Federati Nu: Federated N-series GNU Socialprivkey
https://nu.federati.net/tag/privkey/rss
Updates tagged with privkey on Federati Nu: Federated N-series GNU Social!lnxw48a1: https://cmpwn.com/@kline/104127392085344150 Someone recommending the closure of #Keybase accounts and rotating keys, passwords, and anything else that KB has touched. I probably have not been as vocal about it, but ever since I personally discovered (very early on in KB's existence) that following their default instructions uploaded your #privkey to their server, I have recommended avoiding them, cancelling any keys used with them, closing any existing KB accounts. I still feel that way ... and tying up with #Zoom is unlikely to improve my opinion of them.
https://nu.federati.net/notice/3308987
lnxw48a1's status on Thursday, 07-May-2020 16:23:18 UTC<a href="https://cmpwn.com/@kline/104127392085344150" title="https://cmpwn.com/@kline/104127392085344150" rel="nofollow noreferrer" class="attachment">https://cmpwn.com/@kline/104127392085344150</a> <br /><br /> Someone recommending the closure of #<span class="tag"><a href="https://nu.federati.net/tag/keybase" rel="tag">Keybase</a></span> accounts and rotating keys, passwords, and anything else that KB has touched. <br /><br /> I probably have not been as vocal about it, but ever since I personally discovered (very early on in KB's existence) that following their default instructions uploaded your #<span class="tag"><a href="https://nu.federati.net/tag/privkey" rel="tag">privkey</a></span> to their server, I have recommended avoiding them, cancelling any keys used with them, closing any existing KB accounts. I still feel that way ... and tying up with #<span class="tag"><a href="https://nu.federati.net/tag/zoom" rel="tag">Zoom</a></span> is unlikely to improve my opinion of them.2020-05-07T16:23:18+00:00LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}lnxw48a1: #Zoom buys #Keybase as part of its plan to fix its security flaws. https://nu.federati.net/url/268891 [www cnbc com] Not sure that buying Keybase, a company that originally uploaded people's #GPG #privkey by default, is going to add any understanding of security at all. I've avoided them since I discovered they were uploading private keys by default (though I've heard they later changed that) because that indicated they did not know what they were doing. I am glad that Zoom seems serious about fixing their issues. I just don't think this is advancing toward that goal. Now, instead of one business with severe security issues, they have two businesses which might have such issues.
https://nu.federati.net/notice/3308978
lnxw48a1's status on Thursday, 07-May-2020 15:45:13 UTC#<span class="tag"><a href="https://nu.federati.net/tag/zoom" rel="tag">Zoom</a></span> buys #<span class="tag"><a href="https://nu.federati.net/tag/keybase" rel="tag">Keybase</a></span> as part of its plan to fix its security flaws. <a href="https://www.cnbc.com/2020/05/07/zoom-buys-keybase-in-first-deal-as-part-of-plan-to-fix-security.html" title="https://www.cnbc.com/2020/05/07/zoom-buys-keybase-in-first-deal-as-part-of-plan-to-fix-security.html" rel="nofollow noreferrer" class="attachment">https://nu.federati.net/url/268891</a> [www cnbc com]<br /><br /> Not sure that buying Keybase, a company that originally uploaded people's #<span class="tag"><a href="https://nu.federati.net/tag/gpg" rel="tag">GPG</a></span> #<span class="tag"><a href="https://nu.federati.net/tag/privkey" rel="tag">privkey</a></span> by default, is going to add any understanding of security at all. I've avoided them since I discovered they were uploading private keys by default (though I've heard they later changed that) because that indicated they did not know what they were doing.<br /><br /> I am glad that Zoom seems serious about fixing their issues. I just don't think this is advancing toward that goal. Now, instead of one business with severe security issues, they have two businesses which might have such issues.2020-05-07T15:45:13+00:00LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}lnxw48a1: @archaeme @lain I used the #Keybase CLI tools way back when. Following their default instructions, it uploaded the #privkey. As this is suddenly a topic of discussion, I decided to propose a scenario for people to consider.
https://nu.federati.net/notice/794105
lnxw48a1's status on Thursday, 11-Jan-2018 22:50:32 UTC@<a href="https://don.archae.me/users/archaeme" class="h-card mention" title="Archaeme">archaeme</a> @<a href="https://pleroma.soykaf.com/users/lain" class="h-card mention" title="⑨ lain ⑨">lain</a> I used the #<span class="tag"><a href="https://nu.federati.net/tag/keybase" rel="tag">Keybase</a></span> CLI tools way back when. Following their default instructions, it uploaded the #<span class="tag"><a href="https://nu.federati.net/tag/privkey" rel="tag">privkey.</a></span><br /><br /> As this is suddenly a topic of discussion, I decided to propose a scenario for people to consider.2018-01-11T22:50:32+00:00LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}lnxw48a1: Imagine that you found some wrongdoing in your government. You decide to send the info to a newspaper in another country, so they can expose it without you risking your job / freedom / life / family. But the government figured out that #Keybase has the #privkey of many users and has been blackmailing one of their top officials. Is it an acceptable risk to correspond with that newspaper using the #gpg key that you uploaded to Keybase?
https://nu.federati.net/notice/794074
lnxw48a1's status on Thursday, 11-Jan-2018 22:36:29 UTCImagine that you found some wrongdoing in your government. You decide to send the info to a newspaper in another country, so they can expose it without you risking your job / freedom / life / family. But the government figured out that #<span class="tag"><a href="https://nu.federati.net/tag/keybase" rel="tag">Keybase</a></span> has the #<span class="tag"><a href="https://nu.federati.net/tag/privkey" rel="tag">privkey</a></span> of many users and has been blackmailing one of their top officials. Is it an acceptable risk to correspond with that newspaper using the #<span class="tag"><a href="https://nu.federati.net/tag/gpg" rel="tag">gpg</a></span> key that you uploaded to Keybase?2018-01-11T22:36:29+00:00LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}lnxw48a1: @morph@gs.morphtown.de @bob@social.freedombone.net It used to be the default. If you followed their instructions, they uploaded your #privkey to #keybase servers. While that may have changed, having the option at all is unacceptably dangerous to noobs.
https://nu.federati.net/notice/793971
lnxw48a1's status on Thursday, 11-Jan-2018 21:32:34 UTC@<a href="https://gs.morphtown.de/user/1" class="h-card mention">morph</a> @<a href="https://social.freedombone.net/user/1" class="h-card mention">bob</a> It used to be the default. If you followed their instructions, they uploaded your #<span class="tag"><a href="https://nu.federati.net/tag/privkey" rel="tag">privkey</a></span> to #<span class="tag"><a href="https://nu.federati.net/tag/keybase" rel="tag">keybase</a></span> servers. While that may have changed, having the option at all is unacceptably dangerous to noobs.2018-01-11T21:32:34+00:00LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}lnxw48a1: @yukiame@noagendasocial.com @bob@social.freedombone.net I'm not sure what "services" they offer, but uploading #privkey is not matched in worth by any service they could offer. Keybase (or rogue employees, or crackers, or gov't agencies in any major country) could unencrypt any communications sent to their users or send messages that pretend to be sent their users. It is so dangerous *especially to noobs* that it is unconcionable for #keybase to do this.
https://nu.federati.net/notice/793965
lnxw48a1's status on Thursday, 11-Jan-2018 21:28:57 UTC@<a href="https://noagendasocial.com/users/yukiame" class="h-card mention">yukiame</a> @<a href="https://social.freedombone.net/user/1" class="h-card mention">bob</a> I'm not sure what "services" they offer, but uploading #<span class="tag"><a href="https://nu.federati.net/tag/privkey" rel="tag">privkey</a></span> is not matched in worth by any service they could offer. Keybase (or rogue employees, or crackers, or gov't agencies in any major country) could unencrypt any communications sent to their users or send messages that pretend to be sent their users. It is so dangerous *especially to noobs* that it is unconcionable for #<span class="tag"><a href="https://nu.federati.net/tag/keybase" rel="tag">keybase</a></span> to do this.2018-01-11T21:28:57+00:00LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}lnxw48a1LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}