mastodon.zunda.ninja is one of the many independent Mastodon servers you can use to participate in the fediverse.
Zundon is a single user instance as home of @zundan as well as a test bed for changes of the code.

Administered by:

Server stats:

1
active users

#pgp

0 posts0 participants0 posts today
Continued thread

#survey #keyservers #pgp #encryption

PART 3 OF THE KEYSERVER STUDY

(see Part 1 here: mastodon.ml/@Xeniax/1142733550)

❓QUESTION 3: WHY HAVE YOU STOPPED USING KEYSERVERS

Mastodon.mlxeniax ⏚ (@Xeniax@mastodon.ml)Dear Fedi friends. I want to make a short #survey to understand who actively uses #keyservers today. I am interested in understanding the meaning and the value that people attribute to keyservers nowadays, and the shift in perceptions of email #encryption 🔑🔒 📊 I will be making several polls (follow the thread!) 💌 I also would be happy if some of you agree to talk with me more in depth over an e2ee encrypted channel of your choice, no need to make a call, just messages are enough 👾 Feel free to share the polls and reach out in comments if you can and want to be part of this study. 👩🏽‍🎓 If this ever leads to any kind of publication, I will be following the standard ethical protocol adopted in the academic research community, which is to 1. ask informed consent for quoting; 2. quoting anonymously by default, unless the person wants to be named and 3. right to withdraw from the study even after responding to the questions QUESTION 1: DO YOU USE KEYSERVERS? [ ] Yes, actively (at least twice a month) [ ] Yes, sometimes (at least once every 2-3 months) [ ] I have used keyservers in the past but not anymore [ ] I have never used keyservers
Continued thread

"Willkommen zu unserem neuen Serviceangebot".

Wie sieht dieses Tolle Serviceangebot aus?

Ich bekomme einmal im Vierteljahr eine #unverschlüsselt.e #EMail, dass ich eine Nachricht in der #App habe. Ich öffne sie, gebe händisch mein Passwort ein, nur um dann irgendeinen #Spam zu lesen.

Wie kann man so extrem #PGP vermeiden wollen?? Und dabei die Nutzenden an #Google ketten, ungeprüften Code laufen lassen und das Gerät ausschnüffeln?

Schreibt bitte eurer #TK-Stelle, wenn euch das auch abfuckt.

I'm not sure if it's just me or if @GnuPG has become more complicated (not less) over time. Sometimes that's necessary, but as a security practitioner it seems like it's definitely got a bigger and better feature set than the original #PGP product, but at the same time can be harder to use.

A case in point in trying to create on-disk (as opposed to on-card) encryption and signature keys without having to leaving the master certificate (i.e. a signing key designated with just "C" instead of "SC") on disk. It's possible, but not well-documented IMHO.

Basically, you have to create FOUR (not the usual three) keys in a particular sequence, then back up your master certiificate key, and then delete the certificate key without accidentally deleting the subkeys. There's no simple command for doing any of this, so it's probably something I ought to blog about at some point.

Meet oct-git, a new #OpenPGP signing and verification tool for use with the #Git distributed version control system:

crates.io/crates/openpgp-card- 🦀

oct-git focuses exclusively on ergonomic use with OpenPGP card-based signing keys

It is designed to be easy to set up, standalone (no long running processes), and entirely hands-off to use (no repeated PIN entry required, by default). It comes with desktop notifications for touch confirmation (if required)

crates.iocrates.io: Rust Package Registry
#RustLang#PGP#GnuPG

Proton Mail automatically encrypts/decrypts messages between Proton Mail accounts via OpenPGP/PGP.

Proton Mail supports automatically encrypting/decrypting messages between Proton Mail accounts and external email accounts that support OpenPGP/PGP or GnuPG/GPG.

Instructions: proton.me/support/how-to-use-p
GnuPG: mastodon.online/@blueghost/111

Website: proton.me
Mastodon: @protonprivacy

Last year, the @sovtechfund fund invited us, the Sequoia PGP Project, to join their new Bug Resilience Program.

Today, I'm pleased to announce that we are publicly launching our bug bounty program with rewards of up to €10,000 for novel, security-relevant issues in Sequoia applications, libraries, or specifications. #pgp

sequoia-pgp.org/blog/2024/04/1

sequoia-pgp.orgSequoia PGP gets a Bug Bounty ProgramSequoia is a modular OpenPGP implementation in Rust.
Replied in thread

@proprietor

Regarding e-mail and privacy .... @protonmail and @Tutanota are honourable exceptions to your claim. All mails are stored encrypted with zero knowledge access for the service provider. Yes, e-mails in-transit with recipients not capable of #e2ee is the exception; plain-text mails can be captured in-transit.

And Proton Mail does PGP for you so easy you don't really need to think of it, even with non-Proton users capable of #PGP.

@evacide NO, YOU CANNOT USE @signalapp@mastodon.world WITHOUT A PHONE NUMBER!!! *

They still require a phone number as they still do restrict the functionality of their App based off the phone number given!

Also we've all seen that #centralized, #SingleVendor & #SingleProvider solutions are inherently bad - so why should anyone use #Signal over #XMPP+#OMEMO or XMPP+#PGP/MIME ???

#Signal, like every provider in the #USA, is subject to #CloudAct ** and will obviously hand over the #metadata they collected without legitimate interest if told to do so. ***

After all, clients like @monocles ' #monoclesChat **** make XMPP w/ OMEMO and PGP/MIME extremely user-friendly...

Im many juristictions, you cannot legally obtain an anonymous prepaid SIM legally! *****


- - -

Sources:

* social.tchncs.de/@kuketzblog/1

** en.wikipedia.org/wiki/CLOUD_Ac

*** web.archive.org/web/2022011202

**** f-droid.org/en/packages/de.mon

*****
infosec.space/@kkarhan/1119683

MastodonMike Kuketz 🛡 (@kuketzblog@social.tchncs.de)In der neuen Beta von Signal können jetzt Benutzernamen verwendet werden. Die Telefonnummer (als interner Identifier) wird dadurch allerdings nicht abgelöst. Bedeutet: Auch in Zukunft ist die Telefonnummer für die Nutzung von Signal erforderlich. Man muss diese nur nicht mehr jedem Chat-Teilnehmer verraten. 👇 https://signal.org/blog/phone-number-privacy-usernames/ #signal #messenger #telefonnummer #benutzername #datenschutz #privatsphare