Re: On future of GnuPG
>This ruling is more similar to rules that you are not required to wear >a badge that you spent some time in jail or need to state this in your CV. It is a ruling that gives more power to the government, whatever the "declared goal" actually is. The actual usage of this rule is to hide blatant evidence of corruption of government officials from public sources. Werner Koch via Gnupg-users writes: > On Tue, 5 Jan 2021 17:07, Robert J. Hansen said: > >> I'm doing is sharing true things with my buddy?" Whereas in Europe, >> right-to-be-forgotten laws, enforced by the government, are seen as >> wins for privacy, in America they would be (a) blatantly unlawful and > > I don't think that the right not to be listed prominently in search > results is related to privacy. This ruling is more similar to rules > that you are not required to wear a badge that you spent some time in > jail or need to state this in your CV. > >> In Europe it's a lot different. There, the prevailing culture cares a >> lot more about limiting the ability of businesses to learn things about >> a person than with limiting the ability of governments. The national > > Like all over the world governments work on terminating all rules which > limit their power. It seems to be a never-ending task to counter that. > > Speaking of Germany: There are a lot of barriers between administrative > entities to share data - there is not even a central database of all > citizens. There is no shared access between the databases of the police > and the spooks. The spooks tried to tell us that it is okay to > eavesdrop as long as no German citizen is part of the communication but > courts declared such a workaround as illegal. But yes, all these laws > and rulings wind up faster and faster :-( > > > Shalom-Salam, > >Werner -- Vladimir Nikishkin (MiEr, lockywolf) (Laptop) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On future of GnuPG
On Tue, 5 Jan 2021 17:07, Robert J. Hansen said: > I'm doing is sharing true things with my buddy?" Whereas in Europe, > right-to-be-forgotten laws, enforced by the government, are seen as > wins for privacy, in America they would be (a) blatantly unlawful and I don't think that the right not to be listed prominently in search results is related to privacy. This ruling is more similar to rules that you are not required to wear a badge that you spent some time in jail or need to state this in your CV. > In Europe it's a lot different. There, the prevailing culture cares a > lot more about limiting the ability of businesses to learn things about > a person than with limiting the ability of governments. The national Like all over the world governments work on terminating all rules which limit their power. It seems to be a never-ending task to counter that. Speaking of Germany: There are a lot of barriers between administrative entities to share data - there is not even a central database of all citizens. There is no shared access between the databases of the police and the spooks. The spooks tried to tell us that it is okay to eavesdrop as long as no German citizen is part of the communication but courts declared such a workaround as illegal. But yes, all these laws and rulings wind up faster and faster :-( Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On future of GnuPG
On 05-01-2021 23:07, Robert J. Hansen via Gnupg-users wrote: As always, it probably depends on who you have the most to fear from: your government, corporations, or maybe someone else? > In Europe it's a lot different. There, the prevailing culture cares a > lot more about limiting the ability of businesses to learn things about > a person than with limiting the ability of governments. That is changing. Now that governments are ourtsourcing censorship to corporations in their struggle against unwelcome news (these days they call that often "fake news" or "Russian propaganda" and voices are getting stronger to censor unwelcome messages directly, recently enhanced by protests against the covid measures, protection against the government are getting more important in Europe as well. But that is not yet much reflected in actual policies being made, mainly because those policies are made by the very people we need protection against. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On future of GnuPG
12021/00/04 08:01.47 ನಲ್ಲಿ, markus.ro...@neverbox.com ಬರೆದರು: > > On 2021-01-05 Stefan Claas via Gnupg-users - gnupg-users@gnupg.org wrote: > > ... but why are then SKS key servers > > still in operation, which allows third parties to look up who signed > > who's key and with what trust level and GnuPG's WoT support, compared > > to sq and Hagrid? > > The landscape has changed dramatically from the times when the > original PGP fundamentals were introduced. Today, for any secure > personal communication system to be of practical use, it must > be designed from the ground up observing the following simple > principle: *anonymity is the necessary condition of privacy*. That depends heavily on your threat model, though. For many people, the goal isn't to keep their identity safe from the people they're talking with. Rather, the goal is to keep the contents of their messages safe from _everyone else_ (including CIA, NSA, shitty governments, etc). In many ways, security and anonymity are at odds, since if I can't easily verify that is the person they claim to be, I have no way of knowing if I'm telling them stuff they shouldn't know. While there are ways to ensure confidentiality and integrity of the *communication channel* while preserving anonymity, there isn't really a way of ensuring the integrity of the *conversation* while preserving anonymity. Pretty much any way of properly resolving this dilemma requires de-anonymizing both participants, and then we're right back where we started. If, instead, we acknowledge that most use cases require integrity of the communication channel *and* the conversation, then we can use common identifiers (like phone numbers) or (mostly) verifiable identities (like GPG keys hosted on WKD) to ensure the integrity of the conversation (I say mostly verifiable because there's always a chance the domain is compromised and the keys are replaced). Once anonymity isn't really as much of a concern, we get things like Signal, which is decidedly *not* anonymous (with the exception of using VOIP numbers to sign up) but is most assuredly private (they don't know what you're saying and neither does anyone else, apart from the people you're messaging). Regards, Chiraag -- ಚಿರಾಗ್ ನಟರಾಜ್ Pronouns: he/him/his publickey - mailinglist@chiraag.me - b0c8d720.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On future of GnuPG
On Wed, Jan 6, 2021 at 12:09 AM Stefan Claas wrote: > What you say would fit more for a cross-platform OpenSource app > like Bitmessage, compared to PGP's or GnuPG's privacy philosophy. Regarding Bitmessage and OpenPGP. There was an announcement made last year about an Bitmessage OpenPGP chan, where people can discuss all things around OpenPGP anonymously and globally. I am a bit out of the loop regarding Bitmessage but here is the address for interested parties: OpenPGP BM-2cU9MZTNKThqH9nDPycVaPGAduisN6Nnm1 Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On future of GnuPG
On Tue, Jan 5, 2021 at 9:05 PM wrote: > > On 2021-01-05 Stefan Claas via Gnupg-users - gnupg-users@gnupg.org wrote: > > ... but why are then SKS key servers > > still in operation, which allows third parties to look up who signed > > who's key and with what trust level and GnuPG's WoT support, compared > > to sq and Hagrid? > > The landscape has changed dramatically from the times when the > original PGP fundamentals were introduced. Today, for any secure > personal communication system to be of practical use, it must > be designed from the ground up observing the following simple > principle: *anonymity is the necessary condition of privacy*. That the landscape has changed dramatically everyone will (hopefully) agree and your phrase is perfectly fine, but I do not consider GnuPG or OpenPGP apps as tools giving users anonymity. What you say would fit more for a cross-platform OpenSource app like Bitmessage, compared to PGP's or GnuPG's privacy philosophy. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On future of GnuPG
> The landscape has changed dramatically from the times when the > original PGP fundamentals were introduced. Today, for any secure > personal communication system to be of practical use, it must > be designed from the ground up observing the following simple > principle: *anonymity is the necessary condition of privacy*. This borders on ridiculous. One of the problems we have in privacy discussions is there is no single agreed-upon definition of privacy. Privacy is defined by culture, and unless we share a culture we're very unlikely to share a privacy definition. In the United States, the prevailing culture cares a lot more about government's ability to learn things about me without a warrant than it does about the ability of corporations or businesses. And we also believe that government limiting our ability to speak infringes on our privacy: "why the hell is the government getting in my business if all I'm doing is sharing true things with my buddy?" Whereas in Europe, right-to-be-forgotten laws, enforced by the government, are seen as wins for privacy, in America they would be (a) blatantly unlawful and (b) considered massive invasions of our privacy by the government. In Europe it's a lot different. There, the prevailing culture cares a lot more about limiting the ability of businesses to learn things about a person than with limiting the ability of governments. The national security exemption in the GDPR is big enough to drive a truck through: it is so all-encompassing that I, as an American, look at the GDPR and think it's a nightmare for privacy rights. And, you know, *this is okay*. Privacy is culturally defined. Enjoy your culture, accept or reject its definition of privacy as you like. Just don't think that your culture's definition is somehow the only one, or universally agreed-upon, or... If there is no agreed-upon universal definition of privacy (and there isn't), then any attempt to make sweeping statements like "anonymity is a necessary condition of privacy" is just a bunch of freshman Philosophy 101 crap that's entirely disconnected from the real world. signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
On future of GnuPG
On 2021-01-05 Stefan Claas via Gnupg-users - gnupg-users@gnupg.org wrote: ... but why are then SKS key servers still in operation, which allows third parties to look up who signed who's key and with what trust level and GnuPG's WoT support, compared to sq and Hagrid? The landscape has changed dramatically from the times when the original PGP fundamentals were introduced. Today, for any secure personal communication system to be of practical use, it must be designed from the ground up observing the following simple principle: *anonymity is the necessary condition of privacy*. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users