I meant that there cannot be a reasonable OTR implementation for email. You can stop using email if you want - I love it, as the last vestige of useful decentralised service on the Internet (I run my own email service, and many organisations do too). You can encrypt your email -- but not with OTR. S/MIME and gpg/pgp do work.
I kind of thought that the web itself was a major example of a useful decentralized service on the internet; kind of odd for email to be described as the last beside of that.
To the extent that HTTPS is the protocol of the web, its primary implementation (the CA system) is, in every meaningful way, centralized along exactly the same lines as much of the rest of society: in governments and corporations.
It was. It technically still is. But large parts of what makes the web useful -- content and search/indexing is being trapped in silos like Google, G+, Twitter, Facebook, Blogspot etc.
gpg/pgp do work for those who can use it properly, which is a tiny minority. Can your parents or non-tech savvy friends use gpg/pgp? Probably not.
And as Assange said, if you are e.g. a journalist in the government watchlist, it could be worse (more dangerous) than not using gpg/pgp.
Text messages using OTR seems like a better way. For widespread crypto usage, telling people to ignore pgp/gpg and use texts with OTR seems more reasonable than keeping projects like GnuPG alive.
If I were running a company like Facebook who's interested in spying on people, I might even fund projects like GnuPG so that unrealistic geeks keep thinking this is a viable solution.
I'm not convinced most people that can't use gpg "properly" are able to use OTR "properly".
As for facebook, as long as they keep the XMPP access open and supported[1], at least they do support OTR. Unlike eg: google.
I don't really understand this "gpg is impossibly hard"-stance. Yes, security is hard. Why recommend OTR? Don't get me wrong, I love OTR -- but verifying OTR keys, and transporting identities across devices (eg: when getting a new phone) is pretty difficult too. Are you saying wrong use of OTR is better than wrong use of gpg, because most people that use OTR use it in a way that allow for MITM anyway?
I don't think you need to be convinced. When 99% of people look at the choice between (a) Thunderbird+Enigmail and (b) TextSecure, they know which one is easier to use (your Mom probably knows more than you do in this regard), not to mention OTR has properties that PGP/GPG lacks such as PFS.
Textsecure is nice, but it's not really an alternative to encrypted email. It doesn't support off-line use, it's inconvenient for sharing large documents.
But most importantly, the point you seem to ignore, it's not secure if you don't verify keys. I'd say most people don't verify keys with OTR -- hence they're not using it in a manner that's actually secure. I do agree that it's a lot better than people using Snapchat.
