Yeah, those are bigger issues. It’s still easier to find people who’re using PGP than your specific email provider, though. Your friend using gmail can use pgp via a client.

I’ve heard of the exploits, but the ones I’ve heard of do typically require the hackers/whatever to have the emails (either via intercepting them as they’re traveling, or getting them from the server), then injecting some HTML, then emailing the emails back to you to trick the server/client to sending the unencrypted emails back? While I don’t use email for much, and my threat model involves much more “Google” than “The government”, I’m not sure how much of a concern this would be for people who’s threat model isn’t that high?

(Admittedly this is also the first I’m hearing of the exploits. I don’t tend to use PGP for my emails, since I don’t send that many emails anyway)