Hey guys, I wanted to ask you how you manage your gpg keys? Having them in plaintext all the time on my hard drive feels unsecure.
I have my ssh keys in a password manager (KeePassXC) that only exposes them to the keyagend, when unlocked. Do you know if something like that exists for pgp too?
I don’t, since I read https://www.latacora.com/blog/2019/07/16/the-pgp-problem/
This is very interesting information!
I’d like to note that it’s likely that several recommendations used as examples have been superseded with information around https://www.privacyguides.org/en/real-time-communication/ and similar locations, since expressing “use WhatsApp” makes me suspicious (and “use Wire” does not make me more confident): https://www.makeuseof.com/why-i-dont-trust-whatsapp/ https://proton.me/blog/is-whatsapp-safe
The link I posted focuses on security, what you post focuses on privacy. Wire is a very secure protocol but WhatsApp being owned by Meta still makes it a privacy nightmare.
Signal is probably a better choice in that case.
It seems that the people managing privacyguides.org believe that “Balancing security, privacy, and usability is one of the first and most difficult tasks you’ll face on your privacy journey.” https://www.privacyguides.org/en/basics/threat-modeling/
That does raise the question about whether we want to make information available for someone on a “privacy journey” or “security journey” or some other type of journey. https://blog.hubspot.com/marketing/target-audience I suspect that
securityguides.orgisn’t being used like how privacyguides.org is right now.