- 1 Post
- 40 Comments
2·2 days agoThanks for the pointers on PGP. I didn’t know how it was bolted onto email.
Well you see, I was wrong on the internet about PGP and Email.
The good thing though is I’m learning A LOT lol
I’ve admitted that was wrong about PGP in other posts in this thread.
The unsolicited nature of the initial communication is what I’m concerned with.
I’m learning a lot about PGP in this thread but my initial point still stands. Unsolicited invitation to an unencrypted email is a problem for me and my security hygiene.
My major concern is the nature of the request. “Please email me an unencrypted email so that I can send you a PGP key to sign further encrypted comms to a different email address.”
Also you’re correct PGP is difficult to handle in email as it’s bolted onto an old and plaintext protocol. I’m learning a lot about email here. Most of my PGP signed packages are done in linux repositories and I admit that I’m not as familiar with it as ECDSA and other encryption algos.
It’s a problem with the local email client and PGP not being securely handled locally. I’m learning a lot about email in this thread.
So you agree that an unsolicited message from someone you don’t know, asking you to email them could be suspect.
Agreed you’re right. However it’s still a less secure protocol than other standards of communication that are available, Matrix, Mattermost, Signal etc.
Correct it has everything to do with emails
Why use email for that? A notorious vector for spear phishing, grooming and scamming? Why not use Signal or spin up an ephemeral Matrix container?
What project?
MidnightMan can verify that I have their public key. Great, I still have no way to verify them. They’re a 22 hour old account spamming DMs asking to move to a less secure platform. It’s not the way this is done.
The PGP public key still has to be shared plaintext… that makes it useless as anyone can sign it after that. Again email is the worst way to do this.
If you cannot host a secured and sandboxed Matrix server, I personally do not trust your security hygiene.
If you cannot host a Matrix server that you can sandbox and secure you can absolutely still build networks over Signal. There are multiple articles on how to anonymize yourself on that platform.
DO NOT USE EMAIL FOR THIS.
Email is insecure comms, it is required to be stored in plain text. Any keys or cryptographic elements you share over email are already compromised as soon as it’s emailed.
There are a multitude of encrypted ways to communicate. If you are attempting to reach people on lemmy I would suggest setting up a matrix server and element instance much like what was done on db0.
You can also get a prepaid sim, sign up for Signal and then set your username so as to obfuscate yourself as well.
Again Email is the absolute worst way to set this up.
2·3 days agoFORTRAN could be said to be security through obscurity though /s
2·3 days agoBuild me the mind palace that makes this make sense. I am intrigued
Y’all did it yesterday lol. I’ll keep taking my lumps though.