Lmst

Et si on remettait au goût du jour un Web of Trust pour différencier les contenus générés par des humains de ceux générés par IA ?

Tout contenu non signé par une clé (GPG ?) connue de notre WoT serait considéré comme suspect. Les gens s'inscrivant dans le WoT s'engageraient à ne pas utiliser (du tout) d'IA générative.

Les contrevenants se verraient exclus du WoT, et les personnes qu'ils seraient seuls à avoir cooptés partageraient leur sort.

#WoT #NoIA #PGP #GPG

The PGP Problem (2019)

https://www.latacora.com/blog/2019/07/16/the-pgp-problem/#the-answers

#HackerNews #PGP #Problem #PGP #Encryption #Cybersecurity #Privacy #TechNews

I received a pair of #PGP encrypted postcards from #39c3 and I will now complain about it.
The idea is pretty cool, although printing the message as human-readable text was sub-optimal to say the least. I didn't immediately know how to re-format the message so that GPG could parse it (because the newlines were messed up). OCR wasn't of much help either and the font made it hard to distinguish 0 and O, as well as 1 and l. In the end, I had to get the sender to send me the original message. A QR code would've been much better, although the printer at the event apparently couldn't print those.
Also, this happened:

A close-up of one of the postcards where the top layer of paper has partially come off.

From the annual Chaos Computer Club series: bugs in GnuPgp. Not in the math part, but in the parser and maybe elsewhere?

As someone with tons of enterprise programming exp, this would be a cool place to jump in.

https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i#t=141

#pgp #cryptography

Either I'm schitzophrenic or the Dead Internet Theory has progressed from merely an occasionally noticeable phenomenon ("theory") to a default on the bigger social media platforms?

https://en.wikipedia.org/wiki/Dead_Internet_theory

Will we have to go full #PGP and have Real Person Certified™ corners of the internet?

Also, don't look up why Eglin Air Force Base (Florida, US) was on the list of "most #Reddit addicted cities" in 2013.

#DeadInternet #DeadInternetTheory #SocialMedia

Consider hosting a CryptoParty in 2026.

Key signing parties are simple to host in person with no computers required.

A key signing party is an event where people exchange their public encryption key fingerprints, this allows participants to verify a person's identity before digitally signing their encryption key.

CryptoParty: https://wikipedia.org/wiki/CryptoParty
Key signing party: https://wikipedia.org/wiki/Key_signing_party

Website: https://cryptoparty.in

#CryptoParty #Encryption #Privacy #InfoSec #CyberSecurity #PGP #GPG

This is so beautiful. 🥹

https://gpg.fail #PGP/#GPG keeps on giving

https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i

@hko

Here is a gnupg-users thread where I suggest that emitting new block modes (OCB here) is a Bad Idea™ when the schism exists:

https://marc.info/?t=170955787300002&r=1&w=2

I think it has come up less directly in my interaction with the mailing lists as well. I think that at this point it counts as a point of contention between me and the GnuPG project. There was once an instance where someone thought that my criticism meant that I supported the 9580 faction. It got awkward... :)

I am quite critical of the GnuPG project on this point in my article about the schism:

https://articles.59.ca/doku.php?id=pgpfan:schism#where_are_we_now

#Openpgp #pgp

#39C3: Diverse Lücken in #GnuPG und anderen kryptografischen Werkzeugen | c't Magazin https://www.heise.de/news/39C3-Diverse-Luecken-in-GnuPG-und-anderen-kryptografischen-Werkzeugen-11125308.html #Patchday #PGP #Verschlüsselung #encryption

@hko My understanding is that GCM is a significant point of contention in the OpenPGP standards schism. So it would be relevant here. I have not seen any evidence presented that it would be more efficient than OCB for web applications. My estimation is that it would not be. Even if it was, the sorts of things done as web apps involve short messages (email).

That signalling that you mention (the preferences in the public key) only works for asymmetrical encryption and is not reliable. I have an entire page of examples of where it has failed:

https://articles.59.ca/doku.php?id=pgpfan:noae_shame

... and that is up to now just for a single implementation. Things could get much worse. That page is a reference for this article:

https://articles.59.ca/doku.php?id=pgpfan:interop

Somewhat ironically, it can be legitimately argued that CGM is overall less secure than the existing OCFB-MDC (SEIPD) mode:

https://articles.59.ca/doku.php?id=pgpfan:seip

The relative insecurity of GCM has also come out as a factor in the schism.

#openpgp #pgp

@soatok what I don't get is why you take this opportunity to attack #pgp in general, like taking the opportunity to push for some agenda, the site is called gpg.fail, GPG not PGP, most of the problems are related to gpg or some C code implementation bug, or using gpg and others in the command line and getting tricked by some ansi printing in the terminal, how that translates to "let's kill pgp"? ex. none of the listed problems affect #DeltaChat at all

(I was present in the gpg.fail talk btw)

By the way, just a few weeks ago I posted on how you can create S/MIME certificates yourself using step-ca that can be used for email encryption and signing ;)

https://jan.wildeboer.net/2025/08/Create-SMIME-Cert-stepca/

#PGP #GPG #OpenPGP

Warum warnt mich #DeltaChat davor, dass chats über E-Mail nicht verschlüsselt werden können? Die Möglichkeit der Ende-zu-Ende-Verschlüsselung mittels #PGP ist doch einer der größten Vorteile von E-Mails. Was passiert hier?

@heiseonlineenglish More accurately, the GnuPG project has disagreed with some of the proposed fixes and are not doing them. I have not looked closely at them (The GunPG project is more knowledgeable than me). But I agreed with GnuPG in at least one case: https://news.ycombinator.com/item?id=46404589

This might be an example of the common case where the people who find the vulnerability should not be the ones to devise a fix or decide if a fix is required.

#PGP #openpgp #gnupg

39C3: Multiple vulnerabilities in GnuPG and other cryptographic tools

Security researchers have found various security-relevant errors in GnuPG and similar programs. Many of the vulnerabilities are (still) not fixed.

https://www.heise.de/en/news/39C3-Multiple-vulnerabilities-in-GnuPG-and-other-cryptographic-tools-11125362.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#ChaosCommunicationCongress #IT #Verschlüsselung #PGP #news

This may be considered #HotTakes by some, I consider these #based: (no ragebait inteded!)

If you have a problem with these, please kindly fuck off in silence!

This list is non-exhaustive...

#NoHumanIsillegal: #FerriesNotFrontex!
#PNCHNZS! Being a racist, fascist or otherwise shit person is a choice. People can choose to deradicalize, but not 'choose' not to be targeted by Neonazis!
#NSAfDverbotSofort - no excuses!
#TransRightsAreHumanRights
#HousingFirst, cuz #HumanRights are not negotiable, but precondition to even consider negotiations!
#UBI instead of #MeansTesting; Cuz survival is not optional!
#Education is a #HumanRight and should be provided to anyone without any paywalling or charges. This includes access to #Textbooks, which should be provided #DRM-free. All education material should be publicly available and it's creation and updates be paid by the public just like schools.
#ClothesHaveNoGender
#PublicTransport should be #free, #accessible and publicly funded and run.
All #infrastructure is a natural monopoly and should be publicly run and financed solely by either transit fees or public spending.
#accessibility should be mandatory without exceptions. Paywalling it should be criminalized as a hatecrime.
Every #home should have access to #DrinkingWater, Sewage Handling, #electricity and #fiber #internet. IDGAF if it's at some remote island or desert oasis!
#HealthCare is a #HumanRight, not a commodity!
#Politicans should have to obey the same #laws re: secondary income as #PublicServants and be barred from recieving any other #compensation, #bonuses or have any other income beyond the compensation for their post.
#Politicans should only be paid #MinimumWage!Wage
Everyone should have to contribute to #SocialSecurity programs and in return, everyone gets eligible. That means no exceptions for #billionaires and other rich people. If I have to afford ~ 20% of my paycheck for #healthcare then so can all the #Banksters!
#MinimumWage must be able to afford not mere survival, but actually be sufficient to afford #downpayment on a #home and not just #rent. It should also be automatically be adjusted with #inflation and not be a political bargaining chip!
Denying people access to legal #work is a crime against humanity. People should have a right to fair and non-discriminatory access to employment regardless of legal status.
#StockTrading should be regulated as #Gambling.
Advertising Gambling or using Gambling / #PayToLoose / "#PayToWin" / #P2W mechanics to minors should be as illegal as advertising cigarettes and liquor to them.
Banning or age restricting #LGBTQIA* content as "#AdultContent" should be illegal. #QueerErasure is indefensible. If you're to prudish to accept that #LoveIsLove then that's a "You" Problem!
#Cyberfascism needs to be outlawed and Corporations like #Palantir need to be disbanded, their assets stripped and their employees jailed for crimes against humanity. They are morally indefensible!
#BanBillionaires, strip them off their assets and wealth and redistribute it. #Billionaires should be sentenced to #CommunityService for life as means to (at least partially) undo harm caused.
#SuperUselessVehicles should be disincentivized and instead any #incentives and #subsidies should be given only to #PersonalLightVehicles of classes #L2e, #L5e, #L6e & #L7e.
#SexworkIsWork!
#CSAM is indefensible and authorities that shutdown Pedo Forums should be mandated to #delete [and report] all such content at the hosters and get them to delete it. This includes Kiwi Farms which got fired by Gandi [french registrar] for hosting CSAM!
It should be illegal to enforce foreign laws overseas. Yes this includes "#Embargos" from the #USA!
#Trump is a fascist POS and a bootlicker of #Putin!
#FuckICE
#MethanolFuelcell > #LithiumCobaltBattery
#Tabs > #Spaces
#TSV > #CSV > #MicrosoftExcel
#Markdown > #RTF
#OpenDocument > #OOXML
#PDF > #MicrosoftWord
#git > #subversion
#IRC & #Mumble, #MailingList > #discord
#XMPP+#OMEMO > any proprietary messenger
#PGP/MIME acceptance should be mandatory per law for all #eMails in #business and towards public offices
Every System that has a #clock inside has to self-adjust it correctly without user intervention. I don't care if it uses a time signal like DCF77, GNSS or NTP. Computers must syncronize their hardware clock to [Unixtime](en.wikipedia.org/wiki/Unix_time) regardless of the used OS
#Police should only be allowed to carry and use what law-abiding citizens are to. If you don't trust your neighbour with a #gun, why would you trust a stranger who doesn't even have to evidence proper storage, training, proficiency and isn't subject to due diligence?
#QualifiedImmunity is #PoliceState horeshite and must never be allowed and retroactively canned. If you don't want #accountability or #consequences for those in power, you are a bootlicker.
Long-lasting peace in the #MiddleEast will most likely only happen if a unified #laicist nation compromising of #Israel and #Palestine gets built. It's just currently not intended to happen by both sides!
#Ukraine is the #LitmusTest for #EU & #NATO. If Ukraine doesn't win beyond the #StatusQuoAnteBellum (1994-2011) and doesn't get EU & NATO membership it'll either be destroyed by #Russia in Putin's neo-czarist ambitions and thus will legitimize & normalize the Russian #CrimeOfAggression, which will then focus on #Baltics and espechally #Finland. Already the western #cowardice of not following through on the #BudapestMemorandum puts the #NPT and the trustworthyness of the USA, #UK and The West in general into question.
A #TotalEmbargo against Russia is long overdue - including a #SeaBlockade, not just against the #ShadowFleet which poses a statistically inevitable risk for the #envoirment!
#NuclearPower is not #renewable and using precious radioactive elements to boil water to spin a turbine is an insult to #physics! #Renewables should be mandatory and we can talk about #Fusion once #ITER actually evidently works and is able to sustain net positive energy output into the grid.
"#AI" is #WastefulComputing and should be considered an #EnvoirmentalCrime and #CrimeAgainstHumanity, with all the prosecution it entails!
The only people that have a 'right' to be 'proud' of their #citizenship are those that actually had to put in effort to get #naturalized. People who won the #BirthLottery are disqualified.
Also anyone who is "proud" of their citizenship by birth evidently has achieved nothing on their own worth to be proud of! Even if it's just graduating school, driving license, forklift certification or some kind of art.
We need #RightToRepair, not only but espechally for #electronics! This includes tight mandates to provide #parts, #tools, #documentation and #support under #FRAND [fair, reasonable and non-discriminatory] terms.
#Patents on #Software, espechally #GameMechanics, should be illegal. No #patent should be issued without evidence of it being a genuine, new #invention with a demonstrable prototype. If #Kickstarter wouldn't accept it, then neither should any #PatentOffice!
#Patents of lifeforms and DNA have to be outlawed.
#Copyright to something should cease the moment the copyright holder refuses to offer the copyrighted work under FRAND terms. If buying isn't ownership than #piracy isn't #theft. Also #OneTimePurchase options [for a specific version] should be mandatory by law and #subscriptions only be allowed for products and services that actually incur costs to upkeep (i.e. bandwith and storage for hosting/streaming). Designing something as "#LiveService" when it has no reason (i.e. refusing to sell physical copies) to should be deemed a fraudulent circumvention of it.
"#ClientsideAnticheat" is #malware and needs to be prosecuted as such. Any "#AntiCheat" should be Server-Sided only.
#PriceGouging must be prosecuted harder, espechally when it comes to #utilities.
Just like #FuelPrices at a #GasStation, so should #ChargingStations be mandated to publish their pricing publicly in realtime and not discriminate customers!
Everyone should have a #RightToBanking without discrimination. Any closure of accounts must be legitimized by actual criminal activity (i.e. money laundering, fraud, terrorism financing, ...) and go through due process with appeals.
Everyone should have a right to free, unseizeable #ID documents without mandating #biometrics or other privacy invasions! These should be eligible as Travel #Passport and people should have global #FreedomOfMovement only restricted by an actual, individual judge ruling that went through proper oversight and appeals. Duplicate Issues to avoid Visa Conflicts (with duplicate Serial Numbers!) should be offered and granted upon request.
#Gender does not belong into ID documents! Just like weight, hair colour, religion, occupation and address don't!

New round of #GPG attacks.

https://gpg.fail/

#pgp #crypto #cryptography

Lots of vulnerabilities in #gpg posted

gpg.fail
https://gpg.fail/

#gpgfail #pgp #encryption #cybersecurity #vulnerability #cve

#39c3 - To sign or not to sign: Practical vulnerabilities in #GPG & friends,
by 49016 and Liam,
https://app.media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i

https://gpg.fail/

#gnuPG #PGP #computerSecurity

I’m looking at age for many times especially to replace OpenPGP. They did a new release and for encryption at rest, it’s indeed a good replacement.

But how to integrate it with email encryption ? They recently did a keyserver https://words.filippo.io/keyserver-tlog/ and release an update version of age.

Are we close to a real replacement for OpenPGP ?

#pgp #age #openpgp

https://github.com/FiloSottile/age/releases/tag/v1.3.0

#PGP

Client Info