[Cryptography] Google proposes a Web of Trust replacement to solve the key distribution problem.

[Phil Pennock]

On 2014-08-28 at 09:51 +0530, Udhay Shankar N wrote:
> https://code.google.com/p/end-to-end/wiki/KeyDistribution

Crash and burn: the existing public key servers for PGP have already
received EU-based privacy takedown notices for keys, after someone
protested their public key being publicly listed, together with their
name.  Since SKS (the reconciling PGP keyserver network) has no current
way to blacklist keys (cue censorship cries), that keyserver operator in
Austria, an operator of good standing, shut down his keyserver.  This
predates "right to be forgotten" recent fuss, and is based on
long-standing EU privacy laws.

So take that same principle, but then make the history absolutely
immutable by design, while holding data about personally identifiable
information (name + email), make it very public, with complete history
(not just current view) and try to scale it out to every email user.

Spammers will have a field day.

In an attempt to provide privacy and secrecy for communications, in a
way which doesn't solve metadata leakage and bulk analysis but makes
them worse (non-revocable) they're reducing privacy for email addresses
and names and making it a bulk action.

It's this sort of blindness which keeps landing Google in trouble with
privacy commissioners.

-Phil