Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't understand. You've verified a Signal key but still felt the need to ask the question With a walled garden like Signal/Wire/etc, how do you get+trust the other's key?

What cost were you talking about then?



Sorry if my earlier comment came off as rude. I was just trying to say that the walled gardens aren't really that much better than plain old PGP, and in practice they tend to lull people into a false sense of security.

I think too many people are way too trusting of shiny new apps with a pretty UI. If you don't do the extra work of verifying the key, you're effectively letting the service provider act as your one and only CA.

If you can verify a Signal key fingerprint, you can verify a PGP public key fingerprint.


I didn't think it was rude, it just contradicted your other comment.

I still don't see what cost you were speaking about. Mistakes with PGP are at least as likely as mistakes with the shiny easy to use GUI.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: