Discussion:
Thoughts on Keybase
(too old to reply)
Robert J. Hansen
2014-12-15 18:40:22 UTC
Permalink
Keybase (https://keybase.io) is trying to solve the Web of Trust problem
in a new way. They're currently in beta, but I was able to snag an
invitation. (I have no invites to give out, unfortunately.) The
following is just a write-up on how it works and what my impressions of
it are. You may find it interesting. You may not. :)

=====

1. SO WHAT'S THE PROBLEM WITH THE WoT?

In a nutshell, "everything." In my own experience, the Web of Trust
goes pretty much completely unused. There are several reasons for this.
The first is that trust is intransitive: if Alice trusts Bob and Bob
trusts Charlene, it doesn't necessarily follow that Alice trusts
Charlene. (I like to imagine that Alice and Charlene were competing for
Bob's affections once upon a time, and that Alice still wishes Bob
wouldn't trust that hussy.[1])

The dream of the Web of Trust is that trust chains would form and Alice
would be able to trust Charlene's certificate as well as Doug's and
Elaine's and all the way on through to Xavier, Yvonne and Zenobia.
Unfortunately, it doesn't work that way. If Alice trusts Bob, that
means Alice has to trust all those people trusted by Bob... or even all
those people trusted by all those people trusted by Bob... or even all
those people trusted by all those people trusted by all those people
trusted by Bob. It gets impractical really fast.

In twenty years of using PGP and GnuPG, I've relied on the Web of Trust
a total of something like six times. It was a neat idea, but as far as
general rollout goes it's been a dismal failure.


2. OKAY, SO YOU CONFIRM EVERYTHING VIA VOICE.

Voice doesn't give us much confidence in identity. Voice allows us to
do out-of-band verification [2], but it doesn't let us confirm identity.
Most people think identity is something that gets proven by documents,
but identity is actually a lot more nebulous than that. I normally
require two forms of government-issued identity documents before I'll
sign a certificate, but I haven't seen two government-issued identity
documents from my own mother. That doesn't mean I think she's not my
mother. It means I've somewhere along the line done an identity
verification that has nothing to do with documents.


3. SO WHAT'S IDENTITY, ANYWAY?

In a phrase, identity is the name we give to continuity of agency over
time. Knowing who's responsible for something right here, now, in this
moment, is all well-and-good, but it's also kind of trivial: "the person
standing there with a smoking gun is the one who's responsible for the
body on the floor." Doesn't tell you very much, really. But knowing
that person is also "the person who bought a bagel at a delicatessen
yesterday" and "the person who's driven a Peugeot to work every day for
the last three years" and "the person who for the last several years has
lived at this address" all builds up to give us a sense of *what choices
this person has made* (agency) and *over what time frame these choices
have been made* (time).

Once we have a concept of agency over time, that by itself is an
identity. A legal name specifies an agent, but not an identity.
Identity requires history. A track record. A paper trail, as it were.


4. SO WHAT'S THE RELEVANCE TO KEYBASE?

Keybase has given up on the Web of Trust and on using official
government records to prove who people are. Instead, proofs are
established by *what you've done* (agency) and *for how long you've been
able to do it* (time).

For instance, visit this website:

https://keybase.io/rjh

You'll see a list of several "what I can do"s. Key 0xD6B98E10 has been
used to sign a tweet containing an assertion of identity: "I am Rob
Hansen, robertjhansen on Twitter." Thereby, key 0xD6B98E10 has been
bound to my Twitter social-media identity [3]. You can pull this tweet
down from Twitter's own servers and verify the statement yourself; you
don't have to take keybase's word for it. (In fact, you probably
*should* verify it for yourself.)

Likewise, I've made similar statements of identity for my GitHub account
and for a couple of web pages I run. These disparate activities
comprise a record of things I have done (agency) over a time period
(time), which is ... identity.


5. BUT YOU'RE NOT REALLY PROVING ANYTHING!

It would be pretty foolish to think my legal name was Rob Hansen based
solely on keybase, yes. Keybase makes no assertion that someone is
correctly representing their legal name. But how many of us really care
about that? The more common use case seems to be that we want to know
we're not being catfished [4]. I could be named Maurice Micklewhite and
it wouldn't change the fact that I control that Twitter account, that
GitHub account, or those webpages. If the fraction of my identity that
you care about maps well to that realm, then keybase is a pretty
effective way to verify that fraction.


6. FRACTIONS OF AN IDENTITY?

Sure. People on this list know a completely different me than my
parents do. You're the only one who knows the fullness of the choices
you've made over the course of your life: you're the only one who knows
who you truly are when the chips are down. The rest of us only ever get
to see a fraction of the true identity.


7. SO DO YOU SEE KEYBASE MAKING A BIG DIFFERENCE?

Given how miserable the WoT's adoption rate is, any improvement will be
a big difference. In its present form I don't see it as making a big
difference to the world at large, though. Right now keybase allows you
to certify your Twitter, GitHub, Reddit, CoinBase, and Hacker News
identities, as well as BitCoin addresses and any web pages you control.
For the geek cognoscenti that's great, but for the world at large it's
not going to matter half a damn until and unless keybase gets either
Google+ or Facebook on board.


8. CLOSING THOUGHTS

It's a cool idea and worth looking into. https://keybase.io. :)








[1] Americanism: "an impudent or immoral woman." Generally considered
rude, but not profane.

[2] Kind-of sort-of: most phone traffic nowadays flows over the network,
so it's actually in-band.

[3] I rarely if ever use Twitter. If you're a Twitter fiend feel free
to follow me, but don't expect much.

[4] Americanism: "identity deception."
Aaron Toponce
2014-12-29 22:47:16 UTC
Permalink
Keybase (https://keybase.io) is trying to solve the Web of Trust problem in
a new way. They're currently in beta, but I was able to snag an invitation.
(I have no invites to give out, unfortunately.)
FWIW, I have 3 invites. If you want to grab me off-list.

https://keybase.io/atoponce
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
Pete Stephenson
2015-01-03 03:59:21 UTC
Permalink
Post by Aaron Toponce
Keybase (https://keybase.io) is trying to solve the Web of Trust problem in
a new way. They're currently in beta, but I was able to snag an invitation.
(I have no invites to give out, unfortunately.)
FWIW, I have 3 invites. If you want to grab me off-list.
https://keybase.io/atoponce
At present, I have 10 invites and would be happy to share them with
those who are interested. Please contact me off-list as well.

Cheers!
-Pete
--
Pete Stephenson
Melvin Carvalho
2015-01-03 05:52:31 UTC
Permalink
Post by Robert J. Hansen
Keybase (https://keybase.io) is trying to solve the Web of Trust problem
in a new way. They're currently in beta, but I was able to snag an
invitation. (I have no invites to give out, unfortunately.) The following
is just a write-up on how it works and what my impressions of it are. You
may find it interesting. You may not. :)
=====
1. SO WHAT'S THE PROBLEM WITH THE WoT?
In a nutshell, "everything." In my own experience, the Web of Trust goes
pretty much completely unused. There are several reasons for this. The
first is that trust is intransitive: if Alice trusts Bob and Bob trusts
Charlene, it doesn't necessarily follow that Alice trusts Charlene. (I
like to imagine that Alice and Charlene were competing for Bob's affections
once upon a time, and that Alice still wishes Bob wouldn't trust that
hussy.[1])
The dream of the Web of Trust is that trust chains would form and Alice
would be able to trust Charlene's certificate as well as Doug's and
Elaine's and all the way on through to Xavier, Yvonne and Zenobia.
Unfortunately, it doesn't work that way. If Alice trusts Bob, that means
Alice has to trust all those people trusted by Bob... or even all those
people trusted by all those people trusted by Bob... or even all those
people trusted by all those people trusted by all those people trusted by
Bob. It gets impractical really fast.
In twenty years of using PGP and GnuPG, I've relied on the Web of Trust a
total of something like six times. It was a neat idea, but as far as
general rollout goes it's been a dismal failure.
2. OKAY, SO YOU CONFIRM EVERYTHING VIA VOICE.
Voice doesn't give us much confidence in identity. Voice allows us to do
out-of-band verification [2], but it doesn't let us confirm identity. Most
people think identity is something that gets proven by documents, but
identity is actually a lot more nebulous than that. I normally require two
forms of government-issued identity documents before I'll sign a
certificate, but I haven't seen two government-issued identity documents
from my own mother. That doesn't mean I think she's not my mother. It
means I've somewhere along the line done an identity verification that has
nothing to do with documents.
3. SO WHAT'S IDENTITY, ANYWAY?
In a phrase, identity is the name we give to continuity of agency over
time. Knowing who's responsible for something right here, now, in this
moment, is all well-and-good, but it's also kind of trivial: "the person
standing there with a smoking gun is the one who's responsible for the body
on the floor." Doesn't tell you very much, really. But knowing that
person is also "the person who bought a bagel at a delicatessen yesterday"
and "the person who's driven a Peugeot to work every day for the last three
years" and "the person who for the last several years has lived at this
address" all builds up to give us a sense of *what choices this person has
made* (agency) and *over what time frame these choices have been made*
(time).
Once we have a concept of agency over time, that by itself is an
identity. A legal name specifies an agent, but not an identity. Identity
requires history. A track record. A paper trail, as it were.
From my experience, when you ask 10 people 'what is identity', you get 10
different answers. A better question might be, "How do you name things
(e.g. people)". If different parties name things in a similar way there's
an order of magnitude more chance of growing the network. Keybase has a
proprietary, centralized naming strategy largely incompatible with the
architecture of the web. If that sounds like a criticism, it isnt.
Because almost everyone else does the same thing. Hence identity systems
are balkanized.

Where I think keybase shines is with convenience and utility. Such systems
have chances of organic growth. But people tend to over estimate the
chances of making it to millions of users, which is what keybase possibly
needs to change the landscape.

We need a web of trust that's universal (the only way I know to do this is
to use URIs for naming), so that it can span many systems and grow the
network effect.
Post by Robert J. Hansen
4. SO WHAT'S THE RELEVANCE TO KEYBASE?
Keybase has given up on the Web of Trust and on using official government
records to prove who people are. Instead, proofs are established by *what
you've done* (agency) and *for how long you've been able to do it* (time).
https://keybase.io/rjh
In awww this is a document, we like to put data inside documents. Then you
can make statements about both things. I may like Ricky Martin's home page
but may not like Ricky Martin.

Id suggest having an anchor inside such as #me or #this, then tie key value
pairs to it. It turns out that anchors are very hard to grok on the web
for most people, though.

Using anchors also allows multiple data structures on the page. One for
the user, one for the key, one for anything else you'd like to add.
Post by Robert J. Hansen
You'll see a list of several "what I can do"s. Key 0xD6B98E10 has been
used to sign a tweet containing an assertion of identity: "I am Rob Hansen,
robertjhansen on Twitter." Thereby, key 0xD6B98E10 has been bound to my
Twitter social-media identity [3]. You can pull this tweet down from
Twitter's own servers and verify the statement yourself; you don't have to
take keybase's word for it. (In fact, you probably *should* verify it for
yourself.)
Likewise, I've made similar statements of identity for my GitHub account
and for a couple of web pages I run. These disparate activities comprise a
record of things I have done (agency) over a time period (time), which is
... identity.
5. BUT YOU'RE NOT REALLY PROVING ANYTHING!
It would be pretty foolish to think my legal name was Rob Hansen based
solely on keybase, yes. Keybase makes no assertion that someone is
correctly representing their legal name. But how many of us really care
about that? The more common use case seems to be that we want to know
we're not being catfished [4]. I could be named Maurice Micklewhite and it
wouldn't change the fact that I control that Twitter account, that GitHub
account, or those webpages. If the fraction of my identity that you care
about maps well to that realm, then keybase is a pretty effective way to
verify that fraction.
6. FRACTIONS OF AN IDENTITY?
Sure. People on this list know a completely different me than my parents
do. You're the only one who knows the fullness of the choices you've made
over the course of your life: you're the only one who knows who you truly
are when the chips are down. The rest of us only ever get to see a
fraction of the true identity.
7. SO DO YOU SEE KEYBASE MAKING A BIG DIFFERENCE?
Given how miserable the WoT's adoption rate is, any improvement will be a
big difference. In its present form I don't see it as making a big
difference to the world at large, though. Right now keybase allows you to
certify your Twitter, GitHub, Reddit, CoinBase, and Hacker News identities,
as well as BitCoin addresses and any web pages you control. For the geek
cognoscenti that's great, but for the world at large it's not going to
matter half a damn until and unless keybase gets either Google+ or Facebook
on board.
8. CLOSING THOUGHTS
It's a cool idea and worth looking into. https://keybase.io. :)
yes, but as it's designed hard to get traction

very worth while noting the usability patterns tho
Post by Robert J. Hansen
[1] Americanism: "an impudent or immoral woman." Generally considered
rude, but not profane.
[2] Kind-of sort-of: most phone traffic nowadays flows over the network,
so it's actually in-band.
[3] I rarely if ever use Twitter. If you're a Twitter fiend feel free to
follow me, but don't expect much.
[4] Americanism: "identity deception."
_______________________________________________
Gnupg-users mailing list
http://lists.gnupg.org/mailman/listinfo/gnupg-users
MFPA
2015-01-05 02:44:00 UTC
Permalink
On Monday 15 December 2014 at 6:40:22 PM, in
knowing that person
is also "the person who bought a bagel at a
delicatessen yesterday" and "the person who's driven a
Peugeot to work every day for the last three years" and
"the person who for the last several years has lived at
this address" all builds up to give us a sense of *what
choices this person has made* (agency) and *over what
time frame these choices have been made* (time).
To me, that sounds far too invasive to be comfortable.
Once we have a concept of agency over time, that by
itself is an identity. A legal name specifies an
agent, but not an identity. Identity requires history.
A track record. A paper trail, as it were.
I like that as a working desciption of Identity. But the track record
does not need to be as all-encompassing as you describe above. I have
a natural pre-disposition to not disclose "Fractions of an identity"
that are not relevant to the specific identity enquiry.
https://keybase.io/rjh
You'll see a list of several "what I can do"s. Key
0xD6B98E10 has been used to sign a tweet containing an
assertion of identity: "I am Rob Hansen, robertjhansen
on Twitter." Thereby, key 0xD6B98E10 has been bound
to my Twitter social-media identity [3]. You can pull
this tweet down from Twitter's own servers and verify
the statement yourself; you don't have to take
keybase's word for it. (In fact, you probably
*should* verify it for yourself.)
Likewise, I've made similar statements of identity for
my GitHub account and for a couple of web pages I run.
These disparate activities comprise a record of things
I have done (agency) over a time period (time), which
is ... identity.
I know people who tend towards presenting a single blended identity,
and people who compartmentalise the facets of their life as separate
"fractions". I guess keybase is not a good "fit" for the latter group.




- --
Best regards

MFPA mailto:2014-667rhzu3dc-lists-***@riseup.net

Coffee doesn't need a menu, it needs a cup.
Robert J. Hansen
2015-01-05 03:22:19 UTC
Permalink
Post by MFPA
To me, that sounds far too invasive to be comfortable.
In context, the person had just committed a murder (see my remark about standing over a dead body holding a smoking pistol).

I’m just fine with invasive identity establishment for murder suspects. :)
MFPA
2015-01-05 22:49:54 UTC
Permalink
Hi


On Monday 5 January 2015 at 3:22:19 AM, in
Post by Robert J. Hansen
In context, the person had just committed a murder (see
my remark about standing over a dead body holding a
smoking pistol).
We only *suspect* that: we saw him holding a smoking gun but did not
actually see him fire it. Maybe a second earlier the person he was
trying to disarm fled or hid, or maybe they are the body on the
ground. Your scenario gives facts about yesterday and the last three
or more years, but provides only supposition about the events that
just occurred before we saw the smoking gun.
Post by Robert J. Hansen
I’m just fine with invasive identity establishment for
murder suspects. :)
I'm not fine with invasive anything whilst they are *only* a suspect.
And once you have proven guilt or innocence it matters not a jot who
they are.


- --
Best regards

MFPA mailto:2014-667rhzu3dc-lists-***@riseup.net

The greater the power, the more dangerous the abuse.
Robert J. Hansen
2015-01-06 01:22:47 UTC
Permalink
Post by MFPA
We only *suspect* that: we saw him holding a smoking gun but did not
actually see him fire it.
Yes, which is plenty sufficient to soothe my conscience about invasive
measures. If there's a homicide, ought it go uninvestigated and the
shooter undiscovered just because we're concerned we might be invading
the privacy of a possibly-innocent person? I would suspect I was
Post by MFPA
I'm not fine with invasive anything whilst they are *only* a
suspect. And once you have proven guilt or innocence it matters not a
jot who they are.
"Until you prove guilt I won't approve of any serious investigation into
who did it or how. And if somehow you prove guilt anyway then you don't
need to ask these questions any more, so I still won't approve."

Okay. Thanks. I'm really glad you're in the minority: if I were to
wind up murdered on a city street, I'd really hope the police would care
enough to find out who did it and how it was done and why -- even if
those questions might offend people's sensibilities.
Mark H. Wood
2015-01-06 14:14:20 UTC
Permalink
Post by Robert J. Hansen
Post by MFPA
We only *suspect* that: we saw him holding a smoking gun but did not
actually see him fire it.
True. But we have established an identity between him and a person of
interest in the case. Investigation of that interest is going to
require some more identities ("where were you on the night of the 13th?")
Post by Robert J. Hansen
Yes, which is plenty sufficient to soothe my conscience about invasive
measures. If there's a homicide, ought it go uninvestigated and the
shooter undiscovered just because we're concerned we might be invading
the privacy of a possibly-innocent person? I would suspect I was
Post by MFPA
I'm not fine with invasive anything whilst they are *only* a
suspect. And once you have proven guilt or innocence it matters not a
jot who they are.
I suspect that imprecise language such as "who they are" lies at the
root of the disagreement here. I think there may be some disagreement
about the meaning of "invasive" as well.
Post by Robert J. Hansen
"Until you prove guilt I won't approve of any serious investigation into
who did it or how. And if somehow you prove guilt anyway then you don't
need to ask these questions any more, so I still won't approve."
Okay. Thanks. I'm really glad you're in the minority: if I were to
wind up murdered on a city street, I'd really hope the police would care
enough to find out who did it and how it was done and why -- even if
those questions might offend people's sensibilities.
Well, if a person is suspected of a crime, many of his various
identities are irrelevant. Others may be critical to establishing
guilt or innocence. ("But this photo of me in the Boston Globe shows
that I was nowhere near the scene at the time you say the crime was
committed. Look at that clock behind me.")

Now, if guilt is established, that new identity matters a great deal,
since it tells us who to discipline. If guilt is disproven then that
should be made clear to anyone who might reasonably have learned of
the suspicion. So:

o if guilt is proven, that is the only identity we care about
w.r.t. the crime;

o if guilt is disproven, then the suspect's public identities are
relevant to publishing his innocence.

Things get murky when you consider established procedures. If the
suspect is released, but ordered to remain available ("don't leave
town") then the police need to record and distribute established
identities sufficient to detect whether the suspect is disobeying the
order. Later there may be a need to identify a person who is no
longer to be especially watched.

(This is why I tend to think of identification as the establishment
and maintenance of sets of mappings or labels. I have a lot of labels
("identities") stuck on me by family, friends, enemies, employers,
trading partners, etc., each of which is more or less independent.
Various sets of these labels make up how my associates retrieve their
concepts of me.)
--
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
MFPA
2015-01-07 02:01:38 UTC
Permalink
Hi


On Tuesday 6 January 2015 at 2:14:20 PM, in
Post by Mark H. Wood
True. But we have established an identity between him
and a person of interest in the case. Investigation of
that interest is going to require some more identities
("where were you on the night of the 13th?")
We know he was standing with a smoking gun, close to a body on the
ground. We should be investigating what happened, not wasting our time
with yesterday's food and the last three years' commuting habits.
Post by Mark H. Wood
I suspect that imprecise language such as "who they
are" lies at the root of the disagreement here.
"Who they are" in the sense of "what their name is" is obviously
irrelevant to whether they fired the gun. And I contend the vast
majority of "choices this person has made over time" would be
similarly unconnected to that night's events.
Post by Mark H. Wood
I
think there may be some disagreement about the meaning
of "invasive" as well.
Probably more to do with context. My comment about sounding too
invasive to be comfortable would, in hindsight, have sat better at the
beginning of my final paragraph.
Post by Mark H. Wood
Well, if a person is suspected of a crime, many of his
various identities are irrelevant.
Probably most.
Post by Mark H. Wood
Others may be
critical to establishing guilt or innocence.
The authorities need to prove guilt. The suspect does not need to
prove innocence.
Post by Mark H. Wood
o if guilt is proven, that is the only identity we
care about w.r.t. the crime;
There are those who disagree, and insist on Criminal Record checks
when an individual interacts with them in a context completely
unrelated to any crime - such as a job application.
Post by Mark H. Wood
o if guilt is disproven, then the suspect's public
identities are relevant to publishing his innocence.
If the suspicion went to court but was not proven, that is a matter of
public record. If it never went to court, it would often be in the
individual's interest to not draw attention to having been a suspect.
Post by Mark H. Wood
(This is why I tend to think of identification as the
establishment and maintenance of sets of mappings or
labels. I have a lot of labels ("identities") stuck on
me by family, friends, enemies, employers, trading
partners, etc., each of which is more or less
independent. Various sets of these labels make up how
my associates retrieve their concepts of me.)
That is right. Each person sees only the subset of labels relevant to
mutual interaction, plus any additional that the subject chooses to
reveal or the associate happens to stumble upon.

(What if each of these labels mapped to a UID on an OpenPGP key, but
anybody who didn't see that particular label on you could not read the
corresponding UID on your key?)



- --
Best regards

MFPA mailto:2014-667rhzu3dc-lists-***@riseup.net

Confusion is always the most honest response
Robert J. Hansen
2015-01-07 03:27:10 UTC
Permalink
Post by MFPA
We know he was standing with a smoking gun, close to a body on the
ground. We should be investigating what happened, not wasting our time
with yesterday's food and the last three years' commuting habits.
Unfortunately, unless you’re psychic this is impossible. You don’t know what information will be relevant. You’ll never discover “the dead guy spilled a hot coffee all over the other guy yesterday, and they had an argument, and the guy said he was going to kill him for spilling coffee” unless you interview the barista where the shooter had a cup of coffee yesterday.
Post by MFPA
"Who they are" in the sense of "what their name is" is obviously
irrelevant to whether they fired the gun.
The police’s job isn’t just to see whether a person fired the gun; it’s also to determine why, and whether more crimes are likely connected. If the dead guy is named McCoy and the living one is named Hatfield, that’s a strong hint the death is connected to a blood feud and the police need to be on the lookout for revenge killings.
Post by MFPA
And I contend the vast
majority of "choices this person has made over time" would be
similarly unconnected to that night's events.
Yes. But some would likely be. You don’t know what information will be relevant.
Post by MFPA
The authorities need to prove guilt. The suspect does not need to
prove innocence.
Only true in certain countries.
Post by MFPA
There are those who disagree, and insist on Criminal Record checks
when an individual interacts with them in a context completely
unrelated to any crime - such as a job application.
Not a privacy invasion, since that’s a public record.
MFPA
2015-01-07 04:05:06 UTC
Permalink
Hi


On Wednesday 7 January 2015 at 3:27:10 AM, in
Unfortunately, unless you’re psychic this is
impossible. You don’t know what information will be
relevant. You’ll never discover “the dead guy spilled
a hot coffee all over the other guy yesterday, and they
had an argument, and the guy said he was going to kill
him for spilling coffee” unless you interview the
barista where the shooter had a cup of coffee
yesterday.
Aside from only demonstrating possible earlier intent rather later
actions, the fraction of comments of "I'll kill you" that actually convert to
murders is vanishingly small. If I were a juror, this evidence would
tell me nothing about guilt or otherwise.
The police’s job isn’t just to see whether a person
fired the gun; it’s also to determine why, and whether
more crimes are likely connected.
I'm not sure the "why" matters, unless for mitigation. But connected
crimes makes sense.
If the dead guy is
named McCoy and the living one is named Hatfield,
that’s a strong hint the death is connected to a blood
feud and the police need to be on the lookout for
revenge killings.
The reference is lost on me. Neither is exactly an uncommon name.
Only true in certain countries.
I read recently that under Napoleonic law in France, the accused has
to disprove state accusations. But I never gave it any credence.
Not a privacy invasion, since that’s a public record.
CRB checks (in the UK) also include non-public records held by police
forces and other organisations.

And of course it is a privacy invasion to go delving into records of
past events if the subject has not shared them with you and does not
generally broadcast them. When the penalty has been paid, the debt to
society is discharged and it is no longer anybody else's business.

- --
Best regards

MFPA mailto:2014-667rhzu3dc-lists-***@riseup.net

Put knot yore trust inn spel chequers
Robert J. Hansen
2015-01-07 04:30:45 UTC
Permalink
Post by MFPA
Aside from only demonstrating possible earlier intent rather later
actions, the fraction of comments of "I'll kill you" that actually convert to
murders is vanishingly small. If I were a juror, this evidence would
tell me nothing about guilt or otherwise.
Sure it does — premeditation. Murder committed with premeditation and malice aforethought is punished much more severely (in most places) than a heat-of-the-moment killing. Knowing the offender’s state of mind is thus a perfectly legitimate avenue of inquiry, and requires investigation into background.
Post by MFPA
Post by Robert J. Hansen
If the dead guy is
named McCoy and the living one is named Hatfield,
that’s a strong hint the death is connected to a blood
feud and the police need to be on the lookout for
revenge killings.
The reference is lost on me. Neither is exactly an uncommon name.
http://en.wikipedia.org/wiki/Hatfield%E2%80%93McCoy_feud

Or just Google “hatfield mccoy”.
Post by MFPA
And of course it is a privacy invasion to go delving into records of
past events if the subject has not shared them with you and does not
generally broadcast them. When the penalty has been paid, the debt to
society is discharged and it is no longer anybody else's business.
I understand you believe there is a right to be forgotten; I hope you will understand I consider that to be Pollyannic fantasy.
Mirimir
2015-01-07 05:02:03 UTC
Permalink
On 01/06/2015 09:30 PM, Robert J. Hansen wrote:

<SNIP>
I understand you [MFPA] believe there is a right to be forgotten; I
hope you will understand I consider that to be Pollyannic fantasy.
Indeed. I agree.

But what about a right to authenticated pseudonymity?
MFPA
2015-01-07 10:13:35 UTC
Permalink
Hi


On Wednesday 7 January 2015 at 4:30:45 AM, in
Sure it does — premeditation. Murder committed with
premeditation and malice aforethought is punished much
more severely (in most places) than a
heat-of-the-moment killing.
Indeed. In some places the label of "Murder" applies to the crime with
premeditation and malice aforethought, otherwise there is a different
label such as "Manslaughter".
Knowing the offender’s
state of mind is thus a perfectly legitimate avenue of
inquiry, and requires investigation into background.
Fair enough, but I do not believe a throw-away comment heard in
arguments thousands of times per day throws any light on the
offender’s state of mind.
I understand you believe there is a right to be
forgotten;
In some contexts there is [0]. But I was not referring to any right to
be forgotten, simply to rehabilitation of offenders. Once the offender
has paid their "debt to society" they are rehabilitated and should not
be hindered from playing a full part in that society.
I hope you will understand I consider that
to be Pollyannic fantasy.
Absolutely; it is something to be striven towards but unlikely to be
totally achieved.


[0] <https://en.wikipedia.org/wiki/The_Right_to_be_Forgotten>.


- --
Best regards

MFPA mailto:2014-667rhzu3dc-lists-***@riseup.net

Of course it's a good idea - it's mine!
Bob (Robert) Cavanaugh
2015-01-07 05:03:58 UTC
Permalink
Hi,
Just to add clarification:

Locke-ian philosophy posits innocent until proven guilty. Napoleonic posits guilty until proven innocent. Both systems of justice are currently in practice in various parts of the world. The United States is founded on the Locke-ian philosophy which is the one I am personally more comfortable with.

To save you some reading:
The Hatfield-Mccoy feud took place in Appalachia in the United States at the time of and right after the American Civil War. It became iconic for Americans for conflicts involving family and revenge killings.

Thanks,

Bob Cavanaugh

-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-***@gnupg.org] On Behalf Of MFPA
Sent: Tuesday, January 06, 2015 8:05 PM
To: Robert J. Hansen on GnuPG-Users
Subject: Re: Thoughts on Keybase

* PGP Signed by an unknown key

Hi


On Wednesday 7 January 2015 at 3:27:10 AM, in
Unfortunately, unless you’re psychic this is
impossible. You don’t know what information will be
relevant. You’ll never discover “the dead guy spilled
a hot coffee all over the other guy yesterday, and they
had an argument, and the guy said he was going to kill
him for spilling coffee” unless you interview the
barista where the shooter had a cup of coffee
yesterday.
Aside from only demonstrating possible earlier intent rather later
actions, the fraction of comments of "I'll kill you" that actually convert to
murders is vanishingly small. If I were a juror, this evidence would
tell me nothing about guilt or otherwise.
The police’s job isn’t just to see whether a person
fired the gun; it’s also to determine why, and whether
more crimes are likely connected.
I'm not sure the "why" matters, unless for mitigation. But connected
crimes makes sense.
If the dead guy is
named McCoy and the living one is named Hatfield,
that’s a strong hint the death is connected to a blood
feud and the police need to be on the lookout for
revenge killings.
The reference is lost on me. Neither is exactly an uncommon name.
Only true in certain countries.
I read recently that under Napoleonic law in France, the accused has
to disprove state accusations. But I never gave it any credence.
Not a privacy invasion, since that’s a public record.
CRB checks (in the UK) also include non-public records held by police
forces and other organisations.

And of course it is a privacy invasion to go delving into records of
past events if the subject has not shared them with you and does not
generally broadcast them. When the penalty has been paid, the debt to
society is discharged and it is no longer anybody else's business.
--
Best regards

MFPA mailto:2014-667rhzu3dc-lists-***@riseup.net

Put knot yore trust inn spel chequers

* Unknown Key
* 0x1AF778E4(L)


_______________________________________________
Gnupg-users mailing list
Gnupg-***@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Robert J. Hansen
2015-01-07 16:14:53 UTC
Permalink
Post by MFPA
Aside from only demonstrating possible earlier intent rather later
actions, the fraction of comments of "I'll kill you" that actually convert to
murders is vanishingly small. If I were a juror, this evidence would
tell me nothing about guilt or otherwise.
One more thing — remember that probabilities are tricksy things. They vary wildly depending on how one looks at the problem.

Let’s say there are 10,000 threats of murder that are made, and only 10 murders. If we assume that only ten of those 10,000 threats was connected to a murder, the probability of any given threat being connected to a murder is vanishingly small — one in a thousand, or 0.1%. Starting from the fact there was a threat, it would be foolish to conclude the speaker intended on murdering someone.

However, if we look at the murders, we discover that 100% of them are connected to threats. If you start from a murder, it would be pretty wise to start looking into who threatened the person.

If the only fact you have is “Alice threatened Bob’s life,” then yes, that’s pretty poor evidence on which to investigate Alice for Bob’s death. But if the facts you have are “Alice threatened Bob’s life and Bob was killed under suspicious circumstances,” then yes, that’s actually pretty good evidence on which to investigate her.

ObComputerSecurityStuff: this turns out to be a recurring mathematical pattern that pops up all over in computer security. If you have 10,000 IDS red-flags warning of catastrophe and catastrophe never happens, that’s a pretty bad system
 but if in post-incident analysis you discover, “hey, IDS correctly reported this when it was happening,” Management will ask you some really harsh questions about why you didn’t pay attention to the warnings. I think this is how IDSes manage to get sold: too often we look at them from a postmortem, rather than premortem, perspective.
MFPA
2015-01-08 09:43:29 UTC
Permalink
Hi


On Wednesday 7 January 2015 at 4:14:53 PM, in
One more thing — remember that probabilities are
tricksy things. They vary wildly depending on how one
looks at the problem.
A lot of statistical analysis throws up pretty non-intuitive answers.
Like how few random people you need in a room before there are
probably two who share a birthday.
Let’s say there are 10,000 threats of murder that are
made, and only 10 murders. If we assume that only ten
of those 10,000 threats was connected to a murder, the
probability of any given threat being connected to a
murder is vanishingly small — one in a thousand, or
0.1%. Starting from the fact there was a threat, it
would be foolish to conclude the speaker intended on
murdering someone.
That is how I was looking at it.
However, if we look at the murders, we discover that
100% of them are connected to threats.
100% seems unlikely, but it is probably pretty high.
If you start
from a murder, it would be pretty wise to start looking
into who threatened the person.
Fair enough.
If the only fact you have is “Alice threatened Bob’s
life,” then yes, that’s pretty poor evidence on which
to investigate Alice for Bob’s death. But if the facts
you have are “Alice threatened Bob’s life and Bob was
killed under suspicious circumstances,” then yes,
that’s actually pretty good evidence on which to
investigate her.
Obviously, without Bob's suspicious death there would be no reason to
investigate Alice. And there could be hundreds of people who recently
uttered a throwaway threat at Bob.
ObComputerSecurityStuff: this turns out to be a recurring
mathematical pattern that pops up all over in computer security. If
you have 10,000 IDS red-flags warning of catastrophe and catastrophe
never happens, that’s a pretty bad system… but if in post-incident
analysis you discover, “hey, IDS correctly reported this when it was
happening,” Management will ask you some really harsh questions
about why you didn’t pay attention to the warnings.
A warning system with many false positives is no warning system at
all.

- --
Best regards

MFPA mailto:2014-667rhzu3dc-lists-***@riseup.net

Colourless green ideas sleep furiously (Noam Chomsky)

MFPA
2015-01-07 01:04:49 UTC
Permalink
Hi


On Tuesday 6 January 2015 at 1:22:47 AM, in
Post by Robert J. Hansen
Yes, which is plenty sufficient to soothe my conscience
about invasive measures.
To me, that is tantamount to saying "If we think he did this but can't
prove it; let's pull his life apart just in case we can pin something
on him."
Post by Robert J. Hansen
If there's a homicide, ought
it go uninvestigated and the shooter undiscovered just
because we're concerned we might be invading the
privacy of a possibly-innocent person?
If there is compelling evidence it should be followed up, sensibly and
in proportion to the weight of that evidence rather than the
accusation. Beyond that and regardless of the seriousness of the
matter under investigation, the individual should not be hounded by
the authorities.

He is placed at the scene with the smoking gun but there is not yet
any evidence that *he* fired it. It is a bit of a leap from that
position to an investigation of what food he bought yesterday, how he
travels to work, where he lives... As I said, "Fractions of an identity"
that are not relevant to the specific identity enquiry.
Post by Robert J. Hansen
"Until you prove guilt I won't approve of any serious
investigation into who did it or how. And if somehow
you prove guilt anyway then you don't need to ask these
questions any more, so I still won't approve."
That's better than "we have no evidence so we will investigate the
minutiae of everybody in the vicinity's lives."
Post by Robert J. Hansen
if I were to wind up murdered on a city street, I'd
really hope the police would care enough to find out
who did it and how it was done and why -- even if those
questions might offend people's sensibilities.
And if I were to wind up murdered on a city street, I'd be dead so I
wouldn't care.

Anyway, we have gone *way* off-topic. My original comment was intended
to convey my general opinion that a publicly-known dossier of
unrelated "identity" events sounds far too invasive to be comfortable.
And later in my posting, the corollary that keybase does not sound
like something attractive to people who, like me, prefer to
compartmentalise the facets of their life as separate "fractions".

- --
Best regards

MFPA mailto:2014-667rhzu3dc-lists-***@riseup.net

Vegetarian: Indian word for lousy hunter!!!
Mirimir
2015-01-07 02:14:43 UTC
Permalink
On 01/06/2015 06:04 PM, MFPA wrote:

<SNIP>
Post by MFPA
Anyway, we have gone *way* off-topic. My original comment was intended
to convey my general opinion that a publicly-known dossier of
unrelated "identity" events sounds far too invasive to be comfortable.
And later in my posting, the corollary that keybase does not sound
like something attractive to people who, like me, prefer to
compartmentalise the facets of their life as separate "fractions".
I also favor compartmentalization. But reading <https://keybase.io/>, I
don't see any requirement to include all online identity information,
provide government-issued ID, etc, etc, etc. I already use Gravatar
<Loading Image...>.

Wouldn't Keybase just better link all that to Mirimir's GnuPG key? Or am
I missing the point? Is there an expectation that Keybase usernames are
not merely pseudonyms?
MFPA
2015-01-07 03:29:36 UTC
Permalink
Hi


On Wednesday 7 January 2015 at 2:14:43 AM, in
Post by Mirimir
I also favor compartmentalization. But reading
<https://keybase.io/>, I don't see any requirement to
include all online identity information, provide
government-issued ID, etc, etc, etc.
Including more than one of your online identities on the same keybase
profile damages the compartmentalisation between those identities.

Would there be much point in having a separate keybase profile for
each separate online identity? I guess it would have some value as a
kind of surrogate keyserver. A quick look at a few random keybase
profiles showed me some that had only a person's name and a link to a
key. And one with no identity links at all but 20 trackers.
Post by Mirimir
I already use
Gravatar
<http://www.gravatar.com/avatar/2fb817d36499985e91e5778ed4a0c8b7.png>.
Does that mean Gravatar can track your activity (or popularity?)
across all sites that fetch the image?
Post by Mirimir
Wouldn't Keybase just better link all that to Mirimir's
GnuPG key?
If you favour compartmentalisation, wouldn't that be something to
avoid?
Post by Mirimir
Or am I missing the point? Is there an
expectation that Keybase usernames are not merely
pseudonyms?
I think it is that you *can* (rather than *must*) use your real name
and photo and link it to your OpenPGP key and your other online
presences.

People believe it really is *your* facebook page (or whatever), so
they will believe it is *your* key.

Here is a review of Keybase I found:-

<http://www.coindesk.com/keybase-project-plans-make-cryptography-easy-twitter/>.

- --
Best regards

MFPA mailto:2014-667rhzu3dc-lists-***@riseup.net

Was time invented by an Irishman named O'Clock?
Mirimir
2015-01-07 04:12:22 UTC
Permalink
Post by MFPA
Hi
On Wednesday 7 January 2015 at 2:14:43 AM, in
Post by Mirimir
I also favor compartmentalization. But reading
<https://keybase.io/>, I don't see any requirement to
include all online identity information, provide
government-issued ID, etc, etc, etc.
Including more than one of your online identities on the same keybase
profile damages the compartmentalisation between those identities.
Right. But including more than one seems more genuine, somehow ;) And
mostly I meant multiple accounts using a particular pseudonym, rather
than multiple pseudonyms.
Post by MFPA
Would there be much point in having a separate keybase profile for
each separate online identity? I guess it would have some value as a
kind of surrogate keyserver. A quick look at a few random keybase
profiles showed me some that had only a person's name and a link to a
key. And one with no identity links at all but 20 trackers.
I wouldn't bother for most of them. But I do like having all Mirimir
stuff linked, with authenticated association to a key. I see it more as
an enhanced keyserver than as a surrogate.
Post by MFPA
Post by Mirimir
I already use
Gravatar
<http://www.gravatar.com/avatar/2fb817d36499985e91e5778ed4a0c8b7.png>.
Does that mean Gravatar can track your activity (or popularity?)
across all sites that fetch the image?
I'm sure that they could. But I don't care.
Post by MFPA
Post by Mirimir
Wouldn't Keybase just better link all that to Mirimir's
GnuPG key?
If you favour compartmentalisation, wouldn't that be something to
avoid?
Not at all, as long as it's just Mirimir stuff that's linked. Each of my
other pseudonyms has its own key, and its own set of accounts. But none
of them is active in the same circles as Mirimir. I don't play sock
puppet games.
Post by MFPA
Post by Mirimir
Or am I missing the point? Is there an
expectation that Keybase usernames are not merely
pseudonyms?
I think it is that you *can* (rather than *must*) use your real name
and photo and link it to your OpenPGP key and your other online
presences.
We shall see if they give me an account :)
Post by MFPA
People believe it really is *your* facebook page (or whatever), so
they will believe it is *your* key.
Well, I don't do Facebook as Mirimir. But Wilders is arguably a geeky
equivalent thereof.
Post by MFPA
Here is a review of Keybase I found:-
<http://www.coindesk.com/keybase-project-plans-make-cryptography-easy-twitter/>.
Cool.
Sandeep Murthy
2015-01-07 02:55:50 UTC
Permalink
Hi

I like the idea of Keybase, although it may appear ironic
that an application designed to encourage people to
protect their privacy by using encryption more widely
and accessibly may require the storage and public
monitoring of digital identity records.

I think it shows there must be give and take - if you want
complete privacy you can go and hide in a bunker completely
cut off from the external world. But if you have any desire
to communicate with others then you have to be willing to
give up the that little bit of your public identity which you want
other people to know is genuine, in order to protect your
private communications.

Sandeep Murthy
Signed PGP part
<SNIP>
Post by MFPA
Anyway, we have gone *way* off-topic. My original comment was intended
to convey my general opinion that a publicly-known dossier of
unrelated "identity" events sounds far too invasive to be comfortable.
And later in my posting, the corollary that keybase does not sound
like something attractive to people who, like me, prefer to
compartmentalise the facets of their life as separate "fractions".
I also favor compartmentalization. But reading <https://keybase.io/>, I
don't see any requirement to include all online identity information,
provide government-issued ID, etc, etc, etc. I already use Gravatar
<http://www.gravatar.com/avatar/2fb817d36499985e91e5778ed4a0c8b7.png>.
Wouldn't Keybase just better link all that to Mirimir's GnuPG key? Or am
I missing the point? Is there an expectation that Keybase usernames are
not merely pseudonyms?
_______________________________________________
Gnupg-users mailing list
http://lists.gnupg.org/mailman/listinfo/gnupg-users
M***@TheWay.Org
2015-01-07 13:08:27 UTC
Permalink
6 Jan 2015 22:27:10 -0500 -----
Re: Thoughts on Keybase
Post by MFPA
We know he was standing with a smoking gun, close to a body on the
ground. We should be investigating what happened, not wasting our time
with yesterday's food and the last three years' commuting habits.
Indeed the events surrounding the crime must be fully investigated.
However . . .

"Because sentence against an evil work is not executed speedily, therefore
the heart of the sons of men is fully set in them to do evil."
Ecclesiastes 8:11
Unfortunately, unless you’re psychic this is impossible. You don’t
know what information will be relevant. You’ll never discover “the
dead guy spilled a hot coffee all over the other guy yesterday, and
they had an argument, and the guy said he was going to kill him for
spilling coffee” unless you interview the barista where the shooter
had a cup of coffee yesterday.
I agree.
Post by MFPA
There are those who disagree, and insist on Criminal Record checks
when an individual interacts with them in a context completely
unrelated to any crime - such as a job application.
Not a privacy invasion, since that’s a public record.
Absolutely. Employers have been held liable for hiring people with a
criminal record. e.g., Someone convicted of child molestation might not be
the best choice for a school bus driver or even school janitor--even if
they've "paid their debt." Or another less extreme example: hiring someone
as a cashier who has a criminal record of armed robbery. Perhaps they
could still be a candidate for a job, but the previous record would be
something to discuss with the individual before hiring or perhaps even
before dismissing them as a job candidate.

I don't suggest we forever treat anyone as guilty of and punishable for a
crime, but there are reasonable limits to how much we trust someone who
has been convicted for certain crimes. A criminal records check can
establish patterns or the need for greater supervision in various
positions.
John Clizbe
2015-01-07 15:09:28 UTC
Permalink
Post by Robert J. Hansen
Keybase (https://keybase.io) is trying to solve the Web of Trust problem
in a new way. They're currently in beta, but I was able to snag an
invitation. (I have no invites to give out, unfortunately.) The
following is just a write-up on how it works and what my impressions of
it are. You may find it interesting. You may not. :)
=====
Does look interesting. Anyone have and willing to share an invite?

Reply off-list please.

Thanks,

-J
--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-***@gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
John Clizbe
2015-01-07 17:18:11 UTC
Permalink
Post by John Clizbe
Does look interesting. Anyone have and willing to share an invite?
Reply off-list please.
Invite received. Thanks to those who offered.

-J
--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-***@gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
Continue reading on narkive:
Loading...