SoylentNews is people
SoylentNews
[...] These keyservers are computers which store and index OpenPGP keys over the Internet. This helps users who rely on encrypted email, for example. The servers generally share the keys amongst each other in a pool and uploaded keys generally can't be removed.
The permanent storage of keys generally isn't an issue. However, when the system is used as a stealth resource to store magnet links to pirated content, this resilience is put in a different light.
This is exactly what happened.
A few weeks ago a series of rather odd, but valid, PGP keys were uploaded to SKS keyservers. These keys were not meant to encrypt email though, but as a safe storage for torrent magnet links.
As a result, popular keyservers, including the ones hosted by research university MIT and Surfnet, have transformed into pirate sites.
The magnet links, most of which point to pirated content, were added in the UID field. In examples we've seen, sometimes there were a hundred magnet links added to a single key entry. And with the search functionality of the keyservers, these are easy to find.
What better way to destroy public encryption?
(Score: 1, Interesting) by Anonymous Coward on Sunday September 09 2018, @02:02PM (1 child)
The article is sort of misleading. MIT and other key server providers DO have the technical capability to remove the keys. MIT cannot remove the keys from other key servers it has forwarded to but it can remove them from its own. For legal purposes, this is not a problem because MIT does not control those other servers and are not its responsibility. If MIT gets a DMCA takeout down request, it can comply. DMCA requests would have to be made to any of the key servers, each seperately, which the copyright holder wants the links removed from. Whether or not they were forwarded from another server is irrelevant as to the legal obligation of the operator of the server to remove them. Also the posting of the links can be considered an abuse of the key server service and may be removed by the operator for that reason.
The article took a somewhat irrelevant statement from MITs FAQ regarding removing legitimate keys. But if it contains a magnet link to pirated materials, its totally irrelevant how many other key servers also have the link as to whether MIT or any other server operator needs to remove the link from their own server due to DMCA issues. They would need to do so if they have a DMCA request sent to them.
Some have mentioned a blockchainish approach to trying to prevent an entry from being technically removeable. That would indeed then make the whole thing technically impossible by anyone
(Score: 0) by Anonymous Coward on Sunday September 09 2018, @07:45PM
Except that MIT's and most other key servers automatically synchronize with each other. Without some sort of blacklist routine in the software, you literally cannot delete the keys if you are too slow. You'll try to delete it, but the next synchronize interval will just add it back again. And IIRC, SKS, PKS, and hockeypuck don't have a blacklist function for keys to avoid censorship issues. Now, I believe MIT doesn't run as part of the SKS pool anymore, but I'd imagine what they run would both synchronize with some of the larger pools and, as mentioned, SKS doesn't have a blacklist function.