For over a decade, critiques of OpenPGP and GnuPG have resurfaced in cycles: too complex, too fragile, too old, unfriendly, too “cryptonerd.” Modern messaging apps, "forward-secrecy-by-default" protocols, and crypto tools are frequently presented as decisive reasons to abandon GPG altogether. Yet these arguments often rely on a deeper and more troubling assumption: that ordinary users cannot and should not be expected to understand or control their own cryptographic identity.

This talk challenges that premise.

GnuPG is not merely another encryption tool; it is one of the few remaining technologies that give individuals total sovereign control over their cryptographic keys and consequently, over their digital identity. In an era increasingly shaped by "digital feudalism", where platforms dictate the limits of user agency under the guise of convenience, GPG represents a radically different model: federation instead of walled gardens, user-owned keys instead of opaque key escrow, and a trust model that distributes power horizontally rather than concentrating it in corporate or governmental authorities.

This presentation revisits the popular criticisms such as complexity, usability, lack of forward secrecy, the Web of Trust, aging cryptographic primitives and examines which reflect genuine limitations and which reflect a shift in cultural expectations shaped by centralized, app-centric design. It also highlights the unique strengths of GPG: asymmetric communication without a central provider, universal applicability far beyond email, a single identity usable across code-signing, backup encryption, SSH, authentication, and fully offline communication.

Finally, it explores the broader political and social context: why long term key ownership matters, why revocability and inspectability are essential freedoms, and why privacy cannot be sustainably outsourced to corporations whose incentives are misaligned with user autonomy. While modern protocols like Signal and Matrix bring important innovations, none yet replace the core promise of OpenPGP that cryptographic self determination remains possible.

This talk argues that dismissing GPG as "too hard" risks conceding our digital agency to systems designed to keep users passive. In a world where ideas outlive the apps that package them, GPG’s foundational idea (users should own their keys) remains not only relevant, but indispensable.