[tor-talk] GnuPG and Tor

Lunar lunar at torproject.org
Wed Jul 16 12:18:42 UTC 2014


Red Sonja:
> Rejo Zenger:
> > ++ 15/07/14 14:09 -0400 - grarpamp:
> >>> secured server. Or anybody can see your whole addressbook. So it is a
> >>> secured server. But still, it is quite obvious who am I just by looking
> >>> at that list. So I figured out, maybe if I push the refresh through Tor,
> >>> talking with a secured server that would make things more private. I
> >>
> >> And unless one by one with --recv-keys, keyserver sees your
> >> entire list at once.
> > 
> > Which means: the only thing you are protecting (by using Tor when 
> > updating your keychain) is the source IP-address for the refresh, e.g. 
> > your location. 
> 
> So the whole GnuPG is antithetical to anonymity?

If you use public key cryptography, we can say yes. That's why we
often differenciate between anonymity and pseudonymity. With GnuPG, one
can create a strong pseudonymous identity. Using Tor while using this
identity will make it harder to link it with other identities.

-- 
Lunar                                             <lunar at torproject.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140716/22ff6991/attachment.sig>


More information about the tor-talk mailing list