Informsec2013: Final Report (Milestone #4)

Period: March 25, 2013 - August 30, 2013

Delivered: 2013-08-30


["A discussion of the overall performance of the program, including details of any discrepancies between expected and actual results and any recommendations for improving the design of the program; how unforeseen circumstances affected overall performance compared to original assumptions (if applicable), how activities were accordingly adjusted or retargeted. This should not be a description of activities, but rather a broader analysis that examines progress in the context of program objectives and expected results."]

The goal of this Gpg4win related program was to enable more users worldwide to use cryptography for the exchange of files and emails. New technical improvements of the crypto software Gpg4win were to be made and "field tested" by interaction with the user community.

The project can be considered a success. Especially the new comfort functions for newer versions of Outlook (2010 and 2013) and the 64bit Explorer plugin were met by good user feedback. The group of international users that can use Gpg4win for their version of Windows and Outlook was substantial extended.

On some points the results deviated from the original plans by a small margin, sometimes above, sometimes below initial expectations, but always within the normal course of an IT project:

  1. The tests for Windows 8 and Outlook 2013 ran fine, so these platforms fully benefit from the improvements, especially from the Outlook and Explorer plugins.
  2. Some smaller technical internationalization issues could not be fully resolved during the timeframe. Main reason is that international feedback was slower to come as expected. These type of defects can only be found by good international testing and the timeframe was too short for this.
  3. Basic crypto support of GpgOL for Outlook 2010 and 2013 did not see as much field testing and feedback from the community as envisioned. A likely explanation is that the label "beta" did not draw enough attention for users to perform the test and internationally the availability of new versions of Gpg4win needed to trickle through to potential users.

The project was completed within the given timeframe.

The 1st milestone was delayed one week because of an unexpected severe technical defect. The remaining timeline was unaffected, all following milestones were delivered at due date.

Recommendations for future programs for Gpg4win

Given the timeframe and the budget the design of the project was good. A followup project would choose different technical improvements as goals, but could use the same procedural setup. Small improvements are possible in the area of allowing more time for initiating and collecting international feedback.

Summary of activities and achievements

["This section should highlight individual activities and include a description of progress towards results and relevant trends. Other pertinent information including, when appropriate, success stories (if available) which illustrate the direct positive effects of the program, and quotes from participants that reveal the need for project activities, learning, and impact."]

Since project start in April 2013 we have released 2 stable and 4 beta '''Gpg4win versions''':

During the duration of the project we have interacted with the user community via public channels (mailing lists, issue trackers). We get a lot of user feedback about Gpg4win releases, but less than expected. Feedback from German users were overrepresented during the project.

A new '''wiki''' ( was set up to add important and helpful information about GnuPG and Gpg4win ''together'' with the community.

As the PRISM program of the NSA was published in early June the public discussion in Germany triggered a strongly increased interest in email encryption, especially in Gpg4win. Since this time the '''number of Gpg4win downloads''' (from the primary download server have more than doubled: from ca. 2000 downloads per day (January to May 2013) to ca. 4100 downloads per day (in July/August 2013). It cannot be determined which part of the increase is from the upcoming of the debate or the release of new versions. The publication of new versions always let to higher download numbers in the past.

Also the (non-technical) '''press''' recognize the value of the software product Gpg4win in their reports (see for a list of German press reports).

During the project there was more traffic on the '''public Gpg4win mailing lists''', especially the German users list saw a clear increase caused by the discussion about PRISM in Germany (July 2013: 103 mails, January to June 2030: <12 mails) and the publication of the Gpg4win releases.

The '''donations''' - accepted by the Gpg4win initiative for the maintenance - increased in the first 8 month of 2013 at the total value of 1258,-- EUR. This reflects the increased user acceptance - compared with the previous years:

  2013*  1.258,-- EUR
  2012   1.490,-- EUR
  2011     513,-- EUR
  2010     582,-- EUR
  2009     257,-- EUR
  2008      44,-- EUR
  2007     325,-- EUR
  2006      68,-- EUR
  Total: 4.537,40 EUR

*) as of: 2013-08-27

Here are some selected quotes from donors in 2013:

Monitoring and evaluation

["Provide data on project indicators as per Delivery Instructions in Appendix D, Schedule of Millstones."]

Several Gpg4win product releases were done, as outlined above. The participation on the mailing lists, trackers and the in download numbers and pick up of news items were monitored. The monitoring showed that the project made successive progress during its timeframe. Increase in participation of users and in the download number showed that the work was matching the need of world wide users, though community participation was much higher from Germany than from other countries.


["Problems encountered, reasons why established goals were not met, if appropriate, the impact on the program objective(s), and how challenges or problems were addressed."]

There are some technical challenges during the development of Gpg4win:

A non-technical challenge in the project was triggered by the public debate about PRISM and privacy (partly discussed on Gpg4win mailing lists). It allocated extra attention of our Gpg4win development team and required e.g. answers about technical and historical information of Gpg4win to convince new users.


["Recommendations for networking and future events."]

The work done was very valuable for Gpg4win and raised the chances of more crypto usage worldwide. Because both the concepts behind and crypto and the OpenPGP standards for files and emails are not yet part of widespread cultural knowledge. Anything to spread this knowledge is useful. Here are some idea:

Informsec2013/milestone4 (last edited 2017-10-24 08:29:01 by bernhard)