Are services like ProtonMail damaging the Web of Trust?

First of all, I'm a long time paid ProtonMail user and really appreciate the service.

My goal is not to ask for ProtonMail and the like to shutdown their services as they obviously offer better privacy than other mail providers.


That being said, I recently took time to dive into OpenPGP and some of its implementations. I bought a pair of smartcard and try to follow the best practices.

But, being a ProtonMail client, I already have a ProtonMail generated [SC] master key and its associated [E] sub key. No [A] sub key from them but it's understandable.

It's all well hidden so than customers who don't want to wrap their head around the encryption problematic simple have to trust ProtonMail about their (password protected) master key privacy and the (web or bridge) client.

But when it comes to the Web of Trust, ProtonMail is a huge disappointment (again, according to me, no expert here). Of course it's possible to certify others public keys but there are very few information about what it really does in practice.

For example :

  • Is the certification made public and shared with other key servers?
  • As a ProtonMail user but also newly aware of the internals of OpenPGP, I feel like generating and uploading a newly made private key as it would damage my reputation in the Web of Trust.

So, are services like ProtonMail "destroying" PGP by centralizing instead of distributing the Web of Trust?

πŸ‘︎ 14
πŸ“°︎ r/pgp
πŸ’¬︎
πŸ‘€︎ u/PacoVelobs
πŸ“…︎ Jan 27 2021
🚨︎ report
Are services like ProtonMail damaging the Web of Trust? /r/pgp/comments/l62grw/ar…
πŸ‘︎ 11
πŸ“°︎ r/GnuPG
πŸ’¬︎
πŸ‘€︎ u/PacoVelobs
πŸ“…︎ Jan 27 2021
🚨︎ report
We’ve released our post on: DeveryJS - Web of Trust Integration, Nonce Manager medium.com/devery-io/deve…
πŸ‘︎ 8
πŸ“°︎ r/deveryofficial
πŸ’¬︎
πŸ‘€︎ u/devery_io
πŸ“…︎ Jan 05 2021
🚨︎ report
Web of Trust (WOT) Extension Issues

I have been having weird issues with Chrome on several websites for a long time. Amongst them are Reddit, where I constantly have been getting the "Sorry, we couldn't load posts for this page." error message every time I browse to a new content. On Messenger i have not been able to send files. On some sites i have been logged out immediately after logging in. Stuff like that and it has been driving me crazy. Finally after some testing I have found that this is caused by the WOT (Web of Trust) extension for Chrome so I have disabled it. I was wondering if anyone else has been experiencing similar issues with the extension on if there is a fix for it so that it can keep using WOT which is quite handy otherwise.

πŸ‘︎ 5
πŸ“°︎ r/chrome
πŸ’¬︎
πŸ‘€︎ u/norsemanGrey
πŸ“…︎ Nov 04 2020
🚨︎ report
Web of Trust, Part 1: Concept fedoramagazine.org/web-of…
πŸ‘︎ 34
πŸ“°︎ r/Fedora
πŸ’¬︎
πŸ‘€︎ u/fedobot
πŸ“…︎ Oct 14 2020
🚨︎ report
Web of Trust, Part 2: Tutorial fedoramagazine.org/web-of…
πŸ‘︎ 16
πŸ“°︎ r/Fedora
πŸ’¬︎
πŸ‘€︎ u/fedobot
πŸ“…︎ Oct 19 2020
🚨︎ report
which projects use gits distributed programming methodology (web of trust) most successfully?

Basically using it like Linus intended, namely having a large number of repos and a web of trust instead of one main github, etc repo.

Seems like most projects don't really use a web of trust to collect and vet patches to be collected upstream by each repos web of close trusted developers.

πŸ‘︎ 3
πŸ“°︎ r/git
πŸ’¬︎
πŸ‘€︎ u/alexwagner74
πŸ“…︎ Sep 30 2020
🚨︎ report
Brain trust of r/dirbikes, what do you think caused what? Bearing failure causing crank-webs to shift or vice-versa? reddit.com/gallery/ippf60
πŸ‘︎ 6
πŸ“°︎ r/Dirtbikes
πŸ’¬︎
πŸ‘€︎ u/jonno85uk
πŸ“…︎ Sep 09 2020
🚨︎ report
A Web of Trust for NPM btao.org/2020/10/02/npm-t…
πŸ‘︎ 4
πŸ“°︎ r/hackernews
πŸ’¬︎
πŸ‘€︎ u/qznc_bot2
πŸ“…︎ Oct 03 2020
🚨︎ report
Have we started hitting these fake news sites on Web of Trust?

https://www.mywot.com/scorecard/kalamazootimes.com

I don't see any reviews for this one yet. In my experience the plugin isn't as popular as it used to be, but it may still be worth using. Boomers are probably the userbase of the plugin and also the biggest target market of the fake news

On that note, maybe leaving reviews on virustotal or other reputation sites could also be beneficial. Mozilla has a "Report Deceptive Site" but it looks more geared toward malware and phishing. Maybe we could see if they want to include things like this. Google has a similar program: https://support.google.com/chrome/answer/99020?co=GENIE.Platform%3DDesktop&hl=en

πŸ‘︎ 94
πŸ“°︎ r/MassMove
πŸ’¬︎
πŸ‘€︎ u/CryptoMaximalist
πŸ“…︎ Apr 15 2020
🚨︎ report
Why wouldn't the kingdom of hyrule trust them more???? It's not like they haf built a village over a web of torture chambers
πŸ‘︎ 258
πŸ“°︎ r/ZeldaMemes
πŸ’¬︎
πŸ‘€︎ u/Undead_archer
πŸ“…︎ Jun 15 2020
🚨︎ report
How to validate keys through web of trust?

I'm a beginner to this, so I apologize if this is an obvious question, but I've been searching for days and I can't find any clear answer.

If I understand correctly, validation through a web of trust should work like this: First, Carol meets Alice in person, signs Alice's public key, and returns a signed copy to Alice. Alice later meets Bob in person, signs his public key, and returns the signed copy to Bob.

Now, Bob sends his key to Carol. Because Bob's key has been signed by Alice's key, which was signed by Carol's key, GPG considers Bob's key valid, and assigns it trust level "full".

If I understand the section Using trust to validate keys of the GNU Privacy Handbook, this should be enough for Carol to validate Bob's key.

I reproduced the scenario above, and after importing Bob's key to Carol's keyring

gpg --list-sigs

shows the following:

----------------------------
pub   rsa2048 2020-07-17 [SC] [expires: 2022-07-17]
      64C7812CA96E357571447AE92D5490BAE4CD978C
uid           [ultimate] Carol_key
sig 3        2D5490BAE4CD978C 2020-07-17  Carol_key
sub   rsa2048 2020-07-17 [E] [expires: 2022-07-17]
sig          2D5490BAE4CD978C 2020-07-17  Carol_key

pub   rsa2048 2020-07-17 [SC] [expires: 2022-07-17]
      23564BAAAEBB2C50B3B68824F6B0E4677A56AC62
uid           [  full  ] Alice_key
sig 3        F6B0E4677A56AC62 2020-07-17  Alice_key
sig          2D5490BAE4CD978C 2020-07-17  Carol_key
sub   rsa2048 2020-07-17 [E] [expires: 2022-07-17]
sig          F6B0E4677A56AC62 2020-07-17  Alice_key

pub   rsa2048 2020-07-16 [SC] [expires: 2022-07-16]
      6428EBFFF80AB930A9BCE1E9D1DBCF023AC2B5EB
uid           [  undef ] Bob_key
sig 3        D1DBCF023AC2B5EB 2020-07-16  Bob_key
sig          F6B0E4677A56AC62 2020-07-17  Alice_key
sub   rsa2048 2020-07-16 [E] [expires: 2022-07-16]
sig          D1DBCF023AC2B5EB 2020-07-16  Bob_key

Attempting to encrypt a message for Bob with

gpg -r Bob_key --encrypt text.txt

gives:

gpg: 41E0ED3E88F25C85: There is no assurance this key belongs to the named user

sub  rsa2048/41E0ED3E88F25C85 2020-07-16 Bob_key
 Primary key fingerprint: 6428 EBFF F80A B930 A9BC  E1E9 D1DB CF02 3AC2 B5EB
      Subkey fingerprint: D5B7 E76F 14F2 01BD 9969  DE5E 41E0 ED3E 88F2 5C85

It is NOT certain that the key belongs to the person named
in the user ID.  If you 
... keep reading on reddit ➑

πŸ‘︎ 7
πŸ“°︎ r/GnuPG
πŸ’¬︎
πŸ‘€︎ u/edsq
πŸ“…︎ Jul 17 2020
🚨︎ report
SHA-1 is a Shambles : First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust eprint.iacr.org/2020/014.…
πŸ‘︎ 107
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/Akalamiammiam
πŸ“…︎ Jan 07 2020
🚨︎ report
Had a a tough time trying to bond with him. And after being bit a good couple of times he is starting to trust me. His name is templeton. Like from charlotte’s web.
πŸ‘︎ 98
πŸ“°︎ r/RATS
πŸ’¬︎
πŸ‘€︎ u/RogueKirito33
πŸ“…︎ Apr 02 2020
🚨︎ report
Want to make cannabis liquid for vaping (or adding to food etc.) With 50/50 VG/PG base. Do you have some advices for me? Searched the web for it and found some recipes but this is community of experienced cooks and I trust you more than some howtomakeyourselfretardedfortherestofyourlife.org websites
πŸ‘︎ 2
πŸ“°︎ r/treedibles
πŸ’¬︎
πŸ‘€︎ u/89Gosha
πŸ“…︎ Apr 19 2020
🚨︎ report
Court document of Tulip Trust Key VS fake Cryto Web Sites

Court Doc --> https://www.courtlistener.com/recap/gov.uscourts.flsd.521536/gov.uscourts.flsd.521536.376.0_1.pdf

Jan 10, 2020 Dr. Craig has get the last slice from a 3rd Courier to form a key to unlock an encrypted file of the Tulip Trust in which he can access a software to get the correct 16K Bitcoin Core public addresses.

Jan 14-16, Dr. Craig has submitted these 16K addresses to the Plaintiff and US Judge to prove that he is willing to provide the public addresses mined from 2009-2013 to comply with the court order.

Because Dr. Craig can encrypt the Tulip Trust file, he can access his Bitcoin Core holding and as I know, he will setup a fund using this Tulip Trust BTC Core to support BSV and do other things (BSV will use money of its haters to make BSV stronger)

These are many fake crypto web sites are telling lies, do not believe them.

If you're are new to BSV, Read court documents and check https://craigwright.net/ to do your own research.

πŸ‘︎ 13
πŸ“°︎ r/bitcoincashSV
πŸ’¬︎
πŸ‘€︎ u/BSVForever
πŸ“…︎ Jan 16 2020
🚨︎ report
Open Standards for Identity, Web of Trust, ~PKI, Decentralized Encrypted Chat and File Sharing

There are a number of open specs which didn't exist when Keybase was first conceptualized.

What are the current open standards (with and without implementations) for Identity, Web of Trust / ~PKI / Keyservers, Decentralized Encrypted Chat and File Sharing, and other cool Keybase features?

πŸ‘︎ 11
πŸ“°︎ r/Keybase
πŸ’¬︎
πŸ‘€︎ u/westurner2
πŸ“…︎ May 16 2020
🚨︎ report
Member is a Peer to Peer, Web of Trust, Reputation Network on BCH. But it needs your help to get started. No Donations! Just Take 5 Minutes to Rate Some Memo Users. memberapp.github.io/?nrl#…
πŸ‘︎ 44
πŸ“°︎ r/btc
πŸ’¬︎
πŸ‘€︎ u/freetrade
πŸ“…︎ Sep 01 2019
🚨︎ report
SHA-1 is a Shambles : First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust eprint.iacr.org/2020/014.…
πŸ‘︎ 26
πŸ“°︎ r/cryptography
πŸ’¬︎
πŸ‘€︎ u/Akalamiammiam
πŸ“…︎ Jan 07 2020
🚨︎ report
Web of Trust Plug in

When i try to log in with my identity under the community section, nothin happen. I cannot login with my old or new identities! Δ±t looks like sign in button doesnt work for me. When i click on sign in button nothing loaded. My Java version 8 update 241, my os windows 10 pro, my browser accept cookies.

Maybe my system need some extra c++ binaries or plugins to sign in with my identities.. Please help thank you

https://preview.redd.it/uw4bhjtdd7u41.jpg?width=1024&format=pjpg&auto=webp&s=190fe687795d51388c606a95c38e2d5e94c7211e

πŸ‘︎ 4
πŸ“°︎ r/Freenet
πŸ’¬︎
πŸ‘€︎ u/omorfis
πŸ“…︎ Apr 21 2020
🚨︎ report
Web of Trust is in the default blocklist?

I've just noticed that I can't load the page mywot.com. I've checked in the query lists menu, and the blocking rule is added in the StevenBlack blocklist (Is this a default one, or I just don't remember adding it?). Interesting that api.mywot.com is not blocked so the browser extension can still work as intended.

Is there something particularly wrong with this website/service for which I should stop using it?

πŸ‘︎ 2
πŸ“°︎ r/pihole
πŸ’¬︎
πŸ‘€︎ u/MPeti1
πŸ“…︎ Nov 30 2019
🚨︎ report
Society: Web of trust or sticks pointed everywhere? dynomight.home.blog/2019/…
πŸ‘︎ 11
πŸ“°︎ r/slatestarcodex
πŸ’¬︎
πŸ‘€︎ u/dyno__might
πŸ“…︎ Oct 17 2019
🚨︎ report
Cryptocommunism is web of trust, not blockchain

Web of trust is a concept in cryptography in which everyone signs the public key of those that they trust; by publishing these signatures people can then trust people you trust, because they trust you. Blockchain on the other hand is a trustless system; you don't expect to trust the people you are dealing with, so you need a system you can trust instead.

Communism and web of trust seek to build systems that you can trust because you trust the people. Capitalism and blockchain make you dependent on the system for trust because you cannot trust in the people.

πŸ‘︎ 7
πŸ“°︎ r/Anarchism
πŸ’¬︎
πŸ“…︎ Dec 29 2019
🚨︎ report
Just watched Web of Lies S1 E3... β€œYou can’t trust anyone online. You never know who is behind that screen.” So true! We live in such a scary world. People lie just to get what they want.
πŸ‘︎ 16
πŸ“°︎ r/DiscoveryID
πŸ’¬︎
πŸ‘€︎ u/LauRen-7
πŸ“…︎ Dec 04 2019
🚨︎ report
Iris - Martti Malmi (likely the second dev after Satoshi) has started to promote his web-of-trust project twitter.com/marttimalmi/s…
πŸ‘︎ 22
πŸ“°︎ r/btc
πŸ’¬︎
πŸ‘€︎ u/HostFat
πŸ“…︎ Mar 18 2019
🚨︎ report
Iris - Martti Malmi (likely the second dev after Satoshi) has started to promote his web-of-trust project twitter.com/marttimalmi/s…
πŸ‘︎ 27
πŸ’¬︎
πŸ‘€︎ u/rooshiamarodnimad
πŸ“…︎ Mar 25 2019
🚨︎ report
Besides Verizon’s history of allowing third parties to monetize its customers’ web-browsing habits, there’s another reason you probably shouldn’t trust its new VPN motherboard.vice.com/en_u…
πŸ‘︎ 286
πŸ“°︎ r/KeepOurNetFree
πŸ’¬︎
πŸ‘€︎ u/LizMcIntyre
πŸ“…︎ Aug 06 2018
🚨︎ report
Web of Trust Tool - Quick Guide

I just used this onchain tool (Web of Trust) to help separate the reputable users from the trolls. For newbies, it may be confusing where to start so here are the steps to using it. This tool allows you to rate each other onchain, and from there, gradually build up a reputation system for users. I think long term wise, this tool could be very useful to identify the reputable users from the trolls.

Login through https://memberapp.github.io/#login

You will need your WIP key which you can grab from your memo.cash account. https://memo.cash/account > "Export Your Key" > Copy the key from "WIF Compressed (base58)" to https://memberapp.github.io/#login

Having said that, please leave me a rating even if you hate me, feel free to give me 1 star, lol. My url is https://memberapp.github.io/#member?qaddress=15We9BXjo17JtbBP8b65idzEACSyc81owG

You can rate other users at https://memberapp.github.io/#bootstrap (I suspect there's some problem because my ratings wasn't recorded, maybe due to the 25 limit https://www.reddit.com/r/btc/comments/ce5o46/over_100_memo_transactions_rejected_in_the_last/ )

Please note that you will need some Bitcoin Cash in your memo.cash account in order to do the rating since these are done onchain and therefore has a small transaction fee.

I believe the full credits goes to /u/freetrade for building this tool.

πŸ‘︎ 8
πŸ“°︎ r/btc
πŸ’¬︎
πŸ‘€︎ u/MobTwo
πŸ“…︎ Sep 07 2019
🚨︎ report
WOT (Web of Trust) addon logs your web browsing, report identifies top politicians' private details in the data. blog.a9t9.com/2016/11/wot…
πŸ‘︎ 335
πŸ“°︎ r/privacy
πŸ’¬︎
πŸ‘€︎ u/automation2018
πŸ“…︎ Nov 03 2016
🚨︎ report
Why did the PGP Web of Trust fail? medium.com/@bblfish/what-…
πŸ‘︎ 6
πŸ“°︎ r/privacy
πŸ’¬︎
πŸ‘€︎ u/PRIVACYx05i4shUl
πŸ“…︎ Jan 23 2019
🚨︎ report
PSA: The popular addon Web of Trust has been found to collect and sell your identifiable data including your account names, mail addresses, travel plans, illnesses, sexual preference, drug consumption, confidential company information, ongoing police investigations, browser surfing activity and more

It was discovered by the German TV channel NDR: https://www.ndr.de/nachrichten/netzwelt/Im-Netz-ausgespaeht-Spionage-per-Add-on,nacktimnetz104.html

(English article about it: http://www.pcmag.com/news/349328/web-of-trust-browser-extension-cannot-be-trusted)

Just thought I'd give a heads-up since that addon is quite popular.

πŸ‘︎ 578
πŸ“°︎ r/technology
πŸ’¬︎
πŸ‘€︎ u/JohnTheGenius43
πŸ“…︎ Mar 04 2017
🚨︎ report
Member is a Peer to Peer, Web of Trust, Reputation Network on BCH. But it needs your help to get started. No Donations! Just Take 5 Minutes to Rate Some Memo Users. reddit.com/r/btc/comments…
πŸ‘︎ 4
πŸ“°︎ r/MemoCash
πŸ’¬︎
πŸ‘€︎ u/cryptozaurus
πŸ“…︎ Sep 01 2019
🚨︎ report
Is this actually effective?? I made it out of a video I saw on the webs but it was on "blossom" I think so....yeah I don't trust them
πŸ‘︎ 6
πŸ“°︎ r/proplifting
πŸ’¬︎
πŸ‘€︎ u/jolyghoul
πŸ“…︎ Aug 20 2019
🚨︎ report
A moving web game, that uses game theory to prove the importance of trust in any social group. ncase.me/trust/
πŸ‘︎ 24
πŸ“°︎ r/gaming
πŸ’¬︎
πŸ‘€︎ u/KarakulStoner
πŸ“…︎ Mar 20 2019
🚨︎ report
Spider in the Web - Official Trailer - Ben Kingsley, Monica Bellucci, Makram Khoury, Filip Peeters - An aging spy is on one last mission to redeem his life and career when a mysterious woman appears and the lines of trust with his superiors begin to blur youtube.com/watch?v=QtrH2…
πŸ‘︎ 3
πŸ“°︎ r/trailers
πŸ’¬︎
πŸ‘€︎ u/slyall
πŸ“…︎ Jul 30 2019
🚨︎ report
Member is a Peer to Peer, Web of Trust, Reputation Network on BCH. But it needs your help to get started. No Donations! Just Take 5 Minutes to Rate Some Memo Users. reddit.com/r/btc/comments…
πŸ‘︎ 2
πŸ“°︎ r/MannaCurrency
πŸ’¬︎
πŸ‘€︎ u/MichaelTen
πŸ“…︎ Sep 02 2019
🚨︎ report
Idea for Memo web of trust

The idea is to have 3 new Actions:

 

  • Trust user
  • Distrust user
  • Remove trust from user (you might have given trust/distrust to the wrong user, and you want to remove it without leaving them positive/negative)

 

All counting is done client-side in the app/website; nobody's "accumulated" reputation is recorded in the blockchain, only individual trusts/distrusts users give each other.

I will use "reputation to me" in the examples below because everybody will have different reputations for others depending on the users they trust.

 

First of all and very importantly, global trust/distrust counts should be IGNORED and only trusts/distrusts from users you trust should be relevant to you.

The app/website counts the trusts/distrusts of users you trust and adds them together.

EXAMPLE 1: I trust Roger. Roger trusts Jonald. Jonald's reputation to me is increased.

EXAMPLE 2: I trust Roger and Jonald. Roger and Jonald distrust Troll_A. Troll_A's reputation to me is lowered x2.

EXAMPLE 3: Troll_A distrusts Roger. I distrust Troll_A. Roger's reputation to me is unaffected.

EXAMPLE 4: A bunch of newly-created troll accounts distrust Roger. Those troll accounts are not even known to me. Roger's reputation to me is unaffected.

 

A takeaway from this is that a brand-new user will not see reputations for anybody until they add trust to at least one other user.

QUESTION: should brand-new users see the global count of trusts/distrusts instead?

ANSWER: most users would just accept the global count out of inertia and that just takes us to the "twitter situation", where a bunch of troll accounts can easily influence everything. It is better to "force" new users to do their homework and find somebody to trust.

 

In the case of a user giving multiple trusts/distrusts to the same user, only the latest should be counted.

EXAMPLE: Roger already trusts Jonald. Roger gives trust to Jonald again. Users who trust Roger see no change to Jonald's reputation.

QUESTION: why shouldn't it be possible to give more than one trust to somebody?

ANSWER: everybody's voices should be equal.

QUESTION: but couldn't BS_COMPANY create thousands of troll accounts and give trust/distrust with all of them at once?

ANSWER: remember, the trusts/distrusts of troll accounts don't affect anybody's reputation to you unless you give trust to those troll accounts yourself.

 

Also, given that all counting is done in the app/website

... keep reading on reddit ➑

πŸ‘︎ 9
πŸ“°︎ r/btc
πŸ’¬︎
πŸ“…︎ Apr 18 2018
🚨︎ report
Web of Trust Tool - Quick Guide

I just used this onchain tool (Web of Trust) to help separate the reputable users from the trolls. For newbies, it may be confusing where to start so here are the steps to using it. This tool allows you to rate each other onchain, and from there, gradually build up a reputation system for users. I think long term wise, this tool could be very useful to identify the reputable users from the trolls.

Login through https://memberapp.github.io/#login

You will need your WIP key which you can grab from your memo.cash account. https://memo.cash/account > "Export Your Key" > Copy the key from "WIF Compressed (base58)" to https://memberapp.github.io/#login

Having said that, please leave me a rating even if you hate me, feel free to give me 1 star, lol. My url is https://memberapp.github.io/#member?qaddress=15We9BXjo17JtbBP8b65idzEACSyc81owG

You can rate other users at https://memberapp.github.io/#bootstrap (I suspect there's some problem because my ratings wasn't recorded, maybe due to the 25 limit https://www.reddit.com/r/btc/comments/ce5o46/over_100_memo_transactions_rejected_in_the_last/ )

Please note that you will need some Bitcoin Cash in your memo.cash account in order to do the rating since these are done onchain and therefore has a small transaction fee.

I believe the full credits goes to /u/freetrade for building this tool.

πŸ‘︎ 2
πŸ“°︎ r/Bitcoincash
πŸ’¬︎
πŸ‘€︎ u/MobTwo
πŸ“…︎ Sep 07 2019
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.