Somebody needs to do a best practices for pseudoanon OpenPGP like being careful ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dobbsbob on Nov 2, 2013 \| parent \| context \| favorite \| on: OpenPGP Best Practices Somebody needs to do a best practices for pseudoanon OpenPGP like being careful not to upload your key to a keyserver in the clear, unmasking yourself. Not using any identifying info while generating. As an example look at political or blackhat forums sometime and just examine the public keys posted: hotmail addresses and traceable user nyms. Also avoiding anybody who sends you a BCPG bouncy castle key or OpenPGP.js in the version header, because they are probably using some ridiculously insecure browser encryption addon.

jlgaddis on Nov 3, 2013 | [–]

Riseup's "Digital Security for Activists" goes into a bit more detail:

https://zine.riseup.net/

nullc on Nov 2, 2013 | [–]

Using pgp anonymously is really hard, esp because PGP has no integrated way to do authentication without non-repudiation.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact