kravietz 🦇 @kravietz@social.privacytools.io

@TheFuzzStone

With all the dark markets being busted periodically people have a lot of motivation to use PGP there 😂

@yarmo

Well, the nice thing about Keybase is that you don't have to verify it, it's built into the system already and you don't need to think about it. The whole complexity of the social graph is hidden from the user and this is precisely what @TheFuzzStone described - and it's a very interesting usage scenario with real threat actors, which is precisely why it intrigued me so much. In 90% of the regular business security this is superficial because they're centralized...

@TheFuzzStone

So the optimal solution would be probably a blockchain based public ledger where people's identities bump their trust rating and the smart contract prominently displays it in user-friendly way, a bit like Threema rates the trust level of your contacts.

@TheFuzzStone

PGP is not popular anywhere because it's 90's philosophy packed in 2000's user interface and simply confusing. When you try to use it to avoid confusing and scam, you quickly discover you're even more confused than in the beginning :)

@TheFuzzStone

Haha that's the all-time rant between crypto community and cryptocurrencies community with the first not considering the latter to be "real crypto" etc 😂

@TheFuzzStone

opmsg actually does just that including web-of-trust on top of BTC blockchain except for the nice web interface. Interesting challenge, need to think about it.

@TheFuzzStone

This is probably where blockchain might eventually have some real-world usage :) Because what Keybase does it essentially a public ledger, just centralized. If this could be implemented in the form of a smart contract for example, it could be quite effective actually. And digital signature is at the very core of Ethereum and any other crypto currency so readily available.

@yarmo @TheFuzzStone

So what Keybase got absolutely right is

1) a trusted website
2) that holds PGP keys of many people
3) easy to use copy & paste user interface

@yarmo @TheFuzzStone

There certainly is OpenPGP.js so all that can be now done fully client-side, the problem is web-of-trust. If you aren't 100% sure the page is genuine and the PGP key used to verify is genuine, you can't be really sure. This is very complex problem if you consider all real-world factors, so not only technical but also usability and human factor...

@TheFuzzStone @yarmo

I get what you mean now - just took the PGP signed message from your page. This is indeed very easy for a non-technical person.

@TheFuzzStone @yarmo

Have a look at opmsg https://github.com/stealth/opmsg I have checked it a few times but never really found an usage scenario for it :) What you describe sounds just like a perfect match, although obviously the usability factor might be a problem again...

@freemo

By the way, if I haven't messed something up, I vaguely recall that Polonius character was based on an actual Polish noble who was present in London around that time and involved in some political intrigues. Need to re-read...

@claudius

When the whole shitstorm broke out I did spend a few weeks following up and reading the actual text of the directive.

The criticism was 90% totally manipulated ("ACTA2" name) and exaggerated or even completely invented ("ban private blogs" etc). The remaining 10% of valid criticism was fixed in the subsequent drafts.

But the key thing was if the legislation was bad for Google, they would not so aggressively lobby against it. And they did as hell, so I'm confident :)

Worth reading entirely, from a psychiatrist point of view.

"Trump's mind runs on a formula which bends and twists facts, ideas and memories to suit his malignant narcissism. This is why Trump contradicts himself so easily. He lies and makes things up. His fantasies all serve his malignant narcissism and the world he has created in his own mind about his greatness."

https://www.salon.com/2020/04/25/psychologist-john-gartner-trump-is-a-sexual-sadist-who-is-actively-engaging-in-sabotage/

@kmic

Ale... po co? 🙄