#survey #keyservers #pgp #encryption
PART 3 OF THE KEYSERVER STUDY
(see Part 1 here: https://mastodon.ml/@Xeniax/114273355035626553)
QUESTION 3: WHY HAVE YOU STOPPED USING KEYSERVERS
#survey #keyservers #pgp #encryption
PART 3 OF THE KEYSERVER STUDY
(see Part 1 here: https://mastodon.ml/@Xeniax/114273355035626553)
QUESTION 3: WHY HAVE YOU STOPPED USING KEYSERVERS
Rant re: Signal Shills being dangerous Tech Illiterates
Everybody should learn how to use GPG.
If Privacy is outlawed...
Here's how you can stop them: https://t.co/8z8lI9eRDo
Important: GPG Key Revoked & Superseded!
yeah, #deltachat cares for #encryption #circumvention #proxy #pfs #securityaudits #pgp #zerotrust #securemessaging and the like ... but did you know next #iOS version will have ADAPTIVE ICONS!!!11!!ONE1!
"Willkommen zu unserem neuen Serviceangebot".
Wie sieht dieses Tolle Serviceangebot aus?
Ich bekomme einmal im Vierteljahr eine #unverschlüsselt.e #EMail, dass ich eine Nachricht in der #App habe. Ich öffne sie, gebe händisch mein Passwort ein, nur um dann irgendeinen #Spam zu lesen.
Wie kann man so extrem #PGP vermeiden wollen?? Und dabei die Nutzenden an #Google ketten, ungeprüften Code laufen lassen und das Gerät ausschnüffeln?
Schreibt bitte eurer #TK-Stelle, wenn euch das auch abfuckt.
If you've recently installed Thunderbird for Android and want to add PGP support, a new article from @ZDNet has you covered. (And seriously, it's a great article!)
https://www.zdnet.com/article/how-to-add-pgp-support-on-android-for-added-security-and-privacy/
I'm not sure if it's just me or if @GnuPG has become more complicated (not less) over time. Sometimes that's necessary, but as a security practitioner it seems like it's definitely got a bigger and better feature set than the original #PGP product, but at the same time can be harder to use.
A case in point in trying to create on-disk (as opposed to on-card) encryption and signature keys without having to leaving the master certificate (i.e. a signing key designated with just "C" instead of "SC") on disk. It's possible, but not well-documented IMHO.
Basically, you have to create FOUR (not the usual three) keys in a particular sequence, then back up your master certiificate key, and then delete the certificate key without accidentally deleting the subkeys. There's no simple command for doing any of this, so it's probably something I ought to blog about at some point.
Over at https://www.youtube.com/watch?v=0kcDBe6AkQE
#PRZ talks about the origins of #PGP - quite interesting stuff with some video material from the early 90ies
Meet oct-git, a new #OpenPGP signing and verification tool for use with the #Git distributed version control system:
https://crates.io/crates/openpgp-card-tool-git
oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys
It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)
Proton Mail automatically encrypts/decrypts messages between Proton Mail accounts via OpenPGP/PGP.
Proton Mail supports automatically encrypting/decrypting messages between Proton Mail accounts and external email accounts that support OpenPGP/PGP or GnuPG/GPG.
Instructions: https://proton.me/support/how-to-use-pgp
GnuPG: https://mastodon.online/@blueghost/111974048270035570
Website: https://proton.me
Mastodon: @protonprivacy
Last year, the @sovtechfund fund invited us, the Sequoia PGP Project, to join their new Bug Resilience Program.
Today, I'm pleased to announce that we are publicly launching our bug bounty program with rewards of up to €10,000 for novel, security-relevant issues in Sequoia applications, libraries, or specifications. #pgp
Pretty great for remote-specific GPG #git commit signing configuration, too!
I just released version 0.2.0 of https://crates.io/crates/rsop
#rsop is a "Stateless OpenPGP" CLI tool based on #rPGP.
This new version adds more support for handling passphrase-protected private key material, as well as handling of un-armored OpenPGP data.
See https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/ for more on SOP.
Regarding e-mail and privacy .... @protonmail and @Tutanota are honourable exceptions to your claim. All mails are stored encrypted with zero knowledge access for the service provider. Yes, e-mails in-transit with recipients not capable of #e2ee is the exception; plain-text mails can be captured in-transit.
And Proton Mail does PGP for you so easy you don't really need to think of it, even with non-Proton users capable of #PGP.
@evacide NO, YOU CANNOT USE @signalapp@mastodon.world WITHOUT A PHONE NUMBER!!! *
They still require a phone number as they still do restrict the functionality of their App based off the phone number given!
Also we've all seen that #centralized, #SingleVendor & #SingleProvider solutions are inherently bad - so why should anyone use #Signal over #XMPP+#OMEMO or XMPP+#PGP/MIME ???
#Signal, like every provider in the #USA, is subject to #CloudAct ** and will obviously hand over the #metadata they collected without legitimate interest if told to do so. ***
After all, clients like @monocles ' #monoclesChat **** make XMPP w/ OMEMO and PGP/MIME extremely user-friendly...
Im many juristictions, you cannot legally obtain an anonymous prepaid SIM legally! *****
- - -
Sources:
* https://social.tchncs.de/@kuketzblog/111968247576555678
** https://en.wikipedia.org/wiki/CLOUD_Act
*** https://web.archive.org/web/20220112020000/https://twitter.com/thegrugq/status/1085614812581715968
Did someone say encryption? Encryption helps protect the privacy of people you communicate with, and makes life difficult for bulk surveillance systems. Learn more with our Email Self Defense guide: https://u.fsf.org/1df #GPG #PGP #E2E #encryption