GPG is hard in part because the problem it is solving is hard: allowing people to send private messages to strangers over an open system with diverse implementations designed many years ago without any regard to privacy.
It is also hard because it was released (as PGP) ~30 years ago when computers and available encryption algorithms significantly less powerful than they are today. Hence, there are more choices in the system than would be ideal.
In my experience it can be effective if adopted as the default for email with a group that works together daily (ish) and takes responsibility of standardizing on strong cipher and key size choices and distributing a trusted set of keys (regularly since some will always be expiring). This is a fair amount of work compared with “have email be clear text and selectively use Signal for extra sensitive things.” (And you’ll still want Signal anyway. Email is just the fallback.) But it relies much less on people figuring out what to put in the “sensitive” bucket.
Having 6 levels of trust (or was it 7?) must qualify as the worst UX decision of all time. People barely keep their contact lists up to date (in fact, nobody), let alone categorise them.
I had high hopes for Autocrypt, which solves much of PGPs terribad UX (maybe we should call it a porcelain?), but as the author and anyone has noted: simply nobody uses PGP. People barely use email anymore.
Social media, messengers such as Signal is where people communicate.
It is also hard because it was released (as PGP) ~30 years ago when computers and available encryption algorithms significantly less powerful than they are today. Hence, there are more choices in the system than would be ideal.
In my experience it can be effective if adopted as the default for email with a group that works together daily (ish) and takes responsibility of standardizing on strong cipher and key size choices and distributing a trusted set of keys (regularly since some will always be expiring). This is a fair amount of work compared with “have email be clear text and selectively use Signal for extra sensitive things.” (And you’ll still want Signal anyway. Email is just the fallback.) But it relies much less on people figuring out what to put in the “sensitive” bucket.