Daniel (dkg) at the ACLU is one of the smarter people in the PGP world. He says some reasonable things about#EFail (and #EFFail) here: https://www.aclu.org/blog/privacy-technology/internet-privacy/encrypted-email-and-security-nihilism

Reading this, I get the feeling he's missing point 2) from my previous toot - how #EFail is particularly scary because Lazy User A can put Careful User B at risk.

In InfoSec, we're so used to thinking in an individualistic way about how we protect ourselves, I think we often fail to consider how our choices affect others.

@EFF@apoil.org
Do you apologize for the drama in it? #EFFail

Dear #EFF,

thank you for telling people to disable their email encryption. It helped us a lot.

The folks at NSA.

#EFFail

J'adore le mot croisillon #EFFail, c'est trop bien trouvé

Man, all the people pushing their agendas or their products in relation to #EFail on Twitter is kinda disgusting.

It almost makes me feel bad about having an opinion, I don't want to be part of that scene.

IMO integrity is about focusing on the needs of our users. Reassuring users and explaining is appropriate. Mitigating is appropriate. Even suggesting alternatives can be.

OTOH ...

Being a grown-up is so overrated! So I bring you: #EFFail! The EFF failing to disclose responsibly.

Oh yes.