[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ESD-translators] privacy on the keyservers
|
From: |
Tomas Stary |
|
Subject: |
Re: [ESD-translators] privacy on the keyservers |
|
Date: |
Mon, 9 Apr 2018 10:45:57 +0200 |
Other thought is that when I got my key uploaded on the keyserver it was
not because I did actively do it. Instead one of my contacts did it when
he synchronised his keys with the keyserver, i.e. I didn't gave an
explicit authorization for the upload.
Perhaps there could be some information embedded in the key that says if
the upload to the keyserver is authorized, so that the keyserver rejects
the keys of the users who didn't authorised publication of their data.
Also, I'm aware, that the keys can be generated using pseudonyms and
anyone can upload a fake key to the keyserver, but still a lot of
private information about real people can be found there as well.
T.
Tomas Stary:
> Hi,
>
> I have just thought more about the privacy on the keyservers.
>
> My worry is that when you sign keys of your friends and upload them to
> the keyserver, everyone now knows who do you communicate with.
>
> On the other hand, if you sign keys of complete strangers (although you
> check their ID, access to the email), and they turn out to be evil, you
> might be associated with them.
>
> You might protect yourself against that by never uploading the keys to
> the keyserver, but then the network of trust is loosing the point.
>
> What is your view on that? Shouldn't that be more emphasized in the esd
> guide?
>
> Also, there doesn't seem to be a way to remove the key from the
> keyserver other than revoke the key. I'm not expert on that, but
> according the new European regulation GDPR, someone who stores private
> data must allow users to delete data about them.
>
> Cheers,
> Tomas
>
signature.asc
Description: OpenPGP digital signature