Unethical and still dodging the paying customers

cappsm's Avatar


24 Oct, 2019 04:03 PM

Guys - deleting a dissenting thread from PAYING customers is as unethical as it gets.

Seriously, you owe your PAYING customers answers - you made a commit, missed it and have provided no updates since missing the date.

Either address us here or address us in the media. Fair, warning, don't delete this thread again. Own up to being a company and engage your customers who are paying - very unethical behavior.

  1. 1 Posted by Mantas on 24 Oct, 2019 06:16 PM

    Mantas's Avatar

    Fair one :)
    UP & ping

  2. 2 Posted by Mario on 24 Oct, 2019 07:30 PM

    Mario's Avatar

    In that thread I was pointing out that probably Catalina support would require another purchase, as per their FAQ. It's sad that they are deleting comments.

  3. Support Staff 3 Posted by Luke Le on 24 Oct, 2019 07:57 PM

    Luke Le's Avatar

    Hi all,

    we are very sorry for the delay and the frustration this is causing.
    Unfortunately we are currently faced with a multitude of problems which result in GPG Mail for macOS Catalina not seeing the light of day yet. In addition since the last beta release of macOS Catalina, Apple has released 3 additional releases due to bugs included in the initial release. GPG Mail is not like most other software in that it is based on reverse-engineering which also means that we have to analyze each of these macOS releases carefully even though no API change might be visible at first.

    It's not our intention to not keep you up to date, but rather we are working around the clock to finally get this release out.

    We hope to have some better news for you very soon.

  4. 4 Posted by Arjan on 25 Oct, 2019 08:43 AM

    Arjan's Avatar

    I think that everybody (not necessarily people here in this thread, especially on Twitter) needs to calm their tits... The fact that we are paying customers is a fair point and indeed the team should be more open and transparant (done yesterday by Luke) about the current situation. Also bear in mind that having paying customers does not mean there is a 500+ FTE Inc behind the development.

    For all those panicing: your encrypted emails are still there. Just move the .asc file from the email to your desktop, open a terminal, cd Desktop <enter>, gpg filename.asc <enter> and voila the message is readable filename on your desktop. Please do not forget to safely delete the unencrypted file. The other way around: create a text on your desktop, from the terminal type "gpg -ea filename" type the user-id of the intended recipient, hit enter, confirm, hit enter again and you will end with filename.asc. You can now move that file as an attachment to the intended recipient, please check the contents of the new file to make sure it's an encrypted message (it should start with -----BEGIN PGP MESSAGE-----).

    Although I use the GPGTools on a daily basis and I agree with what has been said on preparing better for imminent macOS releases via the beta program, I also understand that for a small development team it's not that easy to have a new release available from day one. Under normal circumstances it's best to skip .zero releases of iOS and macOS and in fact of any major software package.

    If you want to run bleeding edge releases, be prepared to jump through a few hoops.

    Coffee, anyone?

  5. 5 Posted by Bjorn De Sutter on 28 Oct, 2019 10:27 AM

    Bjorn De Sutter's Avatar

    I don't agree at all with the suggestions about bleeding edge releases or waiting until the .1 releases. Such suggestions or advice go against best security practices. And surely a sizable fraction of the privacy-sensitive customers of GPG Suite cares about security, not?

    Once updates to a software product are released by a vendor, which include security fixes to many components of it, users simply need to upgrade ASAP. If they don't, they put themselves at risk because once the potential attackers have both unfixed and fixed versions of the components, they can easily reverse engineer the fixed issues and exploit them on not-yet-upgraded systems. This has been demonstrated in research, in some cases with fully automated exploit generation techniques, and in practice it gave rise to Patch Tuesday - Exploit Wednesday in the Windows ecosystem. There is no reason to believe that Macos is less vulnerable.

  6. 6 Posted by Usus on 28 Oct, 2019 11:51 AM

    Usus's Avatar


    All that you said It's true but It would be better and more mature if they would inform users BEFORE official Catalina was realised. They got our email's. Then there is another problem with informing people that by "next week" they can expect solution. I think you agree that after two or three weeks of work it's harder to make rollback to old system ...
    I switched from Linux to macOS to avoid such things, I guess I was wrong...

  7. 7 Posted by Frank Gemein on 30 Oct, 2019 09:22 AM

    Frank Gemein's Avatar

    Mr De Sutter, although I'm a bit annoyed by the delay and lack of information from the team too, I think, your statements are a bit over the top.
    No, it's not best practice to update to new release as soon as it's coming out. I frequently do myself, but it's not at all best practice. The high frequency of new patches arriving for catalina shows you why it's not.

    On the other hand there is no whatsoever reason to believe that the mojave version is left unsupported or more insecure than catalina is by now.

    To the gpgtools team: I know this business for quite some time and understand the impulse to duck away in such circumstances. But don't. You need one person responsible for the customers contact. That keeps the backs of the rest free.

    Just my 2 cents.


  8. 8 Posted by Yuriy on 30 Oct, 2019 10:20 AM

    Yuriy's Avatar

    The same here =(

  9. Support Staff 9 Posted by Steve on 30 Oct, 2019 10:35 AM

    Steve's Avatar

    Quick update: Trust me, we hear you and understand your frustration. We are now testing 10.15.1 and are checking if it breaks anything.

    I am sorry I don't have a test version to share yet. The discussions we linked with the 10.15 ticket will be the first to know once we have a first test version ready.

  10. 10 Posted by Arjan on 31 Oct, 2019 07:56 AM

    Arjan's Avatar

    @bjorn: if tot have an IT related job then I suggest to seek other career ambitions or educate yourself, you will find it beneficial.

    Upgrading ASAP to bleeding edge software is nót best security practice and you put your business are risk in terms of stability.

    I again suggest all to do “man gpg” in the terminal, calm yourselves, take medicaments if you must (praise Bercow, can I get an amen?) and carry on with your daily business.

  11. 11 Posted by FD on 31 Oct, 2019 08:44 AM

    FD's Avatar

    The US$23.90 payment will appear on your bank/card statement as:

    Question: GPG Mail Support Plan
    We pay for what ?

  12. 12 Posted by chris christiaa... on 31 Oct, 2019 08:53 AM

    chris christiaansz ungerer's Avatar

    " The US$23.90 payment will appear on your bank/card statement as:

    Question: GPG Mail Support Plan
    We pay for what ?

    I did this too and have had no reply to my email complaining.

    I do feel a little bit scammed.

  13. 13 Posted by dieter on 31 Oct, 2019 09:12 AM

    dieter's Avatar

    stop whining kids !

    let them do their job and do not keep them away from it by asking the same questions a 100 times.

    our whole business communication is based on gpg and because it is so critical we have tested it before upgrading everybody to Catalina. i'm fine with waiting until it has been completed.

    and btw.. we paid for it, because we all wanted them to work on getting the plugin working on the next macOS release... and that's what they do now... so what's the problem.. !?!

    unbelievable.. :-(

  14. 14 Posted by chris christiaa... on 31 Oct, 2019 09:16 AM

    chris christiaansz ungerer's Avatar

    No, sorry, collecting money for something that doesn’t work yet is not fair if you don’t make that clear.

  15. 15 Posted by dieter on 31 Oct, 2019 09:27 AM

    dieter's Avatar

    we paid on gpgtools for "High Sierra" ...which we got.. working !

    then we got a free upgrade for "Mojave" .. thank you for that !

    now we (possibly) will get a free upgrade for "Catalina" ...

    they are not "selling" GPG-tools "for Catalina". yet. no one can spend money on it for something which does not work !

    can you explain me what's not fair here ??

  16. 16 Posted by chris christiaa... on 31 Oct, 2019 09:30 AM

    chris christiaansz ungerer's Avatar

    Stop fucking insulting me. I am sixty-three years old so it is a bit rich to describe me as a “thing kid”.

  17. 17 Posted by dieter on 31 Oct, 2019 09:34 AM

    dieter's Avatar

    ah.. running out of arguments.. i see

    i'm 62 .. if people behave like kids, they are

  18. 18 Posted by chris christiaa... on 31 Oct, 2019 09:50 AM

    chris christiaansz ungerer's Avatar

    Not a good look Dieter. I would have been happy to wait for GPGTools to do this, but then make it clear that this is the situation and do not take money under false pretences. I will now tell MasterCard that I was scammed by you and demand my money back, thank you.

    Guten Tag

  19. 19 Posted by dieter on 31 Oct, 2019 09:59 AM

    dieter's Avatar

    just because i can feel the situation they're in, i'm not working for them.

    so telling MasterCard that you were scammed by "me" doesn't make much sense.

    relax grand-pa ( i'm grand-pa too ;-) )

  20. 20 Posted by chris christiaa... on 31 Oct, 2019 10:02 AM

    chris christiaansz ungerer's Avatar


    Ok, thanks.

  21. 21 Posted by Mr. S. on 31 Oct, 2019 11:56 AM

    Mr. S.'s Avatar

    Personally, I’m a bit surprised to see so many people freaking out and being angry, but I then again I completely understand why.
    GPGTools explained pretty clearly why they are still developing and not ready yet. Apple does not document all the internal changes they make to the Mail.app, so they have to reverse-engineer the changes to get it working again. Developing a Mail Extension is not magic that appears out of nowhere, they need to reverse-engineer, do testing, internal documentation, etc. which takes time.
    Also in case you didn’t know, this Catalina- and XCode-Beta-Cycle was very buggy and Apple made a lot of changes even in between the Betas, so it’s not easy to adjust the GPG-Mail to the new release.
    That being said, the lack of communication reminds me when GPGTools introduced the paid plan; again a huge lack of communication. Not communicating in over 3 weeks (at least on Twitter) makes people nervous and feel left behind without any knowledge what’s going on or when they can expect the new release to come out. I understand GPGTools is working as fast as they can, but neglecting to inform the people who support you with a support plan is not a good choice.

    So if you feel ignored and abandoned , I feel the same, but keep in mind that it was clear / to be expected GPGTools wouldn’t be ready on day one (though apparently not for everybody), they need more time than just a simple Swift UI App, and the Beta didn’t exactly make it easy. Also, updating on day one is not always a good choice and this decision should be made consciously, especially considering the many under-the-hood changes, the buggy Beta, and the fact that updating on day one is not a best practice.

    On the other hand, GPGTools, you REALLY need to work on your communication skills. When people pay for a support plan, the usually expect some kind of … support. A Tweet once a month is not enough. Do it every 4-7 days, keep us up-to-date, say where the difficulties are, what the expected release date is, what you are testing / developing / reverse-engineering. Say when you know that GPGTools is not going to be ready on day one beforehand. People want to know what’s going on and not hearing anything in weeks makes them feel scammed.
    Imho, there’s room for improvement on both sides.

  22. 22 Posted by luz on 02 Nov, 2019 11:42 AM

    luz's Avatar

    Oh no, please, not a kickstartereske discussion in the "I paid some money, so the world has to rotate around me, NOW" style :-(

    I regret the fact that small indie devs like the GPG folks constantly underestimate the importance of timely admitting problems and delays. It is a mistake, and it stirs a lot of anger as we can see above. No doubt.

    But everybody who has some software development experience will realize what actually happens in such a situation. You honestly thought your code was ok and you could release it "next week", and now you are spending day and night to debug a nasty bug that popped up. If you are in a larger company, there will be PR/marketing people who can inform customers in the meantime. However, if you are a indie dev, it would depend on you interrupting your code deep dives and craft calming forum posts instead. Yes, objectively this would still be the right thing to do, but it's hard! The quest of good engineers and coders is not talking about why something does not work, but to invest every last bit of energy into making it work.

    Every engineer should learn that hiding under the coding rock is a dangerous trap, business wise - but smart customer should be able to differentiate such a situation from intentional malice, too.
    For those who can't, please buy from large companies only - be assured those will provide you ample communication and well crafted excuses to tame your anger (but rarely an immediate solution, either) ;-)

  23. 23 Posted by martin on 02 Nov, 2019 09:16 PM

    martin's Avatar

    What are you talking about? Working day and night? Are you sure?
    I mean, it is conceivable, but then pushing the progress to github (https://github.com/GPGTools/GPGMail) in a catalina branch would be a perfect way to mitigate this shitstorm.
    It is not about that week. It is about the fact that it is extremely strange that nothing happened in that repo during the beta(s). Did you notice that there is a beta build opt-in in the settings? What about that? Nobody expects a perfect build in beta or day one. But any build at some point would have prevented this.
    Conveniently, issues are disabled for the above repo as well...

    Also note that GPGMail is not (L)GPL, so people may compile it, but nobody may fork and redistribute it (https://github.com/GPGTools/GPGMail/blob/mojave/LICENSE.txt).
    So picking it up and actually doing the work makes no sense beyond self-help.

    I am back to TB+Enigmail, let's hope other projects such as pEp eventually offer an alternative.

  24. 24 Posted by luz on 04 Nov, 2019 09:43 AM

    luz's Avatar

    @martin, you misunderstood my point. I'm not saying (because I can't know) how much the GPGmail devs can/do work at resolving their Mojave related issues. I guess you are right it's probably not "day and night" of their real time - but consider that this project can't be their day job, so it's probably squeezing out time besides other responsibilities.

    I agree with you that devs in this position should a) admit their limitations, b) make every effort to make ongoing work transparent. And clearly, the GPGMail folks missed these goals here.

    But I disagree that pushing out an immature beta would have been a good idea.
    If you know there are nasty problems in a build, you don't want to publish it - result will also be a shitstorm because far too many users install whatever they can get, without really being prepared to things going wrong, beta or not. Betas are good when your own testing looks fine, but you want to find bugs hidden in edge cases.

    My point was just fighting the "I paid, so I'm the king here now" attitude and the angry and insulting posts resulting from that.

    Regarding the license, I think you did not fully read it - it is in fact a 2 clause BSD license (far less strict than GPL) with the only extra limitation that you may not use names of the original GPGMail contributors to promote or endorse derived versions. So anyone could fork, improve and redistribute, even for money.

  25. 25 Posted by Frank on 05 Nov, 2019 10:57 AM

    Frank's Avatar

    Whatever the reasons for the angryness are, the truth matter of fact is that the developers do not communicate clearly (e.g. a twitter message about the current status and a possible timeline, a clear message on front of GPGSuite Website such as "Important Catalina Notice" or "Status Catalina Compatibility"), they try to hide or ignore that a lot of users are already angry (see: deleting forum entries unless people calling that "unethical") and, honestly, such a communication is done in 15min and can be updated frequently with almost no efforts (max. 5-10min). This would mitigate a possible shitstorm. It is inacceptable how they behave esp. when it comes to communication with paid customers. Transparency is crucial here. There are a lot of indi devs that get such communicaton right. Even GPGSuite should have learned from experience in this matter (see here: https://gpgtools.org/open-letter). And finally they forget that they offer a service for people that may are not very technicans, but still rely on GPG (such as journalists in crisis regions) and GPG is a crucial part of their own safety. Howeer, I agree that pushing out immature versions is a bad idea.

  26. Support Staff 26 Posted by Steve on 12 Nov, 2019 02:48 AM

    Steve's Avatar

    Hi all,

    we wanted to get you up to date in regards to GPG Mail for macOS Catalina:

    GPG Suite 2019.2 is very close to being complete and ready for public release and here is Release Candidate 2 of GPG Suite 2019.2 including GPG Mail 4 which adds macOS 10.15 compatibility.

    Once GPG Suite 2019.2 is publically released, you will automatically be notified. Just make sure that update checks are enabled in System Preferences › GPG Suite.

    We are very sorry that this release took longer than we had anticipated.

    Kind regards,

  27. 27 Posted by Arjan on 12 Nov, 2019 08:33 AM

    Arjan's Avatar

    And it's a paid update...?

  28. 28 Posted by christoph on 12 Nov, 2019 09:39 AM

    christoph's Avatar

    ~Is there anything you must configure to be able to enable the plugin on Apple Mail again? After installation opening the Mail client encrypted mails are not decrypted and no GPG options are available. (macOS Catalina 10.15.1)~ My mistake, missed the plugin activation

  29. 29 Posted by dieter on 12 Nov, 2019 09:44 AM

    dieter's Avatar

    make sure the plugin is enabled in Mail->preferences->general->manage plugins
    (restart of mail required)

    also make sure you have a public/secret key pair for you installed. otherwise the 2 buttons (encrypt/sign) will not show up.

    just run through that on my catalina test system ;-)

  30. 30 Posted by evgheni on 12 Nov, 2019 09:52 AM

    evgheni's Avatar

    This comment was split into a new private discussion: Unethical and still dodging the paying customers

    Pardon, we have to wait for several weeks, because you didn't prepare the update as soon as alpha and beta of Catalina was there. Exactly for this work we paid with our subscriptions and now when you finally release non-free ALPHA???

    guys ALPHA is meant for testing and you get free tester here, this should be free and not paid version

    @all just buy S-MIME Certificate, and import it in your keychain.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac