David's findings

[Robert J. Hansen]

> Both the religion (not sure why this was counted as two 'misses')

You phrased it in your email to me as two sentences, and I was cutting back and forth between reading your email and composing the email to the list.  "Bullet point: raised Methodist, no, Episcopal," cut over to the compose window, go back, "Bullet point: no, I am not at present a Methodist," cut over to the compose window, etc.

It's not my intent for those bullet points to be read as any kind of a score.  That would be giving the appearance of a rigor I don't think this test possesses.  :)  The results are interesting, but not rigorous.

> It means the attacker can attack more people, pay less for each attack, and be less trained.  A piece of information that can be reached via multiple different paths is also more likely to be found than information that can only be reached via one.

Be less trained, yes.  However, I think my example of how doing those same tasks using pretty obvious Google searches shows that the threshold of difficulty is already quite low.  The information is out there, and people who keep their keys off the keyservers because they want to preserve their privacy need to realize they're not fighting a losing battle -- they've already lost.

> I don't believe I would have been able to find out the vehicle color, age of the house, or one of the names without the hints provided by the key data, or at least not within the 30 minute window.

I disagree, but beyond that I can't comment.  It's no longer my privacy, but my parents'.