[tor-talk] GnuPG and Tor

Zenaan Harkness zen at freedbms.net
Wed Jul 16 10:39:43 UTC 2014

On 7/16/14, Red Sonja
<BM-2cTpEdTADjx2bQf6WuuX1CPER78Sq3xL76 at bitmessage.ch> wrote:
> Rejo Zenger:
>> ++ 15/07/14 14:09 -0400 - grarpamp:
>>>> secured server. Or anybody can see your whole addressbook. So it is a
>>>> secured server. But still, it is quite obvious who am I just by looking
>>>> at that list. So I figured out, maybe if I push the refresh through
>>>> Tor,
>>>> talking with a secured server that would make things more private. I
>>> And unless one by one with --recv-keys, keyserver sees your
>>> entire list at once.
>> Which means: the only thing you are protecting (by using Tor when
>> updating your keychain) is the source IP-address for the refresh, e.g.
>> your location.
> So the whole GnuPG is antithetical to anonymity?

Not the whole. It depends how you use it.

There are tools for secure key exchange, persistence of cryptographic
identity, connection of cryptographic identity to real identity,
identity verification, message privacy, message verification and more.

All tools can be used in wrong ways.

You must know how to use your tool.


Caveat crypto user.

More information about the tor-talk mailing list