Oddbean new post about | logout
 Our privacy eco-system is flawed

Developers sign binaries with PGP keys, but we trust Microsoft’s Github and government domains to deliver to us accurate public keys to begin with. This means we’re trusting the very mediums of communication that we’re encrypting against, large Big Tech cloud firms.

Getmonero.org is on Cloudflare, linked to a Github PGP key. The same Github that took down Tornado Cash in a crisis. The same Cloudflare that hazes Tor.

Whonix.org and it’s Public PGP key are on Hetzner, the same cloud company that compromised an XMPP server at the request of the German government.

KeePassXC.org is on Cloudflare, please, I got everything I own in there
BleachBit.org is on Cloudflare, c’mon mate, I’m deleting sensitive data with root access
There must be another way.

Now SimplifiedPrivacy.x will offer an uncensored free public directory of PGP keys for popular open source software on IPFS using unstoppable domains. This will act a neutral third party verification tool, not tied to a physical location, like traditional domains. Anyone can compare the PGP keys on the IPFS site to Github binaries and confirm a match. There’s no sacrifice made, since the developer’s original website still remains.

How Unstoppable domains work is that an Ethereum wallet updates the DNS record to an IPFS website file, outside the reach of government control because it’s not bound to a physical location. Now I dislike Ethereum.  And know a lot of my readers also dislike Ethereum, but keep in mind that you don't need to touch ETH to look at this website and anyone buy Unstoppable domains for Bitcoin.  They just use Polygon for the DNS...

Because it’s visible to everyone on the Ethereum/Polygon blockchain when the domain is re-assigned, and then visible to the IPFS network when new files are pushed out, it makes quick trickery with PGP keys more difficult to disguise.

I reject government domains as a legitimate source of truth, and I stand for the principle of encryption as identity. Now you can verify with an uncensored third party and not trust the infrastructure of our enemy. You can check our guide on how to use IPFS with Brave Browser:
https://simplifiedprivacy.com/ipfs-brave-browser/

I love you & I won’t give up,
SimplifiedPrivacy.x