Warum es gut ist, alle Mails zu verschlüsseln? Falls mal Bayerns Polizei Website und Mailserver beschlagnahmt.
Festplatte verschlüsseln auch gut - falls die Polizei morgens anklopft. #PGP#Verschlüsselung#Hausdurchsuchung#KriminelleVereinigung
I've read a lot of complaints about #PGP recently. Apparently it's obsolete, ill-designed, unsecure… But no one is able to tell me what I'm supposed to use instead. Rants talk about half a dozen experimental tools that do a fraction of what PGP does and aren't supported anywhere. Not helping.
If you want to change the game, start by providing a solution.
looking for some #pgp advice. i updated my key several years ago with some email aliases, but now i want it to be more authoritative. is the best option to deprecate the old key and start a new one, or is there a way to invalidate some of the aliases?
I'll be giving a talk at 19.00 this evening (Wednesday, May 24) in Zurich at CCCZH@Bitwäscherei: "Sequoia PGP: Pretty Good Public Key Infrastructure" on #pgp, web of trust, and the tools we are building to make authentication easier. A screenshot below. (Come a bit earlier as the entrance is hard to find.) https://www.ccczh.ch/hackerspace/
In dem Blogpost hat sich @yossarian die Signaturen von PyPI-Paketen angeschaut.
Ergebnis: schlimmer als nutzlos
Schlüssel nicht erhältlich, Signatur längst abgelaufen etc. Wenn ihr euch mal gruseln wollt, lest den Beitrag. #PGP#PyPI#Python
Holy shit, @protonmail just doubled my base storage to six terabytes for #ProtonMail, #ProtonDrive, etc. I’m only using a little over 16 GB.
Granted I’ve been a paid subscriber since the summer of 2016 (first on their Plus plan, then on Visionary starting the following year). But this is ridiculous.
@arstechnica yes, password-protected zip files are just an illusion of privacy.
In fact, these researchers were not using them for privacy, but as a way of sending malware samples to each-other without being stopped by the malware scanners.
What I don't understand is why so many banks and financial institutions are so fond of them. They keep sending sensitive information via email on password-protected zip files where the password is your ID or your birthday... 🙄
Proper end-to-end encryption has been around for decades. 🤷♂️
Those of you who use PGP for email, do you typically generate a sign and an encrypt RSA subkey - and use those? Or what's the best practice?
Wanting to publish my PGP public key on my profile and website and start rocking that far more aggressively, but don't want to do stuff less-than-ideal and then have to change and re-publish keys again later and etc.
Hey #security minded bubble, I vaguely remember there were more open versions of keybase, but I can't remember the name, does anybody know what I'm talking about?
There's this attitude that Mastodon does everything perfectly when it comes to combating racism, harassment, and other problems, which I find somewhat strange.
Mastodon does well, for example, in enabling server level blocks and defederation and the ability to import (hopefully curated) block lists from other users, although the latter functionality is not obvious to many people.
The number of severs, admins, and moderators also contributes to better human level attention of moderation issues.
@gwynnion This point applies to just about any social media platform. Do you think Twitter/Instagram DMs are not visible to Twitter or Instagram owners? Or that messages you send in Facebook Messenger are invisible to Meta and it's advertising and data collecting machine? Have we so easily forgotten the entire Cambridge Analytica scandal and how large corporations use the data on the social platforms (including private messages) in order to target you with advertising or social campaigns?
It's great that you brought this up in discussion, this just shows the need for everyone to jump ship to a trully private, secure and end-to-end encrypted messenger solution.
There's #Signal which is really easy to set up and use. All you need is a phone number and you're done. #Telegram also encrypts your messages if you use the private chatrooms, and you can also set your phone number to be hidden, and use a user ID instead for searchability. Want even more security and descentralization as well? there is #Matrix and @joinjabber that allow you to pick any server and client of your choosing (Matrix encrypts all your messages by default, on XMPP there is a thing called OMEMO which is server and client (or app) dependent - more details here).
Or you can just create a #PGP key and encrypt the text you want to send on Mastodon like that.
I know it all sounds too complicated for the average folk, on one side, but on the other, if we do not understand technology, it's limitations and it's capabilities, we will never get to use it to full potential.
I put my XMPP address in my profile on this purpose - you can see it if you click on the 3 dots menu while in my profile, then "open original page".
RPM uses OpenPGP to protect software updates. In the fall of 2022, it switched from using its own internal OpenPGP implementation to Sequoia. Last week, Fedora 38 was released with a version of RPM that uses Sequoia. I've written about the 1.5 year journey in a blog post.
I haven't tested Bluesky but I can say that if Mastodon wants to stay competitive (and I hope it does), it needs to address SEARCH & SURFACING fast.
The first open-protocol network that enables news and fast breaking events to surface easily and with functional search will win the market. You'll see journos, sports, etc. migrate to the platform that gives them that visibility.
There is a window of opportunity here but it doesn't stay open long.
Many of the reasons described in the #letsEncrypt forum are true, which does not mean S/MIME is impossible to fix or use.
There is native support for S/MIME in many email clients both desktop and mobile/tablet, including most of the 'stock' clients installed by default in most of the devices, so this is not an issue.
I think the big problems are basically 2:
1.- Having a throwaway key and certificate every 30 days (as we do with Letsencrypt SSL/TLS) is very inconvenient because we would need to keep a long collection of them in order access old messages.
2.- People access their email from multiple devices, so syncing the private key securely across all of them becomes a challenge.
For the tech savvy, both problems are manageable:
1.- You can get a free S/MIME certificate from #Actalis valid for 1 year here:
Please read a very important reply to this post by @duxsco pointing out to the insecurity of the Actalis certificate, and providing a secure but not free alternative.
2.- You can manually add this certificate to all your devices and keep an encrypted/secure repository with all your old keys and certificates in case you need to access your archived email.
I've been doing exactly that for years and it is just fine for signing my email.
IMHO for 'fixing' the whole signing and encryption of emails, #OpenPGP is conceptually closer to be a more consistent solution, and I use it with everyone who understands it, but I have to admit that the ecosystems is far less ready than for S/MIME (you will need to use specialised apps or installed plugins, etc.), Thunderbird being a shining exception.
PGP has several very powerful advantages:
1.- You don't need a CA for the sole purpose of generating your keys.
2.- You can use the same keys for many years.
3.- People who really trust each other can sign each other's keys creating a web-of-trust.
4.- There is a free network of keyservers where you can upload your public keys and make them available to everyone.
5.- Most people these days have their own website, blog or social media account where they can publish their public keys for cases when they distrust the public servers. They can manually exchange them too.
In the long run I believe we should promote the adoption of OpenPGP instead of S/MIME, with more people using it, native support should follow.
I am not an expert though, so I'd love to hear from others too. 😊
It is so nice to finally have my whole company as well as my personal computers on hardware encryption, pgp key enabled, password store behibd pgp key, yubikey based pgp card, and ssh key using my pgp key through yubikey.
Other than being more secure it also means i dont need to backup my ssh keys or password store credentials, its all reproducable from my pgp keys.