Re: [ESD-translators] privacy on the keyservers

[Tomas Stary]

Thanks Ineiev,

Ineiev:
> Hi, Tomas;
> 
> On Mon, Apr 09, 2018 at 10:45:57AM +0200, Tomas Stary wrote:
>>
>>> I have just thought more about the privacy on the keyservers.
>>>
>>> My worry is that when you sign keys of your friends and upload them to
>>> the keyserver, everyone now knows who do you communicate with.
> 
> It's up to you: if you don't want people upload your signatures
> on their keys, you don't send them their keys signed by you;
> if they don't want your signatures on their keys to show up
> on the keyservers, they don't upload the keys with your signatures
> you sent them.
> 

In my experience, my own key had appeared on the keyserver without me
doing any action. That was because one of my contacts has signed and
uploaded it. I could not have prevented it.

>>> On the other hand, if you sign keys of complete strangers (although you
>>> check their ID, access to the email), and they turn out to be evil, you
>>> might be associated with them.
>>>
>>> You might protect yourself against that by never uploading the keys to
>>> the keyserver, but then the network of trust is loosing the point.
> 
> Your signature doesn't mean any support for those people, it only
> means that you checked their identities (it may not mean even that
> when your policy allows signing random people's keys without
> any checks).
> 
> Again, it's up to you, you may not send your signatures to anybody
> if you think it's more important than building the Web of Trust (many
> people do).
> 

Ok, I take that.

>>> What is your view on that? Shouldn't that be more emphasized in the esd
>>> guide?
> 
> People may have extremely different opinions (for example, someone
> suggested uploading one's private keys in certain cases). ESD seems
> to recommend something more or less neutral.
> 
>>> Also, there doesn't seem to be a way to remove the key from the
>>> keyserver other than revoke the key.
> 
> No, even if you revoke the key, it stays on the keyservers (NB the plural).
> the system is append-only, for good reasons.
> 
>>> I'm not expert on that, but
>>> according the new European regulation GDPR, someone who stores private
>>> data must allow users to delete data about them.
> 
> Arguably, yes. some unwise and antisocial user made the maintainer
> of an Austrian keyserver shut it down, because keyservers don't
> allow removing data (other keyservers still store the same data
> in question).
> 
>> Other thought is that when I got my key uploaded on the keyserver it was
>> not because I did actively do it. Instead one of my contacts did it when
>> he synchronised his keys with the keyserver, i.e. I didn't gave an
>> explicit authorization for the upload.
> 
> Public keys are meant to be public, I think people just shouldn't rely on
> them being private.
> 

Ok. The issue is more with the personal information (name and email)
than the key itself. Then it might be recommendable to create a
pseudonymous identity if you are a dissident or whistleblower.

>> Perhaps there could be some information embedded in the key that says if
>> the upload to the keyserver is authorized, so that the keyserver rejects
>> the keys of the users who didn't authorised publication of their data.
> 
> I believe this isn't implementable: e.g. if some keyservers don't honour
> these flags, the keys would propagate between them, anyway.

>> Also, I'm aware, that the keys can be generated using pseudonyms and
>> anyone can upload a fake key to the keyserver, but still a lot of
>> private information about real people can be found there as well.
> 
> I don't think there is a lot of private information. most
> if not all of that information is really public.
> 

Arguably. I guess in some countries you might at least attract attention
to you, if you sign keys of dissidents.

signature.asc
Description: OpenPGP digital signature