Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wikileaks Sidesteps Publishing Public PGP Key

Posted by timothy on from the these-things-take-time dept.

An anonymous reader writes "Repeated requests toward the Wikileaks staff regarding their use of PGP have gone unanswered. The current public PGP key posted has been expired since November 2nd, 2007. A response on their PGP talk page notes that the 'SSL based mail submission system' will be the secure online method of document submission. At the current time, there is no method to safely encrypt any postal communications with Wikileaks or verify that any given communication actually originated from a Wikileaks staff member." Doubtless there are some complicating factors here -- but what is the best way to keep a confidentiality-centric site like Wikileaks trustworthy?

4 of 96 comments (clear)

  1. Whoo boy by iminplaya · · Score: 4, Interesting

    Generally we recommend against using PGP in its simplest form, since the traffic is easily detected and provides proof of intention to conceal, which depending on the context may pose a significant difficulty. - emph mine

    Gut reaction to that statement makes me feel a bit queasy.

    --
    What?
  2. Re:I wish the world would use GPG more by kestasjk · · Score: 2, Interesting

    Not easy enough though; why isn't it automatic? Why isn't it just a basic part of e-mail by now? How can Flash and JavaScript in e-mail be supported but not encryption?

    --
    // MD_Update(&m,buf,j);
  3. Reading between the lines by Anonymous Coward · · Score: 2, Interesting

    hmm.. no encryption and no answers. I smell an FBI national security letter and gag order.

    1. Re:Reading between the lines by number11 · · Score: 3, Interesting

      no encryption and no answers. I smell an FBI national security letter and gag order.

      And why should wikileaks care about that? The domain is registered to an address in Kenya, and the web server appears to be in Sweden.