On 9/2/20, John Young <jya@pipeline.com> wrote:
Has it not been established that all key servers are compromised,
The majority of GnuPG users no longer use SKS key servers, due to the fact of possible attacks on their pub keys.
It's not that the nym <--> privkey mapping of any given key has been internally compromised, that is signed. But that key servers and their keys were discovered by the public to be handy datastores open to arbitrary data insertion, including of duplicate nyms, public sigs, etc. Plausible keys can still be found. For which old wisdom of verifying the WoT still applies. Unfortunately the WoT has not yet developed enough degrees around the world, such that many paths between say your key and any other are still woefully broken. Thus requiring much offline and direct verification with the intended party. Two ways to help fix that is to hold *many* more keysigning parties, and to publish and self assert over the fingerprints in many more online social and business places.
Then Tor, I2P, CJDNS, Secure Drop, Signal, et al, each eagerly boosted than gradually falling in credibility and trustworthiness to be succeeded by new borns.
Cybersec apps and staff always seem to hide their easily notable design caveats, such caveats being addressed by the nextgen, which dutifully hides its own caveats in turn. We will see which new apps will take the initiative to address the current overlay network attack vectors of network traffic analysis and sybil attacks. And what holes they in turn skirt around and censor-ban-cancel you for talking about.
The recent post about crypto's failure to serve the underprivileged, citing cypherpunks as an example, is indicative of where a next step for injecting compromised sec tools is headed, following bitcoin's amazing rise as top tracker of finance under pretense of untraceability.
Indeed.
Apt that Covid shot that CyberPonzi delirium
Not shot just that, but a breadth and depth of human areas, the changes and impacts (mostly not so good as usual) due to oppurtunistics will hardly begin apparent to clairvoyants even five years hence.
keys.openpgp.org or keys.mailvelope.com, besides Werner Koch's WKD.
"More nodes on overlay networks" is a notion generally applicable to any set of cypherpunk services, information bases, infrastructure, etc, not just these. Or you could take Juan's approach and smash it all. However most are not ready to adopt the resulting lifestyle yet. Neither has Juan, nor anyone else still tapping on their keyboard.