[hackerspaces] Wikileaks mass mirroring party

Justis Peters justis.peters at gmail.com
Mon Dec 6 01:25:35 CET 2010


On 12/05/2010 04:39 PM, Bkay wrote:
> Digitally signing that content would not be a bad idea for those 
> messages.... but which key to trust?
This could be a good fit for a "web of trust": 
http://en.wikipedia.org/wiki/Web_of_trust

With trust affirmed between enough nodes, you'll eventually have high 
confidence that the keys you are trusting are held responsibly by the 
same people you believe are holding them. Remember that trust is both 
relative and subjective. There is no such thing as 100% trust and your 
threshold of trust may differ significantly depending on the subject at 
hand. With webs of trust, though, you can get some fairly high 
confidence levels and you can help smooth out the inconsistencies in how 
different people handle confirmation of identity and affirmation of trust.

If enough people try to build a web of trust that leads back to 
WikiLeaks, we will soon have confidence that all our mirrors are 
accurate and real releases from WikiLeaks. There are, however, 
drawbacks. Every person who signs the keys could be considered a path 
toward revealing the identity and/or location of WikiLeaks, their 
employees, and their servers. It's difficult to balance both anonymity 
and authenticity. Personally, I think that authenticity is one of the 
most important parts of what WikiLeaks is trying to accomplish. That 
said, I'm not Assange and can't speak to what it's like to be wanted by 
Interpol.

Most likely, there is a middle ground that accomplishes enough 
authenticity while still protecting a degree of anonymity. What does the 
rest of the list think?

Kind regards,
Justis



More information about the Discuss mailing list