Silk Road forums

Discussion => Security => Topic started by: fartsinthewind on June 24, 2013, 04:27 am

Title: Comments within PGP key
Post by: fartsinthewind on June 24, 2013, 04:27 am
Probably a stupid question from a two year roader, but what's with the extra comments inside some people's PGP key, usually right after the "Version:" descriptor. I noticed a couple vendors had these, such as "Comment: GPGTools - http://gpgtools.org"

Surely this is harmless....what say you, fellow travelers?

Regards,

Paranoia
Title: Re: Comments within PGP key
Post by: astor on June 24, 2013, 04:52 am
Comments can be used for anything, but in some cases, like the one you cite, they give extra info about the program. The purpose of this in the normal use case is it allows people to know what PGP programs their friends are using. So if there's a security vulnerability in that program, they can warn their friends. In our use case, it's mostly harmless, although it does reduce your anonymity set, because we are divided into groups of people who use PGP program X, Y, Z. I say it's mostly harmless because if LE has confiscated your computer and can look at your PGP program, you are probably fucked already. They can find your public key with the key ID and confirm that you are person X that they were communicating with online, for example. Correlating your PGP program with the version string of person X online adds little to what they can find out about you if they seize your computer.
Title: Re: Comments within PGP key
Post by: fartsinthewind on June 24, 2013, 05:07 am
+1 Astor, I figured about as much. Thanks for the reply, keep up the good work by keeping the people informed!

I'm actually going to purchase a new computer soon, maybe even a used laptop, and run some kind of virtual machine/partition setup. A close family member of mine works computer forensics with a major LEA, and he "seems" confused about bitcoins and the online black market environment when its come up in casual family get together conversations. Who knows.

I just put black electrical tape over the screen-facing camera on my phone, so no unneccesary picture taking of any kind, for any reason. Why, besides obvious marketing driven purposes, would any app need to sneek a peek at my face? Lol. I should just wear an Obama mask when using the "Ultimate flashlight 3 free" app, since those gentlemen have a clear need to see my face when i'm using my phone. Who knows, maybe watergate part II will break loose. haha
Title: Re: Comments within PGP key
Post by: astor on June 24, 2013, 05:17 am
+1 Astor, I figured about as much. Thanks for the reply, keep up the good work by keeping the people informed!

I'm actually going to purchase a new computer soon, maybe even a used laptop, and run some kind of virtual machine/partition setup. A close family member of mine works computer forensics with a major LEA, and he "seems" confused about bitcoins and the online black market environment when its come up in casual family get together conversations. Who knows.

Glad to know the "experts" are that ignorant. :)

Quote
I just put black electrical tape over the screen-facing camera on my phone, so no unneccesary picture taking of any kind, for any reason. Why, besides obvious marketing driven purposes, would any app need to sneek a peek at my face? Lol. I should just wear an Obama mask when using the "Ultimate flashlight 3 free" app, since those gentlemen have a clear need to see my face when i'm using my phone. Who knows, maybe watergate part II will break loose. haha

I specifically bought a computer with no camera and purchased the camera separately. It's a better HD camera anyway. And when I'm not using it, I can physically disconnect it (without opening the chassis).
Title: Re: Comments within PGP key
Post by: fartsinthewind on June 24, 2013, 05:39 am
+1 Astor, I figured about as much. Thanks for the reply, keep up the good work by keeping the people informed!

I'm actually going to purchase a new computer soon, maybe even a used laptop, and run some kind of virtual machine/partition setup. A close family member of mine works computer forensics with a major LEA, and he "seems" confused about bitcoins and the online black market environment when its come up in casual family get together conversations. Who knows.

Glad to know the "experts" are that ignorant. :)

Quote
I just put black electrical tape over the screen-facing camera on my phone, so no unneccesary picture taking of any kind, for any reason. Why, besides obvious marketing driven purposes, would any app need to sneek a peek at my face? Lol. I should just wear an Obama mask when using the "Ultimate flashlight 3 free" app, since those gentlemen have a clear need to see my face when i'm using my phone. Who knows, maybe watergate part II will break loose. haha

I specifically bought a computer with no camera and purchased the camera separately. It's a better HD camera anyway. And when I'm not using it, I can physically disconnect it (without opening the chassis).

A gentleman and a scholar! Carry on my good man.