top | item 34305671

(no title)

boarnoah | 3 years ago

Seems questionable on Github's part to have .keys public by default, why not allow people to opt in ex: keybase.io equivalent?

Yes I get that its not sensitive information, but as this demo demonstrates it can fingerprint people who might not be unaware re: this quirk of SSH's coupled with this part of the Github API.

discuss

TechBro8615|3 years ago

If you are SSH'ing into a server you should expect to get fingerprinted.

omeid2|3 years ago

If we are going to stretch "fingerprinting" to authentication, then yes, but fingerprinting here has a very specific meaning.

When I SSH into a server, I want to be "fingerprinted" as far as I share, any Device fingerprinting allowed by SSH is a security risk to the client.

https://en.wikipedia.org/wiki/Device_fingerprint

kevincox|3 years ago

There is a bug difference between being fingerprinted by the server that I am trying to log into and sharing (part of) gbag fingerprint publicly.

devmor|3 years ago

You can't even opt out of it as far as I can tell.