In the current day of multi-device users, I'm not sure a "user friendly implementation of PGP" can ever exist.
People want their email on their phone, on their laptop, and on their tablets. They want to keep those emails when they get a new phone, or lose their phone, or it gets smashed.
But most importantly, people want others to be able to know that others can read their email, and unless the people you are emailing know how to decrypt PGP encrypted email (or use the same client as you), they'll just get a mess, possibly with instructions on extra steps they need to take to decrypt it. And when you (in practice) are only able to email people using the same client, might as well just pivot the product into a secure messaging system like Signal or Telegram.
And that's not even getting into the amount of work and discipline something like PGP needs to work. Did you lose your master key? well you're fucked, might as well start over new and convince everyone you have ever talked to that you are still the same person.
People generally aren't against PGP because it doesn't work or the security isn't good enough, they are against it because it's complicated and difficult and punishes mistakes hard.
To most people, perfect security is useless if the average joe can't use it. Perfect security is useless if it requires constant diligence from users to prevent mistakes which in effect delete every bit of data you have. Perfect security is useless if you need to use out-of-band secure signaling in order to setup a secure channel.
That is why PGP is being dismissed. Because no matter how many coats of lipstick you put on that pig, at the end of the day it's a complicated, damn near user hostile program that punishes mistakes. And it's really fucking hard to make a "user friendly implementation" of something that will instantly and irrevocably destroy all of your communication the first time you lose your phone, or you have a house fire, or a theft, or any other number of things.
People want their email on their phone, on their laptop, and on their tablets. They want to keep those emails when they get a new phone, or lose their phone, or it gets smashed.
But most importantly, people want others to be able to know that others can read their email, and unless the people you are emailing know how to decrypt PGP encrypted email (or use the same client as you), they'll just get a mess, possibly with instructions on extra steps they need to take to decrypt it. And when you (in practice) are only able to email people using the same client, might as well just pivot the product into a secure messaging system like Signal or Telegram.
And that's not even getting into the amount of work and discipline something like PGP needs to work. Did you lose your master key? well you're fucked, might as well start over new and convince everyone you have ever talked to that you are still the same person.
People generally aren't against PGP because it doesn't work or the security isn't good enough, they are against it because it's complicated and difficult and punishes mistakes hard.
To most people, perfect security is useless if the average joe can't use it. Perfect security is useless if it requires constant diligence from users to prevent mistakes which in effect delete every bit of data you have. Perfect security is useless if you need to use out-of-band secure signaling in order to setup a secure channel.
That is why PGP is being dismissed. Because no matter how many coats of lipstick you put on that pig, at the end of the day it's a complicated, damn near user hostile program that punishes mistakes. And it's really fucking hard to make a "user friendly implementation" of something that will instantly and irrevocably destroy all of your communication the first time you lose your phone, or you have a house fire, or a theft, or any other number of things.