Plausible deniability #462
Comments
|
Plausible deniability from or for who? Additionally, a third party publishing the keys of a first party may cause legal issues, even if players deliberately opt-in. |
|
it's about revengeful pieces of shit saving signed logs from ppl they hate so they can publish them at a later date to try and ruin these ppl's lives. this is, in fact, extremely common. especially with kids on the internet. "oh that kid was slightly too annoying let's save logs and dump them in 20 years to drive them into suicide or whatever." Mojang has provided no safeguards against this, so we should provide them ourselves. |
|
Signed logs... so the threat model is malicious server owners/admins, rather than players in them? Okay, but that raises several questions:
I'd say if this is implemented at all, it could be opt-in and strictly clientsided, so that players who even visit suspicious servers (where the threat model is not the players in it), could achieve the goals on their own. |
|
since other players receive the signed messages (so they can verify them locally) it's not just malicious servers. having them signed makes it easier to convince others to believe you. you can have harassment without signatures but signatures make it more convincing. (ofc, unless you create the ability for anyone to forge their own historical logs.) |
Idea
Publish the expired signing keys.
Reasoning
https://blog.cryptographyengineering.com/2020/11/16/ok-google-please-publish-your-dkim-secret-keys/
but TL;DR: publishing expired/rotated keys provides what's known as "plausible deniability". in the context of minecraft players, who are generally not politicians btw but who are surprisingly often targeted with spite/revenge, this would provide a stronger level of privacy than that currently offered by mojang.
Other Information
No response
The text was updated successfully, but these errors were encountered: