Cody Casterline πŸ³οΈβ€πŸŒˆ is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

I just did a very elaborate GPG thing (I'm now on a setup that involves 2 Yubikeys) and it felt simultaneously so gratifying and sad, like translating Shakespeare into a language with half a dozen living speakers

Cody Casterline πŸ³οΈβ€πŸŒˆ @NfNitLoop

@xor PGP key management is so cumbersome I just recommend people send me things on these days. It does a lot of crypto best practices automatically, and is (almost) as easy as using a chat app.

Β· Web Β· 0 Β· 0
@NfNitLoop @xor You can't trust anyone on Keybase because it's impossible to know if they uploaded their private key which would mean your messages are potentially compromised

@feld @xor and people can’t compromise PGP keys outside of keybase? IMO, people are more likely to copy their private PGP keys to multiple devices to be able to decrypt with them. Keybase is better if you just leave PGP out of it and use their device keys.

@NfNitLoop @xor it's a feature of the service and you can't possibly know if the user was tricked into uploading their private key for convenience.

I generally don't send PGP mail to people I don't know or trust. There are definitely people out there who don' t use PGP safely. I put everyone in "keybase.io" under the "cannot trust" category.

@feld btw, sending files/messages in keybase chat doesn’t use PGP encryption.

@NfNitLoop I have no interest in keybase chat as it requires a keybase account

@NfNitLoop sure, depending on threat model and stuff! Honestly the majority of my friends use Signal and I can use it for almost everything (including now files, and works seamlessly desktop-to-mobile, etc)