view the rest of the comments
news
Welcome to c/news! Please read the Hexbear Code of Conduct and remember... we're all comrades here.
Rules:
-- PLEASE KEEP POST TITLES INFORMATIVE --
-- Overly editorialized titles, particularly if they link to opinion pieces, may get your post removed. --
-- All posts must include a link to their source. Screenshots are fine IF you include the link in the post body. --
-- If you are citing a twitter post as news please include not just the twitter.com in your links but also nitter.net (or another Nitter instance). There is also a Firefox extension that can redirect Twitter links to a Nitter instance: https://addons.mozilla.org/en-US/firefox/addon/libredirect/ or archive them as you would any other reactionary source using e.g. https://archive.today . Twitter screenshots still need to be sourced or they will be removed --
-- Mass tagging comm moderators across multiple posts like a broken markov chain bot will result in a comm ban--
-- Repeated consecutive posting of reactionary sources, fake news, misleading / outdated news, false alarms over ghoul deaths, and/or shitposts will result in a comm ban.--
-- Neglecting to use content warnings or NSFW when dealing with disturbing content will be removed until in compliance. Users who are consecutively reported due to failing to use content warnings or NSFW tags when commenting on or posting disturbing content will result in the user being banned. --
-- Using April 1st as an excuse to post fake headlines, like the resurrection of Kissinger while he is still fortunately dead, will result in the poster being thrown in the gamer gulag and be sentenced to play and beat trashy mobile games like 'Raid: Shadow Legends' in order to be rehabilitated back into general society. --
Yes, I think we might be missing each other a little bit again, perhaps due to different ideas about how the auto-encryption is operating.
The correct public and private keys will always be used if the communication is going to work. Auto-PGP would still be using public and private keys for the buyer and the vendor.
The way I understand it, auto-encryption is a one-sided mechanic: It's something that the buyer ticks on/off.
If so then it is designed to interface fine with people using manual PGP, such as vendors.
If such a system generates the proper keys for the buyer and handles encryption/decryption automatically so that everything always appears to them as plaintext on the frontend (because the system maintains their keys), then it would still be able to serve the vendor a traditional UX that requires manually handling the keys. In this case, the experience of the vendor would be identical regardless of whether the buyer is using auto-encryption or not.
This would only expose one side of the conversation to the server admins, of course: The messages sent from the vendor to the buyer (because the system only has the buyer's private key).
I do not know if this is the way it was actually implemented. However there is discussion on Dread right now that leads me to believe that auto-encryption works somewhat similarly to what I have just described (at least from the vendor's perspective).
edit: Looking back, I might have introduced some confusion with this line:
It would have been more clear for me to say: