gpg for anonymous users - Alternative to the web of trust?

Forlasanto forlasanto at gmail.com
Fri Mar 29 06:06:33 CET 2013


Pseudonyms are fine by me. I don't have a problem signing a pseudonym
key. The pseudonym just has to have context that I can verify. For
instance, if the claim is "Whonix signing key," then that tells me the
way to verify the key is by checking the signature of various releases
of Whonix. If there is a verifiable history of Whonix releases that are
signed by the same key, then I can say "Yes, this key is owned by the
entity that is signing Whonix releases." I'd have to verify this over an
extended period of time, so that if the official website were hacked,
the maintainer had time respond and raise a question about the
legitimacy of the signing key.  But beyond that, I'm getting what I need
to verify a pseudonym. He's not claiming that he's independent from all
government agencies; he's claiming that he is the signer of the distro
releases, period. I can live with that, assuming I took those simple few
verification steps.

I do the same with the key associated with this email address (and
reddit user id). It is what it is: you can know without any real doubt
that that key is truly associated with those accounts by doing a little
research, and since I've made no further claims about the pseudonym,
that's truly good enough.

Claiming that a key is associated with an actual identity is a different
story. In that case, I would be stating that the name on my key is my
legal identity, which is quite a different claim with vastly different
implications. Therefore, I expect such a key to be verified by, at the
very least, picture identification. I have a friend who requires a
notarized document stating that the key in question belongs to the
person holding that identification. Not a bad plan, really; it uses a
Notary Public to act as a sort of CA, and allows for signing keys that
you may not have personally verifed. You just need to verify the
signature of the Notary Public.

Having said that, I don't believe a pseudonym can be truly anonymous.
Humans leak information. It's in our nature. It takes insane measures
that go directly against human nature simply to/minimize/ information
leakage during communication, and it is impossible to prevent that
information leakage /entirely./  A pseudonym is like a lock on a door.
It only accomplishes keeping out people who don't know enough or care
enough to pick the lock. They can be useful, but I can't recommend one
for the purpose of anonymity. It goes back to that whole "security
through obscurity" concept. It just doesn't work. All it takes is one
person to "blow your cover." The only real exceptions I can think of to
that are impersonating someone else, and throwaway identities that you
only use once.

Ironically, forlasanto literally means, "one that is thrown away." It
was originally intended to be a one-off, throwaway identity. But that
just goes to prove my point: the fact that I chose an Esperanto
pseudonym leaks a lot of information about me, and narrows the possible
real identities for me down from 7 billion to about 5-7 million. That's
a huge leak! The fact that my posts are in American English narrow it
down even further--to maybe a few ten thousands. That's before a single
post was read for it's content. See what I mean? We leak information
like sieves.

Another huge leak for keys is signatures. Who signed your key, and when?
This alone can leak your true identity, and it's something you don't
have effective control over.

Forgive me for saying so, but for something as high-profile as a linux
distro, using a pseudonym for signing the distro for the sake of
anonymity doesn't sound like a great plan. If^H^H^Hwhen someone cracks
your identity, it will somewhat discredit you and your distro as far as
being capable of maintaining anyone's anonymity.

Sorry for the text wall.

On 3/28/2013 5:56 AM, Peter Lebbing wrote:
> On 27/03/13 22:15, Leo Gaspard wrote:
>> until a lot of people verify and sign your public key.
> People might be more inclined to sign the key when it says something like
>
> adrelanos (Whonix signing key) <adrelanos at riseup dot net>
>
> rather than without the comment.
>
> That way, their signature might mean: Yes, this is that key that signs that
> Linux distribution called Whonix. The UID conveys a bit more information about
> which adrelanos specifically we're talking here.
>
> That said, the whole problem with establishing a pseudonym and even getting
> signatures on such a key is difficult. With proper, real names, and most
> importantly people you can meet face to face, it's reasonably established how it
> works. But with a pseudonym, it's completely different.
>
> So I'm just wildly spouting random suggestions actually. It's not really well
> thought through, but I wanted to point out this possibility.
>
> HTH,
>
> Peter.
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130329/d702facd/attachment.html>


More information about the Gnupg-users mailing list