[ot][spam][wrong][spam] impossible pgp keys
Spamming the list alleviates my need to disrepute myself, almost no matter what I say! I was daydreaming recently of exchanging pgp-signed messages with grarpamp. I'm always wondering how to get myself a pgp key, my brain is so tired of wondering it. Do you think grarpamp has a public key? They seem like they'd know how to use one if they did. Like me, grarpamp demonstrates knowledge, use, and skills of things like privacy technology, but I don't receive many messages from them actually helping people use them. Not many links to tools, no signatures on messages, etc etc. Grarpamp also links to youtube a lot which could indicate they could have little free time for such things, obviously I have no way of knowing for sure. To exchange proper signed or possibly encrypted communications with grarpamp, I would need four things. - to have a private key myself - to have grarpamp's public key - to have a way of exchanging messages that got delivered - to have a way of verifying key fingerprints The first one is the hardest. But the second item is also very hard! Sometimes I imagine that I'm in some kind of internet bubble, and that's why I see so few message signatures. There is a lot of possible indication of this. But even if it's true, it matches my own experience that people would be actually not using private keys, too. It's hard to tell which. It's also possible there are message signatures in those email headers. I usually zone out and forget that that's possible. I don't think grarpamp is signing their emails. But I don't know. Maybe punk is even signing their emails. I don't know! How could we set up a way to exchange keys with random people on the internet we've never met and never really chat with? How could I do this? Maybe I could get them a physical object. That would help a lot. Or I could meet them in some kind of online network that has more cryptographic guarantees. Regardless, if I'm going to be paranoid that everything on my internet could possibly be faked, _and_ that my computer[s] is/are participating in that, I'm going to need a private reasonably secure system to do the cryptography on. Nowadays, everyone I talk to about such things brushes them off, as if the swathes of international system compromises continuously going on indicate that we should blindly trust technology to make things okay. I seriously have this experience! Some time ago I mentioned message signatures to punk on-list and received an apparent reply asking if I was "worried the list administrator was changing our emails" (that is an incredibly untrustworthy reply, and not where I would expect the change to happen, but it could very well have been made up by an actor between us). I actually asked Greg about message signatures. Greg said they didn't use pgp. I asked if they had a lot of trust for networks, relating having participated in a mitm on somebody else once myself, and Greg just didn't reply. I figured the exchange was just part of the whole mitm shenanigans. Now, it's been a number of years since pgp happened. Maybe there is something new now. Some other way to have end-to-end encryption. Maybe that's why greg replied that way. Wouldn't the cypherpunky thing to do to have been to introduce me to it, though? Well, the political environment has changed a lot ... Now, it's pretty obvious that slavery is involved, because that's what followed me around everywhere, and I tested this with coderman. But I'm not so confident that that history, of coderman signing their messages, stopping signing when I replied to one unsigned, and then signing again when I wondered if they were a victim of slavery, is staying on this server. Who knows! Anyway, the only person who can't say they are a slave who needs to be freed, is somebody who _is_ one, in _most_ situations.
participants (1)
-
Karl