[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ESD-translators] privacy on the keyservers

From: Tomas Stary
Subject: Re: [ESD-translators] privacy on the keyservers
Date: Wed, 11 Apr 2018 12:53:33 +0200

Thanks Ineiev,

> Hi, Tomas;
> On Mon, Apr 09, 2018 at 10:45:57AM +0200, Tomas Stary wrote:
>>> I have just thought more about the privacy on the keyservers.
>>> My worry is that when you sign keys of your friends and upload them to
>>> the keyserver, everyone now knows who do you communicate with.
> It's up to you: if you don't want people upload your signatures
> on their keys, you don't send them their keys signed by you;
> if they don't want your signatures on their keys to show up
> on the keyservers, they don't upload the keys with your signatures
> you sent them.

In my experience, my own key had appeared on the keyserver without me
doing any action. That was because one of my contacts has signed and
uploaded it. I could not have prevented it.

>>> On the other hand, if you sign keys of complete strangers (although you
>>> check their ID, access to the email), and they turn out to be evil, you
>>> might be associated with them.
>>> You might protect yourself against that by never uploading the keys to
>>> the keyserver, but then the network of trust is loosing the point.
> Your signature doesn't mean any support for those people, it only
> means that you checked their identities (it may not mean even that
> when your policy allows signing random people's keys without
> any checks).
> Again, it's up to you, you may not send your signatures to anybody
> if you think it's more important than building the Web of Trust (many
> people do).

Ok, I take that.

>>> What is your view on that? Shouldn't that be more emphasized in the esd
>>> guide?
> People may have extremely different opinions (for example, someone
> suggested uploading one's private keys in certain cases). ESD seems
> to recommend something more or less neutral.
>>> Also, there doesn't seem to be a way to remove the key from the
>>> keyserver other than revoke the key.
> No, even if you revoke the key, it stays on the keyservers (NB the plural).
> the system is append-only, for good reasons.
>>> I'm not expert on that, but
>>> according the new European regulation GDPR, someone who stores private
>>> data must allow users to delete data about them.
> Arguably, yes. some unwise and antisocial user made the maintainer
> of an Austrian keyserver shut it down, because keyservers don't
> allow removing data (other keyservers still store the same data
> in question).
>> Other thought is that when I got my key uploaded on the keyserver it was
>> not because I did actively do it. Instead one of my contacts did it when
>> he synchronised his keys with the keyserver, i.e. I didn't gave an
>> explicit authorization for the upload.
> Public keys are meant to be public, I think people just shouldn't rely on
> them being private.

Ok. The issue is more with the personal information (name and email)
than the key itself. Then it might be recommendable to create a
pseudonymous identity if you are a dissident or whistleblower.

>> Perhaps there could be some information embedded in the key that says if
>> the upload to the keyserver is authorized, so that the keyserver rejects
>> the keys of the users who didn't authorised publication of their data.
> I believe this isn't implementable: e.g. if some keyservers don't honour
> these flags, the keys would propagate between them, anyway.

>> Also, I'm aware, that the keys can be generated using pseudonyms and
>> anyone can upload a fake key to the keyserver, but still a lot of
>> private information about real people can be found there as well.
> I don't think there is a lot of private information. most
> if not all of that information is really public.

Arguably. I guess in some countries you might at least attract attention
to you, if you sign keys of dissidents.

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]