Ask HN: Who regrets uploading their pgp key to keyservers?
Not me.
Why should anyone regret this?
Unrelated, but I have a friend that used to say that having your phone key on a keyserver and having signatures to such key on the same keyserver was a weakness because that reveals your web of trust.
If that is the argument coming up, I want to say the following: anyone believing that has completely missed the point of gpg, key signatures and web of trust.
First: trust level is not how much you trust someone. It is how much you trust that key actually belonging to the person claiming to be the owner.
Second: the web of trust is not about your friends circle. Is about finding a path from a key you trust to a key you are examining. To do the gpg/pgp thing right, you should really acquire as many signatures as possible.
All this is clearly explained in the GNU privacy manual and I really recommend anyone to read it. It's not very long and it's super useful.
-------
One last thing: I am not regretting uploading my key to a keyserver because the gnu privacy manual has explained me how to handle my keys. In particular, I do not have multiple keys in my name laying around. My old key has been revoked and it clear what key should be used to speak privately with me.
might be worth reading this and a ton of other articles that make so many good points why WoT is bad
https://lists.torproject.org/pipermail/tor-talk/2013-Septemb...
I do for an old key. It revealed my connections and allowed people to construct a network that could have been used against me. Like when I negotiate, if they can see I know XX it may get me not so good terms.
Online, I suggest for opsec to be keeping identities separate. And add some randomization, things that are obviously wrong with some basic googling about you. Demographic details for example
yeah i agree, if you use the key servers be careful with what info you use, you dont have to add email addresses either.