[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: GnuPG through Tor



On Tue, 21 Oct 2008 03:37:56 -0500 (CDT), Scott Bennett wrote:

>      On Tue, 21 Oct 2008 00:45:10 -0400 tor-operator@xxxxxxxxxxxxx wrote:
>>On Monday 20 October 2008 22:48:32 misc wrote:
>>> Is it possible to run GnuPG through Tor? (when connecting to LDAP and HKP
>>> servers to exchange keys)?
>>
>>Hello,
>>
>>If you don't mind my asking, is there anything you (or anyone else, chime in!) 
>>feel could be incriminating about obtaining someone's public key block from a 
>>keyserver?
> 
>      I don't think that is the issue here, but rather one of whether doing
> so breaks or weakens one's anonymity.  For example, if Bob fetches an
> infrequently fetched key (e.g., a key belonging to Lureen) and two minutes
> later Lureen's in box receives an encrypted message via an anonymous remailer,
> does knowing the IP address of the key fetcher is also Alice's IP address
> help Charlie point the finger at Alice as being the source of the message?

You hit it right on the money! If you download the public key without Tor
and then email the person through Tor, it doesn't take a rocket scientist
to put two and two together: that the person who downloaded the key is
probably the one who emailed "anonymously" later. That's a no-brainer, esp
if nobody else downloaded that key for months :)

I have a real problem downloading public keys of Hushmail users. I don't
want to install java, which is required to download their keys through the
browser. They don't propagate their keys to public HKP servers (which I
indeed could assess using Tor & Privoxy). They have their own free LDAP
server:

ldap://keys.hush.com:389

Is there any way at all to get keys from LDAP server through Tor?