me a long time ago and so many people: wait there is no way to delete anything from pgp keyservers ever, including real names (of course deadnames), email-addresses and photos, what is wrong with you people and in what world do you live in

pgp: it's a feature

people: *exploit that for evil in an obvious attack*

pgp: [surprised pikachu]

and really "it's not technically possible" means "no one implemented it before and it's all so messily abandoned no one really wants to", it would be totally possible to add an authenticated, mostly empty, "deleted key" entry that would let keyservers purge matching keys and propagate the deletion, or something

Show thread

Since the advent of email, internet technologies were designed with too much naivety and too little protection against abuse.

@rick_777 yeah

it feels weird just to think some people don't have to associate "using your real name on the internet" with a serious risk to their lives

@CobaltVelvet // well, technically keyservers are the first true blockchains, but it applies a form of reverse-anthropologism to individuals: it wants people to act as dehumanized piece of hardware, like "don't hide, mask or duplicate yourself or you'll ruin the web (of trust) we're building all together".

// Secure IT is both a tool of empowerment and slavery. it's just how you design and expect it to act that defines the whole goal.

@3D63 yes but also it's an implementation detail, the dataset itself (the wot) is a big graph and can be managed as one, so we could rather easily remove data

but really i'm against it as a whole, an entirely public wot has so many issues inherent to it

@CobaltVelvet // frankly, I though updating your key, revocating enough datas nor altering things could already be enough, the recent attack showed me it's not.

// but I also never was fond of of those FOSS keysigning party where national IDs are praised and valued as the only part of defining an individual as one.

@CobaltVelvet // I used to teach people that PGP is a powerful tool (as in "equally useful and dangerous") and how to protect your different fields, hobbies, "lifes" from the start.

// the kind of knowledge no one could guess without evident trials and errors and that should be spread to the most.

@CobaltVelvet I wouldn't trivialize this whole thing. For one, SKS keyservers are not an integral part of PGP. It's a convenient service with a lot of drawbacks that were understood, but nobody cared enough to counter it. Second, this was seen as a transparency requirement same as TLS certificate transparency today. If you get a certificate for today, you can never delete it from the records.

@CobaltVelvet transparency is a double-edged sword with no handle -- it will hurt someone who does not handle it with extreme care.

@monsieuricon i'll trivialize it as i want tbh. it is a convenient service, and also a very dangerous very limited badly designed ancient technology that users love to describe as near-perfection and "the only way". and it applies to both the keyservers, and gpg itself, for so many different reasons each

@monsieuricon also more on that, cert transparency has a use that is directly caused by the PKI and relying on CAs, which does not apply to PGP and keyservers. You don't have to worry about multiple CA issuing certs for a domain in PGP, or an e-mail address or a name for that matter.

*and* pgp keys typically contain much more information, including personal information, and associations between people and identities. i don't want that public and i wouldn't advise making it so.

@CobaltVelvet PGP keys themselves only contain subkeys, and references to other keys that signed them. You don't have to attach a real UID to a key if you don't want to. Every other system that claims to do it "better" than PGP either relies on some central delegation authority or has exact same failings as PGP, because the problem of delegating trust is impossible to achieve in a way that would be both truly decentralized and usable by non-privacy-nerds.

@monsieuricon so the idea is that the privacy failings of a public web of trust is required to making something usable by non-privacy-nerds? i'm not convinced, and i'd say pgp is already pretty unusable by most people, and it has very little to do with having a public wot, if anything it makes the experience worse.

how big, exploitable, and spammable, does the public wot has to be for people to think that maybe privacy is important and should be the default

@monsieuricon i mean i agree that you don't *have to* put private data on keyservers, but software and practical situation often does ask you to, and require you to. doing so is recommended by convention. and most of the time there is no mention that if you push it, that label won't be under your control anymore.

i think you dont have to be a privacy nerd to be scared of "your real name, e-mail address, and username will be permanently publicly linked", especially if you are told after the fact

@CobaltVelvet sure, I fully agree. This is the thinking that originated in the early 90s when the internet belonged to techno-nerds. If you'd told them of the implications that seem obvious today you'd be waved off as a doomsday nut. The defaults are changing with newer releases of PGP where the WoT is largely ceding to web key directories, but we aren't solving the problem of delegating trust without central authorities, unfortunately. We're admitting defeat.

@CobaltVelvet wait until people find out that the same problem with ssb is actually a problem

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!