gpg for anonymous users - Alternative to the web of trust?

adrelanos adrelanos at riseup.net
Fri Mar 29 15:38:30 CET 2013


Forlasanto:
> Pseudonyms are fine by me. I don't have a problem signing a pseudonym
> key. The pseudonym just has to have context that I can verify. For
> instance, if the claim is "Whonix signing key," then that tells me the
> way to verify the key is by checking the signature of various releases
> of Whonix. If there is a verifiable history of Whonix releases that are
> signed by the same key, then I can say "Yes, this key is owned by the
> entity that is signing Whonix releases." I'd have to verify this over an
> extended period of time, so that if the official website were hacked,
> the maintainer had time respond and raise a question about the
> legitimacy of the signing key.  But beyond that, I'm getting what I need
> to verify a pseudonym. He's not claiming that he's independent from all
> government agencies; he's claiming that he is the signer of the distro
> releases, period. I can live with that, assuming I took those simple few
> verification steps.
>
> I do the same with the key associated with this email address (and
> reddit user id). It is what it is: you can know without any real doubt
> that that key is truly associated with those accounts by doing a little
> research, and since I've made no further claims about the pseudonym,
> that's truly good enough.
>
> Claiming that a key is associated with an actual identity is a different
> story. In that case, I would be stating that the name on my key is my
> legal identity, which is quite a different claim with vastly different
> implications. Therefore, I expect such a key to be verified by, at the
> very least, picture identification. I have a friend who requires a
> notarized document stating that the key in question belongs to the
> person holding that identification. Not a bad plan, really; it uses a
> Notary Public to act as a sort of CA, and allows for signing keys that
> you may not have personally verifed. You just need to verify the
> signature of the Notary Public.

Agreed.

> Having said that, I don't believe a pseudonym can be truly anonymous.
> Humans leak information. It's in our nature. It takes insane measures
> that go directly against human nature simply to/minimize/ information
> leakage during communication, and it is impossible to prevent that
> information leakage /entirely./  A pseudonym is like a lock on a door.
> It only accomplishes keeping out people who don't know enough or care
> enough to pick the lock. They can be useful, but I can't recommend one
> for the purpose of anonymity. It goes back to that whole "security
> through obscurity" concept. It just doesn't work.

> All it takes is one
> person to "blow your cover."

There is no person who knows who is behind this identity/activity.

> The only real exceptions I can think of to
> that are impersonating someone else, and throwaway identities that you
> only use once.

> Ironically, forlasanto literally means, "one that is thrown away." It
> was originally intended to be a one-off, throwaway identity. But that
> just goes to prove my point: the fact that I chose an Esperanto
> pseudonym leaks a lot of information about me, and narrows the possible
> real identities for me down from 7 billion to about 5-7 million. That's
> a huge leak! The fact that my posts are in American English narrow it
> down even further--to maybe a few ten thousands. That's before a single
> post was read for it's content. See what I mean? We leak information
> like sieves.

> Another huge leak for keys is signatures. Who signed your key, and when?

Until now, no one, never.

> This alone can leak your true identity, and it's something you don't
> have effective control over.

> Forgive me for saying so, but for something as high-profile as a linux
> distro, using a pseudonym for signing the distro for the sake of
> anonymity doesn't sound like a great plan.

What's the alternative? Using my real identity? Does it make it any safer?

I am more interested in development and documentation rather than
building binaries, testing and uploading. Having deterministic builds
and/or some creditable individual or organization (such as eff) creating
binaries, signing an distributing more than welcome, but at the moment
there is no implication that someone will step forward.

>If^H^H^Hwhen someone cracks
> your identity, it will somewhat discredit you and your distro as far as
> being capable of maintaining anyone's anonymity.

It only proves I made a mistake and hopefully others can learn from it.

> Sorry for the text wall.

Thanks for the text.

> On 3/28/2013 5:56 AM, Peter Lebbing wrote:
>> On 27/03/13 22:15, Leo Gaspard wrote:
>>> until a lot of people verify and sign your public key.
>> People might be more inclined to sign the key when it says something like
>>
>> adrelanos (Whonix signing key) <adrelanos at riseup dot net>
>>
>> rather than without the comment.
>>
>> That way, their signature might mean: Yes, this is that key that
signs that
>> Linux distribution called Whonix. The UID conveys a bit more
information about
>> which adrelanos specifically we're talking here.
>>
>> That said, the whole problem with establishing a pseudonym and even
getting
>> signatures on such a key is difficult. With proper, real names, and most
>> importantly people you can meet face to face, it's reasonably
established how it
>> works. But with a pseudonym, it's completely different.
>>
>> So I'm just wildly spouting random suggestions actually. It's not
really well
>> thought through, but I wanted to point out this possibility.
>>
>> HTH,
>>
>> Peter.
>>
>
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users




More information about the Gnupg-users mailing list