Comments (13)
ok, this is pointless.
from keyserver.
If you want this guarantee you need to run the server yourself in an environment you trust.
from keyserver.
I think the advertised intent of the project is equivalent to any casual agreement you would get from them on a github issue tracker (neither carries legal binding).
from keyserver.
Are you nuts??
It's a PUBLIC EMAIL DIRECTORY.
It's basically a phone book, for Christs sake!
Here is you, calling the phone company, and asking them to publish your phone number, but not your name.....
Think about that. Get back to us when you figure out what German law says about publishing a phone number with no name in a phone book.
On a serious note, if you ACTUALLY have a 'Secret' level clearance with the government or the military, or you're an activist in a toxic country.. MAYBE you shouldn't be publishing your email address in a public directory. Maybe. Let's just throw it at the wall and call it a 'best practice', m'kay?
p.s. I'm posting this on a zombie thread, because in this day and age I can TOTALLY see other people reading this thread and getting confused about what a 'phone book' is, and what it's used for.
from keyserver.
@crogonint Tone and language of your comment are not appropriate for this forum.
Our privacy policy has been updated since this thread was created and reads now as:
By uploading a key to the key server you give us your revocable consent to store the key (which may contain personal information like your real name and your email address) on the key server so that we can serve it to other users who are addressing encrypted messages to your email address.
So if you at any point would decide to change your terms, then I guess that would be legal, too?
Still according to GDPR usage of the data is bound to a certain purpose and it would violate GDPR if we sell this data to some random third party. Just publishing the complete data on the website would violate the integrity and confidentiality principles of the GDPR.
from keyserver.
This question is not about servers getting hacked and keys thus exposed, but about a commitment of the project owners to not add this functionality, or at least before they add this giving users the options ot opt out/remove their keys.
from keyserver.
Could you please quote the intent about not exposing user emails in future? Couldn't find any.
from keyserver.
I think that should be covered by our privacy guidelines: https://www.mailvelope.com/en/privacy-policy
from keyserver.
@toberndo Do you mean it is already covered or that it should be added?
I kinda see this here "We will not share your personal data with third parties unless you have given your prior explicit consent or such sharing of data is prescribed by law or legally permissible. We will not sell your data to third parties, nor market them in any other manner." -- but you also write that you can change the privacy policy any time, and it would be kind of nice having such a thing as Absichtserklärung (intention declaration) for the future.
from keyserver.
@dreamflasher I thought is is covered with:
1.1. We shall comply at all times with the applicable data protection laws, in particular the stipulations in the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).
from keyserver.
Maybe it is? I'm unsure about it, because keyservers currently work the way that you share your key and then it's possible to sync with them to get a list of all keys and thus of all emails. So I would think that these keyservers are complient with German law? I am not a legal expert, but I would guess if there is something in the AGB saying "by uploading your keys, you are willing that your email addresses are publicly available" then I would guess that is legal?
So if you at any point would decide to change your terms, then I guess that would be legal, too?
from keyserver.
Nonsense. Get your facts straight.
This is not a public email directory. Also as a side note, yelling (capslock) is not supporting your argument; facts would, but those are missing in your post – you're just rambling around.
So let's look at the facts together:
- mailvelope is not a public email directory, other keyservers are
- a keyserver is not a phonebook, those are two conceptually different things
- mailvelope provides a service to look up keys, given an email – and users upload der keys based on this premise. A better comparison would be: Whatsapp has the phone numbers of you and your friends, and it allows you to add everyone as a contact whose number you have. It would go against laws if they would publish everyone's phone number.
- this thread is about preventing publishing email addresses that are currently private
from keyserver.
- mailvelope is not a public email directory, other keyservers are
If that's true, I wasn't aware of it.
Oh, wait.. so you CAN'T search this keyserver at all?? It's strictly for mailvelope to serve keys?
Well that's annoying. How do I share my mailvelope generated keys out to a public keyserver?
If what you say is true, I apologize for being completely out of line. I still don't see why a spammer would want to raid a keydirectory, though. There's got to be a million other ways to get a qualified email address (one that they know someone is looking for a loan, or looking to buy a car, etc.). Still, I suppose some spammers just send out ridiculous nonsense to just about anybody.
You might consider using Yahoo email, they had an INSANE spam filter back in the day. Personally, I'm going to give GMX a try for a while. They basically have all of the features I like in gmail, except they're not Google, spying on everything I do. ;)
from keyserver.
Related Issues (20)
- Verification fails HOT 3
- Keyserver appears to be down? HOT 1
- Support multiple keys per email address? HOT 1
- Sending key failed code = 58 gpg keyserver send failed: No data HOT 4
- key server down HOT 1
- Where can i get the development.js file From? HOT 2
- Migration to travis-ci.com
- SMTP Error HOT 1
- Web key directory HOT 34
- Public Key Installs HOT 1
- Moncefdhk999 HOT 1
- are you still alive? HOT 3
- No mail sent to verify updated key HOT 10
- OpenPGP key upload: Error! Invalid PGP key: invalid user IDs HOT 2
- Support ferretdb to replace mongodb HOT 21
- Support ip based auth for nodemailer
- keys.mailvelope.com is hard coded in homepage and manage keys page for hkp usage HOT 2
- Make header also common for all pages like footer.html
- gpg --send-keys error HOT 2
- Option to disable sending mails at all? HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keyserver.