# Using the OTR plugin with Pidgin for verifying GPG public key fingerprints

Robert J. Hansen rjh at sixdemonbag.org
Sun Mar 14 08:49:05 CET 2010

```On 3/14/10 1:52 AM, erythrocyte wrote:
> From my understanding, the probabilities calculated give you
> random error. That is "given a population of 4 people, there is a
> 68.4% chance that there would >=1 failures purely by random effects
> regardless of what actions they may or may not take to influence their
> chances of making a mistake" .

No.  "Given a population of four inspectors, there is a 68% chance of
one or more failures *due to their actions, inactions and random chance*."

Think about a busy street.  If there's a 50% chance of a pedestrian in
the crosswalk getting turned into a new decoration on the front grill of
the cross-town bus, that doesn't mean you should put on a blindfold
before stepping out on the street.  That would just be crazy.  Yet, if
the likelihood is 50% "regardless of what actions they may or may not
take to influence their chances of making a mistake," then not only is
it not crazy to put on a blindfold -- why not put on an iPod, too?

> These calculations do not give you the effects of systematic error or
> bias. Systematic error would be what you're referring to. That can be
> different.

Yes.  But so far you've failed to even present the *normal* Type II
error rate.  I'm willing to stipulate a very high normal Type II error
rate, but if you want me to believe there's a systemic Type II problem
I'm going to need to see citations.

> Of course, all of this gives us a picture of the average chances of
> error. When it comes to individual people, like you and I, we are not
> averages.

Of course we are.  That's the entire point of statistics.  If I know the
average IQ is 100, and the standard deviation is 16 points, then if I
pull a random person out of a hat I'm about 95% likely they score
between an 84 and a 116.

Nicholas Taleb (a pretty well-respected statistician and epistemologist)
divides the world into Mediocristan and Extremistan.  In Mediocristan,
the law of averages dominates.  In Extremistan, the bell curve exists
but its tails are so bizarrely shaped that many statistical tools fail.

Independent error is Mediocristan.  Systemic error tends to lead to
Extremistan.  Independent errors are highly predictable and can be
accounted for.  Systemic error destroys independence, and the entire
system comes off the rails shortly thereafter.

I'm willing to posit independent error here, and even a really high rate
of independent error: but before I say "document inspections are in the
land of Extremistan," I'm going to need to see some numbers backing that up.

> And I might add that all of this also depends on what your perspective
> is. I for one did not envision a scenario where Alan and Bill from
> your example, would discuss their ruminations with each other.

Err -- why wouldn't they?

This is a keysigning party.  It is in everyone's best interests to
accept all good IDs.  If I see an ID that I believe is false, then it is
in my own best interests to bring it to the attention of everyone.  If I
reject an ID incorrectly and refuse to sign, then I am damaging my own
standing in the Web of Trust.

> Or *incompetent*, *stupid*, *lazy*, *not learned*, *unsure*,
> *unaware*, etc. It could be any combination of the above :-) .

You keep on inventing ever-more new and exotic ways to suggest systemic
bias, without ever giving numbers supporting the claim.

If *everyone* is incompetent, stupid, lazy, unsure or unaware, then yes,
you've got a really interesting keysigning party (in the "may you live
in interesting times" sense of the phrase) and I suggest getting out of
there as soon as possible.  But that's a stretch I'm simply not willing
to grant you.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5598 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20100314/9ce846e6/attachment.bin>
```