21 July 2013. Add: Date: Sun, 21 Jul 2013 11:22:51 +0200 From: Eugen Leitl <eugen[at]leitl.org> To: cypherpunks[at]al-qaeda.net, info[at]postbiota.org, zs-p2p[at]zerostate.is Subject: Re: [liberationtech] Interesting things in keyservers ----- Forwarded message from micah <micah[at]riseup.net> ----- Date: Sat, 20 Jul 2013 10:05:42 -0400 From: micah <micah[at]riseup.net> To: Micah Lee <micahflee[at]riseup.net>, 'liberationtech' <liberationtech[at]lists.stanford.edu> Subject: Re: [liberationtech] Interesting things in keyservers User-Agent: Notmuch/0.15.2 (http://notmuchmail.org) Emacs/24.3.1 (x86_64-pc-linux-gnu) Reply-To: liberationtech <liberationtech[at]lists.stanford.edu> Hi Micah! Micah Lee <micahflee[at]riseup.net> writes: > I'm working on a talk for OHM2013 about PGP. Can anyone send me

> examples of interesting keys in key servers that you know of? Since you are preparing a talk about the subject, I'm going to be pedantic and correct your usage of "PGP", because it is important to get your terminology straight when giving a talk. I presume you aren't giving a talk about the commercial software, but instead you are actually giving a talk about OpenPGP which is the standard specified by RFC4880 that different programs like GnuPG, Seahorse, MacGPG, and PGP etc. all implement. If that is true, then you should refer to it as OpenPGP, and not PGP. I dont know what your talk will consist of, besides the funny enigmail XSS and goatse.cx stuff (thanks for that! always good to have some goatse early in the morning), but I would like to point out a few things that might be useful to mention. One is a wiki page that I created with some people: https://we.riseup.net/riseuplabs+paow/openpgp-best-practices - it contains some useful hints about using OpenPGP, maintaining a good key and some general good practices that people often dont know about (such as the importance of keeping your keys updated to get critical revocation and expiration extension certifications!) One thing mentioned on that page that I wanted to highlight, because you used pgp.mit.edu links in your original email, is that the keyserver pgp.mit.edu is not a good one to use/promote. Everyone uses it as their 'goto' keyserver, but it is a really bad idea! As a keyserver, it has been broken for years. For a long time it was just dropping revocations, subkey updates and expirations on the floor. That is *really* bad. Eventually, they upgraded their keyserver software, but it is *still* running an older version of SKS, a version that fails to handle 16-digit subkeyid lookups (among other failings). So, please don't rely on pgp.mit.edu for your security, and please don't include them in your slides! If you are looking for one to use, I highly recommend using the SKS pool address (hkp://pool.sks-keyservers.net or http://hkps.pool.sks-keyservers.net/ - or if you want a more close geographical pool, have a look at http://sks-keyservers.net/overview-of-pools.php). Finally, there seems to be some amazing misconceptions about keyservers, keys and the web of trust. In particular this http://cryptome.org/2013/07/mining-pgp-keyservers.htm circulated recently and it pained me to see because it suggested various wreckless conclusions that were dangerously off the mark[0] (and used pgp.mit.edu, hah). While it is true that we've jokingly called the OpenPGP web of trust "the original social network" because of the exposed social relational graphing that can be done by querying keyservers, and it is for this reason that many activists I know do not want to have signatures uploaded to keyservers (and instead use the bulky local-only signature work-around)... ... but for some reason people seem to think that if it is on a keyserver, is true, or it means something that it doesn't. People don't realize critical things, such as the fact that I can create a key with the UID Nadim Kobeissi and upload it to the keyservers[1]. That doesn't mean that is the real Nadim's key (this is what exchanging key fingerprints and doing certifications is for, so you can know, with a certain degree of certainty, that this person is the person who controls that secret key material). Or people think that because I signed your key and that signature is on the keyserver that indicates: I trust you; we met in person at that date; we know each other; we are involved in a criminal conspiracy with each other; or many other wrong assumptions about what that certification means. I can sign Edward Snowden's key and send that to the keyservers[1]. Hell, I can sign Snowden's key with my fake Nadim Kobeissi key[1] and then send it to the keyservers. Does that mean that Nadim and Snowden have met in person?! No, it does not at all. Anyways, I can keep going... but I dont know what the focus of your OHM talk is about, so going on like this isn't particularly useful to you and your talk... however, I'd be happy to provide more feedback about your talk if you would like![2] After all, we Micahs need to stick together, micah 0. "the cryptome article just sounds like impenetrable bullshit from someone with no interest in actually understandning what's happening" - I'm not saying who said this... 1. no, I didn't do that, nor did I upload the edward snowden or bradly manning keys. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys[at]stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 9 July 2013. Add Philip Zimmermann, with probably the most extensive list of key signers, whose key was vandalized by infectious Michael Vario on July 7, 2013. Add Nadim Kobeissi whose key was vandalized by Vario on June 11, 2013. Add Roger Dingledine, long associated with the Tor Project, with extensive list of key signers. It should be noted that few of the early PGP adopters and promoters continue to sign keys -- the decline suggests a correlation with the sale of PGP to Symantec and the departures of the founders and principals of the original PGP. Further, the bulk of PGP users seem to have no signers other than themselves. It appears that the web of trust expected of publicly verifiable key signing has withered, its remnants untended except, possibly, for exploitation. 6 July 2013. Add Richard Stallman whose key was vandalized today by the infectious-key-signer Michael Vario who also vandalized the keys of John Young and Cryptome yesterday when this file appeared. Check your PK to see if Vario has vandalized it. 5 July 2013 Mining PGP Key Servers Related: http://blog.client9.com/2013/07/fun-with-pgp-part-2.html Statements in the Bradley Manning trial describe forensics to establish his online behavior and correspondents. Edward Snowden is reported to have advised his correspondents to use PGP for security. The Bradley forensics and Snowden advice suggests PGP key servers could be used to establish connections among parties, the so-called metadata official, commercial and NGO spies siphon, store and mine. The long-running MIT PGP key server is bountiful for this method but so are other PGP and GPG global servers. This shows mining of PGP keyserver connections by PGP signatures from, as examples: Laura Poitras to: Michael Vario Then Michael Vario to selected representatives: Ed Snowden

Kurt Opsahl, EFF

Jacob Appelbaum Then Jacob Appelbaum to selected representatives: Electronic Frontier Foundation (EFF) membership coordinator

Laura Poitras

John Gilmore

John Perry Barlow Then to a comprehensive list: PGP Global Directory From the PGP Global Directory it is possible to connect virtually every PGP user who has uploaded a signed key to the worldwide keyservers. In addition to connections via keyservers there are semi-private and private webs of trust (WOT) connecting multiple users which can be linked to the keyserver listings. Offline keys may be connected to these public, semi-private and private key exhanges lists by joint membership. There are many global copies of the PGP keyservers, with similar but not identical listings. Log files of each presumably contain records of IP addresses used for key verification, revocations, extractions and uploads. PGP messages contain metadata about sender and recipient and other unique and generic information needed for encryption and decryption. This may be used to explore and mine metadata on the keyservers. This combined metadata can be supplemented by searching on user key IDs and/or email addresses in search engines and anonymizing networks such as Tor Project nodes. Mining of public media for user connections is standard commercial and spying practices, particularly the forums which encourage ever greater user discourse and links, such as Wikipedia, Internet Archive, Facebook, LinkedIn, Twitter, Reddit, Tumbler, Tor, WikiLeaks and FOI sites, clouds, OTR chats, "closed" forums, PGP and other mass-involvement ilk. The greater the number of, say, Tor users or Twitter followers and tweets, the greater the mining of exploitable connections and siphoning, storing and mining. Popularity and privacy protection are promoted as beneficial but are also an invitation for metadata exploitation of crowd, cohort and individual profiling, like-mindedness, complicity and interdependency, exemplified in the the venerable PGP key servers. Old style "traffic analysis" has been broadened and supplanted by metadata of technological and social transactions -- paraphrasing McLuhan, the metadata is the accessible message. These are tools currently in use by government, prosecution, law enforcement, spies, academics, NGOs, commerce, comsec vendors, "ethical hackers" and ISPs -- acting in concert with the infrastructure operators running the machines and networks. Edward Snowden calls this "the architecture of oppression" which he helped run. Perhaps still helps, witting or unwitting, by advising use of PGP.