@koenvh #FunFact: THIS is actually real when it comes to #OnionServices on #Tor / @torproject despite (or rather because of) having a self-routing and self-administrating, self-authentificating namespace utilizing #Pubkeys for addressing.
Mine merely covers a few #BonaFide ones and there are literal #scam businesses when it comes to the kinds of sites I won't name nor list!
@gaba I think it would be even better if we teach #TechLiteracy and spread both @tails_live / #Tails and easy to use tools to do #OpenPGP like #Kleopatra & #enc so people can really do #E2EE and just use #Pubkeys that have been released by the intended recipient...
@jamesh @itisiboller @finestructure
Maybe it's because the entire #TechStack on #WebDevelopment is a cancerous growth which tires to solve serious structural integrity issues with more and more flex-tape?
I think that using proper #E2EE with #PGP #Pubkeys for both Users and Servers would've alleviate the issues.
The whole #SSL fuckshitstack is bad and sadly we failed to teach users basic #TechLiteracy and now we can only broom away the glass shards before the kids trample in them...
@ljrk @lexd0g And yes, I know that #passwords are bad but besides #SSH & #PGP #Pubkeys there is no good way to authenticate that isn't like a #TOTP / #HOTP - like #2FA or some confirmation message...
#Passkey don't make people more #TechLiterate and actually learn how to use a #PasswordManager|s or exercise #SelfCustody of Keys...
Nor do they save the problem that platforms / logins don't do basic behaviour-based protection against just spamming credentials or irregular patterns.
@dangoodin I doubt this to be the case - #Fax survive in regulatory bs nieches, and #Passwords will be unremoveable since not every platform & application will allow auth via #X509 certs, #GnuPG# or #SSH #Pubkeys and you can't force everything to be #online or using a centralized server...
@tek @prozacchiwawa Also it's trivial to version #Pubkeys...
If necessary just setup some custom URL/forwarder like keys.domain.example/ssh to wget that stuff post-install...
@kusuriya @mail *nodds in agreement*
#Keybase in it's original form as a means to sync and host #Pubkeys and #verify accounts is good, but them selling out and snitching on users [i.e. #DeterrenceDispensed] is inexcuseable.
OFC a privacy & encrypted-only eMail provicer would've to offer a #Keyserver to provide #Pubkeys for the eMail adresses of users...
Ideally something that literally allows automatic pulling like keyserver.mailprovider.example/emailadress@mailprovider.example.pubkey.
@offenenetze das liegt daran dass die #BNetzA für viele Dinge - wie andere #Behörden (mangels #Digitalisierung und Bereitstellung von #GnuPG / #OpenPGP - #Pubkeys) weiterhin nur #Fax als nachweislich zuverlässige, elektronische Kommunikationsform für meldepflichtige und Fristsachen bedarf.
#Funfact ich kenne sogar #VoIP-Anbieter die sowas [abgesehen von ausgehenden #Fax|en und #Rufnummerportierung] kostenlos anbieten...
Und ja ich brauche das leider auch, weil #EDGEland / #Schlandistan...
@pallenberg
Mangelnde #Digitalisierung fängt ja schon damit an dass man trotz #Pandemie #Endemie nichtmals grundlegenste Dinge remote erledigen kann.
z.B. kriegt es die #Arbeitsagentur bei nem Bekannten problemlos hin #Termine per #SMS zu spammen, erlaubt aber keine #Rückantwort und es gibt auch keine vernünftigen #eMails...
Davon dass man seitens der Behörden und meisten Unternehmen gänzlich unwillig ist #GnuPG-#Pubkeys zu importieren und sicher zu kommunizieren will ich garnicht anfangen.
