yeah i keep thinking, we’re not getting around the law. we have to get around an effective implementation though by using 3rd party platforms, i.e. ones that don’t conform to legal pressure. i keep thinking we need to inform people¹ about ways of secure communication in the absence of big-platform support. i.e. how do we send encrypted messages outside of facebook. we need matrix chat with end-to-end encryption that actually works, does not rely on a central “identity confirmation” service but works end-to-end. So instead of saying “i want to connect to [email protected]” and looking up the [email protected] public key somewhere, you should ideally get the [email protected] public key directly from the other user, if you have the chance to meet them irl. it’s the only way to actually secure end-to-end communication.
[1]: Note. This is very important. do NOT under no circumstances come up with the stupid ridiculous and outright dangerous notion that you’re gonna convince large masses of the population to care about their privacy. there needs to be a bit of elitism in this.
But the central service for those keys is only sharing the public key. Only the recipient can decrypt the message.
The only information it would give out is “this IP downloaded this public key”. Which can easily be covered up with multiple downloads from different IPs. You really only need to do this once per recipient too, once you have the public key you can just always keep a copy.
Shit, if your already using GnuPG, encrypt a file that’s got all your friends public keys. When you need to send a message, decrypt your file and grab the key you need.
yeah i keep thinking, we’re not getting around the law. we have to get around an effective implementation though by using 3rd party platforms, i.e. ones that don’t conform to legal pressure. i keep thinking we need to inform people¹ about ways of secure communication in the absence of big-platform support. i.e. how do we send encrypted messages outside of facebook. we need matrix chat with end-to-end encryption that actually works, does not rely on a central “identity confirmation” service but works end-to-end. So instead of saying “i want to connect to [email protected]” and looking up the [email protected] public key somewhere, you should ideally get the [email protected] public key directly from the other user, if you have the chance to meet them irl. it’s the only way to actually secure end-to-end communication.
[1]: Note. This is very important. do NOT under no circumstances come up with the stupid ridiculous and outright dangerous notion that you’re gonna convince large masses of the population to care about their privacy. there needs to be a bit of elitism in this.
But the central service for those keys is only sharing the public key. Only the recipient can decrypt the message.
The only information it would give out is “this IP downloaded this public key”. Which can easily be covered up with multiple downloads from different IPs. You really only need to do this once per recipient too, once you have the public key you can just always keep a copy.
Shit, if your already using GnuPG, encrypt a file that’s got all your friends public keys. When you need to send a message, decrypt your file and grab the key you need.