any encryption. People who are really concerned can always fall back to standard PGP.
[Edit: Looks like I didn't read the article carefully enough, the author himself says he actually does use Keybase too.]