Note: My Web pages are best viewed with style sheets enabled.
Another issue — much more important than the points raised in the following letter — is the lack of access to the source code of PGP. The source code has always been available so that independent inspections can verify the lack of a "back door" or other vulnerability. Without those independent inspections, users should not trust new versions of PGP.
6 February 2011
Enrique Salem, President
350 Ellis Street
Mountain View, CA 94043
I have been a user of PGP encryption software since at least 1997, from the time Phil Zimmermann owned and distributed the PGP product. As a non-commercial individual, I have always used PGP freeware versions, sometimes termed "evaluation" or "trial" versions. That use has always been within the constraints imposed by the various software licenses.
Of course, freeware versions of PGP generally have reduced capabilities compared with purchased versions. As an individual using PGP at home, however, the following basic capabilities have always been sufficient for my needs:
My experience with freeware versions of PGP served me well in my long career as a software test engineer. That experience allowed me to use purchased versions of PGP to transfer sensitive, proprietary data securely between unlike hosts across a data line shared with a competing company.
Since Symantec purchased the PGP Corporation, it seems that PGP Desktop (the latest term for the basic PGP product) will no longer be maintained and distributed as freeware for individual, non-commercial use. I reached this conclusion because of these three situations:
Who is eligible?Furthermore, the page also indicates that anyone wanting a trial version must first deal with Symantec sales personnel before the product can be obtained. Obviously, a non-commercial individual wanting PGP Desktop for home use is excluded.
Customers planning an initial deployment of 100 seats or more.
I am requesting feedback whether my conclusion is correct, that even very basic PGP products are no longer available as freeware for non-commercial, individual use. If my conclusion is wrong, then I request information on how to obtain the latest basic PGP product without purchase and without the Unsigned Data-Injection Vulnerability.
David E. Ross
Posted to my Web site 14 February 2011
Main PGP page
David Ross home
My PGP keys