The aim of this article is very clear right from the start: to convince the readers not to use PGP. To do so, the authors enumerate a long list of criticisms that are not new. Reading this offers a argumentative recap of established criticisms of PGP. In this article, PGP refers both to the IETF standard and its implementations (although the authors only mention GnuPG). I just quote some points the authors address, without making a stand (not my role):
Some of these points are really not new. Long-term secrets and forward secrecy were for instance addressed in 2004 in a publication that present OTR as a counterpoint of PGP. In addition, Matthew Green and Moxie Marlinspike also mentionned similar criticisms about forward secrecy, and most importantly complexity in respectively 2013 and 2015. Common controversies about one of theses issues (especially about difficulties to correctly use GnuPG and to choose the right algorithms among different communities like the GnuPG-users mailing list).
But interestingly, he also says:
The point is not to avoid the gpg tool, but the PGP key management model.
This is a very subtle nuance he brings. He doesn't give up on PGP because of the strength of its crypto schemes, but because of its key management model.
The author of this article did a pretty good job of centralizing many different elements of the history of end-to-end encrypted communication system. He situates the history of PGP among a broader history of communication systems over the Internet. However, it is a biaised history, as he does not present new developments and implementations of the program (such as the Sequoia projet, the Pretty Easy Privacy project, or many email providers that have native PGP support (ProtonMail, Mailfence, etc.). The criticisms he formulates about PGP are somehow very classical: he quotes, among others, the 2004 OTR article, Green's 2013 "What's the matter with pgp?", Valsorda's 2016 "I'm giving up on PGP", and Lactora's 2019 "PGP Problem", which present well-developed criticisms about PGP. Here's are the most important ones that the article mentions:
About this last point, it is interesting to note that when Efail was disclosed, in May 2018, many people, among others journalists, complained that this disclosure was putting them at risk and many voices from the infosec community criticized the disclosure process because of this. There is thus an obvious contradiction that would be interesting to dig into.
In general, the defenders' opinions do not appear in this article.
The author of this history also ignores the fact that much work is being done on the standard specification (see the openpgp-wg/rfc4880bis repository on gitlab) and many emerging projects have come into light (Sequioa, keys.openpgp.org, Pretty Easy Privacy, and so on).