Slashdot Mirror
How to Save PGP
Tomcat666 sends in: "The Register got some excerpts from an interview with Phil Zimmerman. He talks about how it might be possible to save PGP (Network Associates couldn't sell it, and will stop its development), OpenPGP and the future (industry-backed OpenPGP?)." A follow-up to our story yesterday about Network Associates mothballing PGP.
Just open source it...but then again open source and security software aren't best used in the same sentence.
Make your pet projects free from the start.
Notice that Phil wants to release it under a BSD style license. As much as we'd all like that, it probably isn't going to happen.
Isn't GPG (an OS implementation of the PGP protocol) exactly what you suggest? It's been around for quite some time.
--
The Cap is nigh. Time to get a fresh new account.
This isn't the end of PGP. OpenPGP is always going to be around. (or almost always - its open but everyone could decide to trash it if they like)
This is the end of commercial PGP. This isn't a good thing for PGP to be used in commercial settings. Also this is the end of the PGPDesktop which was the only thing close to an option for (l)users.
Hopefully NSI will release the code in a manner that will allow a smaller company to add value and repackage it to large corporations.
$sig=$1 if($brain =~
/. get's about what, a million unique hits? NAI put 36 million into PGP, and since they're not finding a buyer, we can assume they'd be willing to take somewhat less for it.. let's say 25 million. If /. changes it's subscribtion pay pal account instead to be a funding house to purchase PGP, each user could donate 25 dollars,and we'd have a co-op that now owns PGP. This co-op could then market it as an inexpensive payware product, available for download complete with source code for a $5 license fee. This rids the need for /. subscriptions by generating income, opens the most current version of source code up for review, and allows independant programmers to modify this source code to continually improve the product.
A win win situation! 8-)
IANAL. This is tongue in cheek. I hate having to explain myself...
I actually have no objections to it being presevered and developed, especially if it were Free Software, what I'm asking for is reasons for it to be preseved from the point of view of Free Software advocates.
How about Amnesty International who uses PGP to keep their researchers who are in dangerous parts of the world, and the people who inform them safe from governments who would think nothing of searching their laptops? PGP has saved lives of good people who without it wouldn't have access to encryption secure enough to trust their lives with.
Think about that, how many computer programs would you trust your life with?
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
That's not the real problem. PGP don't create terrorist, and we all know that encrypted mail/files aren't the only way to pass secret information. I belive we should all care about crypto. Like Phill Zimmerman says roughly: E-Mails are like postcards, PGP is just a tool to get you mail messages into an envelope. Privacy is the real issue about tools like PGP, if you are willing to let it go, goverments, industries and peoples will sooner or later abuse you rights. You're not free when you are always looked upon.
Colosse.
of course, advances in magnetics and flight will eventually make tires on land vehicles obsolete too. unfortunately, neither of them has advanced to the point of feasibility yet, nor has quantum computing. until such time as that happens, there's a need for good ol' fashioned tires. or encryption.
In the article Phil focuses on easy to use GUI interfaces for less technically adept end users as the major feature that the OpenPGP/GPG projects need to focus on. This is the main advantage that the commerical version provided, and the main thing lacking in all the other alternatives.
He clearly states that the PGP protocol is in no danger whatsoever, and will continue to remain widely implemented.
Having spent many hours deciphering gpg command lines to use PGP to its full potential makes you realize how usefull a simple, easy to use GUI interface to a PGP would be. (Implicit in this task is integration with other applications, however, you can find plugin support for almost anything that you wish to use PGP in)
The commerical PGP is only one implementation of the open PGP standard. Even up to 6.5.8, full source code was available from Network Associates.
Plus, there is GPG, PGPi, and other freeware implementations of the standard (under the umbrella of OpenPGP.org).
I don't see why "PGP" as a whole is going down.
It's like saying if Microsoft or Netscape decided to stop relasing browsers, then the entire WWW is doomed, when there's still Konquerer, Opera, Mozilla, and the whole W3C standards body, etc...
There's 10 types of people in this world, those who understand binary and those who don't.
- Slick interface
- Good sponsor
- Open source
Since a slick interface would mean development and they current development is in limbo(with two shipable inferfaces in stock!!) I really don't think that an option. Second option is a sponsor, but since nobody is willing to buy pgp, I don't really think sponsorship will be attrictive to sponsors. Leaves only one optionI was doing my taxes today (oh joy) and marked the box that mentioned something like $3 to the Presidential election campaign fund. Perhaps we could have a few donation check boxes to buy lucrative abandonware into the open source world.
Then again, sometimes it might be good to just start some projects completely over. Remember Netscape?
GnuPG. Because only the technically oriented deserve privacy.
I'm a concientious
If he would have put it under the GPL from the beginning we would not be seeing this. He would be like the Linus of crypto, but he was so determined to controll the things he shouldn't be controlling that he lost controll over the things he should be.
One app that is going a along way to making PGP slightly easier is Evolution. It has the best PGP solution I've seen yet for email. Easy and simple to use, even Joe Barr agrees.
But, the problem is you still must maintain your GnuPG bits manually on the command line. That was the beauty of NA's program. It had a slick GUI. Of course, in the end it didn't take me very long to pick up how to use gpg via the command line, but for the general populace it's still a barrier.
Fortran programmer...oh yeah. Array math for life!
Read the previous article. The source for NAI's PGP was released. The change in policy was why P.Z. left NAI, but up till the very last version it was published source (as is traditional in cryptography software) so we could inspect the encryption and make sure it worked, and didn't contain any backdoors.
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
What about the possibility of PGP technology being a part of the next major upgrade of open internet protocals (ie, POP, SMTP, etc .. )
:)
It seems to be that possibly losing out on the client-side 'niceness' that a commercial PGP implementation provides could be a non issue if the next round of standards include support for providing PGP mechanisms as part of their protocols (not that you'd HAVE to use PGP, but that PGP would somewhere in the protocol if you wanted to use it.)
That would reduce the need to depend on the never-surefire client market penetration in order to see widespead and longterm usage of PGP as a means of protecting ones privacy.
I've always felt open protocols make the best vehicles for propogating public-interest technology. That way, you dont need [Mailclient] + [PGP intergrated client] but [Mailclient that supports Next Gen Protocol X] where one of X's functionality sets uses a private/public key encryption scheme. Not sure what the likelihood of that happening is, tho, both from the perspective of when we'll outgrow the current crop of protocols, whether the new crop will be open enough to get public interests into the design phase, and whether the creators of said protocol would even think it would be a good idea to include a PGP layer in the protocol.
"Old man yells at systemd"
GPGME is a project to do this. From the website: "It provides a High-Level Crypto API for encryption, decryption, signing, signature verification and key management."
It's a work in progress. It's useable, but of course, there is the standard disclaimer. Compiles fine on most Linux distributions. It needed a small amount of help to compile on Mac OS X. Not sure about any other OSes.
All editorial writers ever do is come down from the hill after the battle is over and shoot the wounded.
> And what's scandalous is that NAI has OS X and XP-ready versions, but won't ship them.
/create/ inefficiency in a market rather than reduce it.
We need some laws that force work into the public domain if it wont be exploited for the private domain. I'm sick of companies keeping what will go into the dustbin. This is another example of how too much private interest can
Of course, I respect that the work in question would probably have to pass some criterium whereby its release into the public domain would not cause significant damage to the company in question (if the company is to live on), but surely we can't believe that scenarios like this outweigh the benifits of laws forcing companies to push work they lose interest/money in back into the public domain?
"Old man yells at systemd"
To see what RMS actually thinks about this subject see http://www.gnu.org/philosophy/selling.html
From that page:
Then again, when has an AC let reality interfere with the contents of his posts?
-Peter
People discuss quantum computing as if it were inevitable, when in fact it is not at all clear that the difficulty of getting n bits entangled in a quantum computer does not scale as exp(n)--in other words, the difficulty of getting a quantum computer working may scale just as quickly as the computational advantage you get from it. A useful quantum computer being impossible to build would not be surprising at all. Lots of neato quantum effects are in fact impossible to scale to the macro world.
So sounds like Amnesty International should pick up the tab for developing PGP. I mean, I grant you, I think that PGP is a wonderful product and I'd like for network associates to keep it, but they are a business and if it's not making money for them, there's no reason for them to keep it around.
Personally I use GPG and think it works wonderfully, and Network Associates has nothing to do with that. May not have some of the bells and whistles of the full commercial PGP but it still does what PGP has always done, encrypt e-mail. Organizations like AI should be able to function fine with just that.
This sig has been temporarily disconnected or is no longer in service
It means they are legally exempt from rampant idiocy. Java's SDK says the same thing. The GPL generalizes it more saying the author is responsible in no way for the software. Regulations for nuclear control equipment and medical devices only allow for qualifying software to be run on such devices, being stated in the EULA on Windows and many other programs is merely compliance with these regulations.
I'm a loner Dottie, a Rebel.
It's true that currently GPG's user interface is terrible for beginning users if they have to use it directly. So, clearly, you want to use programs that embed GPG (like Evolution). Also, note that the German government is funding further development of GPG. They specifically say that their funding will be used to make GPG more usable by less experienced users, including porting the software to other operating systems, developing graphical user interfaces (GUI) and writing a handbook.
Thus, this sounds like a short-term problem at worst.
- David A. Wheeler (see my Secure Programming HOWTO)
The Windows version of PGP was pretty nice and actually hooked in with MS Exchange and other software. No I never actually used it, I specified that communications between my group and a shop we were contracting out to be encrypted with PGP. I used GPG with Linux and they went with the happy windows user interface. Most managers and probably the majority of developers will want to use the Windows version if forced to use the encryption software (By some asshole like me pointing out that transmitting the source code in the clear is a violation of corporate security policies ;-)
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Quoted from: http://www.chiark.greenend.org.uk/pipermail/ukcryp to/1998-December/003102.html
"If you're talking about the British government or the American government,
they're virtually permanently tapping all of our stuff and using voice and
character recognition," Gregory says. "I know what technology they've got.
"The Tunisians [where a new office is being set up] aren't as subtle as the
Americans and the British. It's a bit like heavy breathing on the line."
However, even though Amnesty staff can automatically encode any message sent
in Notes with its built-in encryption - certain staff use far stronger PGP
encryption - Gregory says the US export ban on strong encryption still
leaves it in a difficult situation.
Remember, not all countries that AI investigates can be as unsubtle as to beat passphrases out of people, and the person couriering the data need not have the passphrase to have it beat out of them.
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
part of the problem is that the IDEA algorithm is licensed technology from the Swiss company that owns the patent.
What PGP needs is a pluggable-encryption component, so that it could leverage something like AES
Old age and treachery almost always overcome youth and skill.
Really, if "they've" already compromised the system to the point where you have to worry about the libraries being secure, you've got bigger problems on your hands than the libraries being secure. The only thing the lack of a library is contributing to is a hampering of programmers incorporating GPG natively into everything from E-Mail clients to network protocols.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I think what he was saying (or should phrase it like) is that the government should not offer protections of 'intellectual property' to those who do not market/sell/use it.
With a large enough gun, any piece of physical property can be defended. Governments exist to keep us from needing guns to do that.
Intellectual property can ONLY be defended with the use of the government. By removing this government protection from IP that is not used, the market is MORE laise-fare(sp), not less.
Now, if the government were to take an active roll, such as disseminating IP that is not used, that would be wrong.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Hence the reason that encryption is only the first step.
Second step is steganography, hiding the message, either by attaching it to the end of a zip file, or by weaving it into an image.
Third step is to have an encryption system which allows alternate passwords: each password reveals a different set of data, and the password you get forced to tell someone reveals not much at all.
You need more than just encryption to hide your data from governments.
Well PGP is a dead end but not for the reasons you give!
Quantum computing is practically irrelevant for mainstream crypto. If someone does build a big enough quantum computer it is unlikely that we will ever know about it. But we do know that there are some pretty severe limits on what it can do, it is not a magic wand. A quantum computer does not help against AES or SHA-1 for example. I suspect that long before Quantum computing is real there will be replacements for RSA that are robust against quantum computing.
The reason PGP is a dead end is that it was only deployed for email and only gives good privacy. PGP is not a good mechanism for signing binding e-commerce contracts.
It would be much better if people spent their time persuading people to use the crypto that is already built into Outlook Express, Communicator, Notes etc. rather than trying to resurect a competing message format.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
PGP is a product of its own, which is probably good and bad -- good, because you can use it with non-email, and (awkwardly) with most mail clients. S/MIME would have to be built in, I imagine -- but a couple of easy implementations would bring encryption (and decryption) to many more people than the current situation with PGP/GPG/whatever.
So why aren't people making S/MIME capable clients?
http://www.sente.ch/software/GPGMail/index.html
In short, 80% of the people who read Slashdot are freeloaders who won't even pay to read their favorite web site.
What makes Slashdot such a great webpage? Is the ability to (most of the time) read about geek news? Or is the ability to read and discuss a certain post with thousands of technical savvy people?
I believe it is the second one. If you remove those 80% (the freeloaders) would you have the diversity? You'd probably have a lot less trolls, but I think you would lose a lot of good with the bad.
I belong to a great LUG which does not charge for membership. If they did, I wouldn't put as much effort into my time there. I try to give just as much as I get. Do I feel that I do? No, not really. I love going and hearing about aspects of Linux that I know nothing about and learning something new.
To tie that to your post, I feel the same way about Slashdot. I could pay for a news website, and get spoonfeed mass media trash, or exert my brain here on Slashdot. These freeloaders might be the very ones who give great info in AskSlashdot, or mirror slashdotted webpages. Pay to read their favorite webpage? They do! They try to give back to the Slashdot community as best as they can.
This is not meant to be a flamebait, you will notice I am logged in even. You seem to think cash is the ONLY method of paying for something. You have a lot to learn about life.
Vertical
72 CD D7 52 D0 7E D8 47 44 91 D5 84 D1 59 F1 A9-This is my 128bit integer. There are many like it, but this one is mine.
You're out of date. The latest w3c patent policy does *not* allow patented standards unless a Royalty Free license is available. There is a loophole in the policy that says effectively "if we hit a brick wall with this policy and can't implement a standard within it, we'll form an advisory group to decide what to do" (with the implicit suggestion that one of the things they might theoretically do is go with a patented standard) but there are a whole lot of hoops that must be jumped through before that point can even be reached.
Besides, as you would know if you'd done a little research rather than just skimming headlines, the w3c has never *had* a patent policy before, and therefore could easily have created a standard that relied on patented technology. The fact that they haven't is an indication of their general goodwill towards patent-free standards - when they got half-way through SVG and found that apple had a patent on alpha-blending, they stopped what they were doing for ages to try to ensure that the standard would remain patent-free. That was when they started looking into having a patent policy.
Of course, as a closed organization they first asked their members, who are primarily corporations, and those corporations said "we should have patented standards". Hence their first draft. Then they submitted the draft for public review, and NOBODY NOTICED. After a long comment period with no comments, someone suddenly posted it to slashdot with 2 days to go, and all hell broke loose - and the w3c essentially backtracked and now have a sane policy.
If anyone is to blame for the poor original policy, it's the fact that the community wasn't alert - it's mindboggling that the "many eyes" that are supposed to make bugs shallow didn't catch a major announcement like that from the w3c.
Stuart.
Encryption (S/MIME) in Netscape and outlook is it's own worst enemy, because of the requirement to submit your personal information to a "trusted" third party (ie, a corporation - who many of those smart enough to know that encryption isn't a good idea won't trust at all) and then rely on the same "trusted" party to verify that everyone else in the world is who they say they are.
There's nothing wrong with S/MIME as a message format, but the implementations fall far short of what (as I understand it) PGP does: allowing you to generate your key without anyone having to verify it, and then YOU choose to ask specific people to verify it too. If you try to do this with any S/MIME client that I know of, it will claim that the certificate is untrustworthy because Friendly Trusted Company, Inc hasn't signed for it. PGP will try to find a way through the "web of trust" via a chain of people who all trust each other, from you to the person in question.
If someone were to integrate the S/MIME message format with PGP-style keysigning and webs of trust, and persuade the email clients to stop insisting that only TrustedCompany signed keys are trustworthy, I suspect that encryption would be a lot more widely used...
Stuart.
You don't have to be a corporation to sign keys. In fact there is a certificate signer distributed with every copy of Microsoft Office and Windows XP. Code to create X.509 certs is available as freeware in many open source distributions.
If you try to do this with any S/MIME client that I know of, it will claim that the certificate is untrustworthy because Friendly Trusted Company, Inc hasn't signed for it.
You can select the certificate and say 'trust this certificate' explicitly in all the popular implementations.
If you don't like the way the S/MIME cert handling is done it is easy enough to do it any way you choose.
Another scheme would be to set up an XKMS interface to a PGP web of trust and then drop an XKMS client into the CAPI or cryptoAPI layer of your favorite email client. Then you can configure any trust semantics you like in your Web O' trust service. No different in principle from using the BaL keyserver at MIT but a lot more powerful.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
BSD? Are you joking? If I'm going to pay for something to be free, why would I want to subsidize the proprietary products of someone else?
I disagree. Redhat charges a premium for priority FTP access to software which can be freely distributed. The FSF itself was formed with money made by selling GNU on tape.
It is true that Free Software does not have the "advantage" of artificial scarcity that proprietary software has. In spite of this, both Cheap Bytes and KRUD both operate in the black AFAIK.
If we expand beyond simple distribution there are additional ways to actually make money by distributing Free Software that have been demonstrated in the real world. Redhat turns a profit, largely by bundling service with distribution. Several of the PHPGroupWare guys support themselves by supporting PHPGroupWare when they aren't hacking on it. Other value-adds exist, such as IBM bundling Free Software with hardware.
But, I suppose it is true that you aren't going to make yourself rich by downloading Free Software on your cablemodem and mailing out burned CDs.
-Peter
But what I really want to do, at least initially, is to promise a payment, which becomes payable when enough other people have promised that the software's current owner agrees to the deal. Inevitably trust issues come up: I might welch on my promise. Or to make things more complicated, I might promise and pay only on the condition of anonymity.
How to do all this? One way would be to place the money in escrow for a limited time, and if the deal doesn't come together by then, I get my money back. The people trying to organize the deal would give themselves a time limit and encourage donors to set their escrow timers for that time limit. A reputable bank or insurance company (or maybe a casino?) could act as the escrow agent.
There's a guy named Ronnie Horesh with a very cool idea called social policy bonds, intended to bring market forces to bear on social issues. Government auctions off bonds, which mature when some measurable social goal occurs, and are then redeemable for larger amounts. He once commented that a social policy bond is like a bet. The government hedges its position (that, say, literacy is good) by begging that literacy won't go up. When literacy does go up, the government has to pay up.
In the same way, if I believe that PGP should go into the public domain, I may hedge that belief by betting Network Associates that they won't do that. They can easily win that bet by releasing PGP, when they decide that winning all those bets is more important than retaining PGP as closed-source software.
WWJD for a Klondike Bar?
Excellent, a notably confusing and shitty interface. That will definitely propogate the use of cryptography!
I'm a loner Dottie, a Rebel.
It just seems very strange that all of commerical products that provide good encrypted message transfer have suddenly become "unecconomical" for the companies that make them. Especially in this post Sept 11 world? I think there is something fishy here...And I don't like it.
ttyl
Farrell
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
The important parts are the Windows infrastructure and the patented protocols that appeared in PGP5.
The Windows infrastructure is more than just the GUI - the GUI is OK, but nothing special. The infrastructure includes
- a low level secure storage driver at the OS level
- integration with many mail clients
- an Explorer shell extension to handle encrypt / decrypt, secure wipe, and verify functions
- a secure viewer with anti-tempest fonts
- the PGPNet VPN solution
- the PGPDisk secure storage solution
This is what NAI have paid to develop, and this is why it represents a major loss.Jon.
Who cares about PGP... if companies and investors are not opting in, there is a reason... ponder that.
The reason is the complexity. Most people are not concerned with complex key ring schemes, expiring keys, and electronically signing e-mail. They just want a way to encrypt e-mail so that it's not easily sniffed.
the problem with this apparent sell-friendly position is that it is not workable. lets see...
1. Corporation creates and sells an App under GPL for $1,000 (all legal but you do have to provide source).
2. one person buys your app. because it is gpl'd, Customer 1 puts it up on sourceforge for all to download free of charge. it's now GnuApp. all legal, all gpl.
3. Corporation now has to compete with it's own software available free of charge. Corporation can't pay rent, electricity, or those pesky programmer salaries.
4. therefore, whatever stallman SAYS about the ability to sell gpl software, the reality is that you are effectively giving it away for free. Ever wonder why you don't ever see pure play GPL software companies survive on their own for more than a few months?
I think GPL is great for stuff that you INTEND to be free forever, just be careful if you want to make $$$ by selling code.
It is abundantly clear that you didn't read the page I linked to.
Most of what you said is based on the exact confusion arising from the phrase "selling software" (and variants you used like "selling App" or "selling gpl software" or "selling code") that is explained in the page I linked to.
So, since you don't care to read that article, let me establish some vocabulary.
If "selling software" is to have any consistent meaning it must be selling the copyrights to a piece of software. Such as when Corel bought WordPerfect. This clearly is not the topic of the discussion.
Now we come to what you are really talking about, which is selling software licenses. When you "buy software" (really "buy a license") you never get anything but the use of the software IAW the license terms. If you actually "bought windows" why may you not sell it? I don't mean en masse, just the CD you bought? Because you didn't buy anything but a license.
Finally we have distributing software. Which is what I was talking about. Wal-Mart makes money by distributing both proprietary and Free Software. It doesn't make a difference to them. Redhat sits on the shelf right next to XP. See my other reply in this thread for more examples of people making money by distributing free software.
Finally, note that if we can agree to the terminology above then you were more correct than you know, since there is there is no license for use of Free Software distributed under the terms of the GPL to sell.
To be totally clear about what I just said; the GPL isn't a "software license" in the sense that many people think it is. The GPL is a software distribution license. It makes no demands on the user (unlike a EULA) except that they may not sue if they don't like the way the program works, or fails to work.
So again, there is no software license to sell. Thus, you are correct that selling licenses for unlicensed software is not a promising business model. That, however, has nothing to do with my original post.
-Peter
Maybe you ought to look at the post this was a reply-to-a-reply to, or even the post that you replied to.
You must smoke even more weed than me to have that much memory loss..
Blaming GW Bush for the Iraq war is like blaming Ronald McDonald for the poor quality of food.
How does selling something along with something you get for free drive down your margins?
s _Q12002.html. Maybe "making" was too strong a word. Made a profit in Q1 of '01.
Let's say that Red Hat and MS each sell an OS for $100. Each expects to spend $50 supporting it. RH has $15/copy (at expected distribution volume) invested in development, and MS has $30, since the write the whole thing from scratch.
Who has the larger margin?
Now, these are all made-up numbers, but I think that they are useful for illustration purposes. Can you make up a set of reasonable numbers to illustrate how bundling support and distribution of software that you largely get for free hurts your margin?
The way I explain that RH isn't making money hand over fist, but MS is is simple. Volume. I think that the reality is that RH spends something on the order of 1/10 what MS does on development, and has something like 1/1000 the (full price paid) distribution. So the numbers are more like 100/50/150 vs. 100/50/30.
Perhaps I was mistaken about Red Hat making a profit. I swear I read that somewhere. Ah, wait, here it is http://www.redhat.com/about/presscenter/2001/pres
OTOH, your $120 billion figure, if I'm not mistaken, is their peak market cap. Which is bullshit. Market cap is literally meaningless. It has nothing to do with actual money. Not money that they have, have spent, people have spent on them. Nothing.
That statement, combined with your statement that adding value by packaging and selling something that you get for free hurts the economy makes me question your grasp of economics.
Now, I know nothing about accounting, but my understanding of the English language leads me to believe that they had a quarterly loss of 17M in 2000 (and a somewhat higher loss in the same quarter of 2001). Which leads me to question your interpretation of any facts.
Finally, who said anything about "open source?" I'm talking about Free Software.
-Peter
The point of PGP was nobody used the command line interface. If I can't drag my keyring onto a window and have the program import it then I'm not fucking using it.
I'm a loner Dottie, a Rebel.
Sorry dude, try again. LSD doesn't cause any long term problems. What can cause long term problems is any tramautic situation
That's like saying that cars don't cause injury, getting into accidents in cars causes injury. True, but LSD puts the user into a state where they can become very agitated by even the most mundane of circumstances. It essentially creates traumatic situations.
LSD is not the demon drug that it has been labeled as, but having seen some friends take mental nose-dives on acid, that have lasted for months, I have to say that it's not exactly as safe as houses either. It's major saving grace is that it's not addictive. So, as long as you don't a) get locked into some "I need the drug to see the aliens" physchosis and b) don't use it as a gateway to other (addictive) drug use, it's easy enough to stop using it if there's a problem,and then seek help.
I think we're both basically on the same track here. I just don't belive in sugar-coating the dangers of mind-altering drugs of any kind (and I include drugs that doctors give out like candy without really understanding, here).