| ▲ | michaelt 2 hours ago | |||||||
PGP’s web of trust was kinda bad privacy-wise in some regards, as it basically revealed your IRL social network. If my PGP public key has 6 signatures and they’re all members of the East Manitoba Arch Linux User Group, you can probably work out pretty easily which Michael T I am. Are there successful newer designs, which avoid this problem? | ||||||||
| ▲ | pjc50 an hour ago | parent [-] | |||||||
The IRL social network is actually the important part of the trust structure. The only one of these I've seen that really worked was the Debian developer version: you had to meet another Debian developer IRL, prove your identity, and only then could you get the key signed and join the club. | ||||||||
| ||||||||