Add support for verification of Facebook profiles #1

Open
opened 2 years ago by wiktor · 2 comments
wiktor commented 2 years ago

It seems Facebook allows people to add PGP keys and they can be retrieved without any authentication, e.g.:

https://www.facebook.com/phil.pennock/publickey/download/

I think it would be great if doipjs could fetch that key, compare fingerprints with the one that is being verified and that's that. No need for [Verifying...] text anywhere :)

Also, hi Yarmo! 👋

It seems Facebook allows people to add PGP keys and they can be retrieved without any authentication, e.g.: https://www.facebook.com/phil.pennock/publickey/download/ I think it would be great if doipjs could fetch that key, compare fingerprints with the one that is being verified and that's that. No need for `[Verifying...]` text anywhere :) Also, hi Yarmo! 👋
Owner

Hi Wiktor!

Nice feature from Facebook, too bad I can't test this for myself. I can ask around on fediverse for someone using both keyoxide and facebook.

I assume you can only upload public keys? No way I'm sending my private key to them!

Hi Wiktor! Nice feature from Facebook, too bad I can't test this for myself. I can ask around on fediverse for someone using both keyoxide and facebook. I assume you can only upload public keys? No way I'm sending my private key to them!
yarmo added the
enhancement
label 2 years ago
Poster

Nice feature from Facebook, too bad I can't test this for myself.

Yep, actually me neither :)

I assume you can only upload public keys? No way I'm sending my private key to them!

Public keys only. If you add a key they can encrypt outgoing e-mails to you using it. Quite interesting feature, not sure why they do that, some speculate that it makes Google's life harder as the big G cannot inspect encrypted e-mails.

> Nice feature from Facebook, too bad I can't test this for myself. Yep, actually me neither :) > I assume you can only upload public keys? No way I'm sending my private key to them! Public keys only. If you add a key they can encrypt outgoing e-mails to you using it. Quite interesting feature, not sure why they do that, some speculate that it makes Google's life harder as the big G cannot inspect encrypted e-mails.
yarmo added this to the Feature development project 2 years ago
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: keyoxide/doipjs#1
Loading…
There is no content yet.