New sign-ups not advised of upload to public keyservers

[pat247]

The public keyservers are.. public. And searchable.

Go to http://pgp.mit.edu or http://keyserver.ubuntu.com search Glenn Greenwald, or the name you entered on the Whiteout sign-up page (if you used the Full Name field), or whichever email address you signed up with or created.

1) new users need to be advised, on the Whiteout sign-up page, that their email address and full name if entered will be uploaded to public keyservers along with the OpenPGP key.

2) new users should be given the option of having their name/email stored only on keys.whiteout.io, and not distributed to the public SKS network, at a cost to convenience.

3) all various Whiteout privacy/security terms and pages need to be updated to reflect that the name/email supplied by the user on registration will be uploaded to the Whiteout and public keyservers by default. eg. https://whiteout.io/privacy-service.html

I very much appreciate the advance Whiteout is making in public key cryptography usability, and I support use of the public SKS servers for maximum convenience, but the new user needs to be advised and given an option at the sign-up stage. This little gotcha caught me by surprise after I had signed up using a personal email address, and I uploaded my first GPG key 16 years ago (it's still on the servers).

Keys uploaded to an SKS keyserver are never deleted.

Elon Musk has a cool email.

[tanx]

Hi Pat,

sorry we're not clear enough about that in https://whiteout.io/privacy-service.html as we state that we will share your public key and email address if you consent (a checkbox is required to continue generating and uploading your pgp key). We also inform users in detail about what happens in our getting stated mail.

About the option to upload to SKS servers. We could add a seperate checkbox specifically for this feature, but the user persona we're targeting with our service likely has no understanding of what a SKS server even is. So this would only confuse our users even more.

We're trying to make the right choice for Alice (our user persona, that has never used GPG) so that she can talk to Bob (who is a GPG veteran) without a lot of hassle.

I hope that trade off makes sense.

[pat247]

3.1. In accepting this Data Protection Privacy you give us your revocable consent to collect, process, and use the personal data that you directly or indirectly provide to us to the respective extent necessary for the purpose of processing electronic messages, with end-to-end encryption applied as per user direction:

Your email address and your public key so that we can serve it to other users who are addressing messages to your email address.

How is this consent informed if the upload to public keyservers outside the Whiteout network is not explicit?

How is the consent revocable once the user's email/name are on the public SKS network?

I won't be the only user surprised to realize, after registering, that my email address (and full name, if supplied on the initial "Create Account" screen) are distributed beyond the Whiteout servers and publicly available with a little informed effort. People are attracted to an encrypted mail service out of a desire to preserve privacy. The potential bad PR should be a concern, not addressing the issue only increases Whiteout's exposure.

I appreciate the trade-off involved in making the service as simple and easy to use as possible for the average person, but we shouldn't assume the average person is incapable of understanding if presented with an option. Or doesn't need to be fully informed of privacy-impacting aspects of the service, before they commit not after the fact in the 'getting started' email.

Is it not possible to allow the new user an option to have the key available only on the Whiteout key server? and provide the option of attaching the public key to outgoing emails, as other services do?

It could be as simple as a discreet checkbox on the sign-up page, "Store public key only on Whiteout key server".

The purpose of the Services is to encrypt your E-Mails in order to protect your privacy. https://whiteout.io/terms.html

[tanx]

How is this consent informed if the upload to public keyservers outside the Whiteout network is not explicit?

How is the consent revocable once the user's email/name are on the public SKS network?

You're absolutely correct. Thanks for pointing that out. We've updated our privacy policy for the service to be more explicit here. We'll also consider adding a checkbox to make this optional in future releases.