Günter Grodotzki
Sep 3, 2018 · 2 min read

yakamo k: great thoughts on this topic! I agree on quite a few points which I might write out on medium myself (please follow me on twitter, would like to DM/chat with you :) ).

However, I think accusing keyservers on GDPR violation is a personal vendetta of yours and not helpful to the underlaying problem. After all, in a perfect world you fully consent on having your keys public. So why punish a service? If we keep on punishing services, they will not grow & nurture but shutdown.

GDPR should protect consumers, and all those “big companies” you are mentioning are actually violating GDPR (https://www.bbc.com/news/technology-44252327) — and we do not need to be naive and think that they are done. They just started.

For me two things need to happen (right now) to improve this:

  1. Tools that have keyserver publishing capabilities need give a big fat warning “you are about to upload this, and it will be publicly available, deleting may be possible but ymmv” — make it really understandable what public means
  2. People need to be informed and taught about privacy. PGP does _not_ dictate to add _any_ personal information. As a matter of fact, why would you ever do that? You would also not voluntarily add your mobile number to a printed phone book?
    People need to make sure they make themselves unidentifiable (one of my hurting points with keybase.io) — the principle of PGP is to undeniably identify independent of what the UID contains

The bigger issue to solve is data-removal. For legit removals, this is something that can fully be solved technical and automated with the correct tools.

Spam and abuse will unfortunately still have to be done on case by case unfortunately — and also here Facebook and Google have lots of negative press where things are deleted that shouldn’t, and others that should fail to be deleted… (or in short: easier said than done!)

    Günter Grodotzki

    Written by

    I suppose I like working with computers. Currently and happily living in Cape Town. Obviously proud father. Did I mention I like working with computers?