Privacy

31609 readers

118 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Alternatives to PGP/GPG? (lemmy.ml)

submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]

22 comments fedilink hide all child comments

We all know PGP is old and got a myriad of problems, like key management.

Thus, I'm looking for a generic encryption and signing tool that also available on mobile devices, both Android and iOS.

I know age+minisign is the preferred choice but unfortunately there ain't an mobile app for them.

I know Magic Wormhole is great for P2P data transfer but it's slow and not reliable. I often have corrupted files even the size is small. I would much rather encrypt locally, upload to GDrive, and share it.

I know Signal, WhatsApp and other messaging apps now offers E2EE to exchange many data forms but the political sphere is shifting and given the current trend, they might forced to backdoor the protocol, drop E2EE entirely, or cease operation. Something independent from messaging tool is needed.

I'm not seeking perfect forward secrecy as that wasn't achievable for non conversations use case unless parties manually negotiate a session key.

I don't care the web of trust either. Putting PII on a key server for public viewing doesn't fit today's privacy trend.

Nor anonymity. I'm talking to my family members and friends and I don't find a reason to hide that. The only thing matters is the content.

While it will be great to follow some kind of widely used standards, it is not a requirement.

Thanks for the input.

EDIT: Added GPG to the title

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 1 year ago

Please correct me if I misunderstood.

You have one master key (root). This key have strong connection to your identity. However, you kept this in secret.

You have one or more ephemeral keys (edge). You can dedicate each key for different purposes. You sign these keys with the root key.

If I'm not mistaken, it's essentially the "Web of Trust". How do people trust your edge keys without knowing the root's public key by "the signer hash is the same"? While I can see the certification on your edge key, I can't build a trust path as I don't have your root's public key.

I don't really understand "each ephemeral key in the chain". What chain actually? Chain as in " Web of Trust"? Or as in subkeys?