PGP pathfinder & key statistics FAQ

index

If your question isn't answered here, feel free to contact the author, Henk Penning.

• frequently asked questions
  • why do you publish my email address ?
  • can you remove my email address from your pages ?
  • why not mangle the email addresses ?
  • why not hide the email addresses entirely ?
   
  
• infrequently asked questions
  • where does the data come from ?
  • how fresh is the data ?
  • why are some signatures missing ?
   
  

frequently asked questions

There are really only a few frequently asked questions, all related to email addresses.

why do you publish my email address ?

This question was asked once or twice a week. I got fed up with it and substituted

  @ → .at.

in every uid.

After the change, the questions stopped ; the spambots didn't.

can you remove my email address from your pages ?

Hmm... You can do it yourself. The uid shown is the uid with the most recent self signature. To hide your email address, add a uid without one, and/or make sure it is selfsigned last.

why not mangle the email addresses ?

The only system that really works is : don't show email addresses. Any other system can (and will) be broken by spambots.
Fighting spambots is a lost battle ; fighting spammers is winnable, and a lot more fun.

why not hide the email addresses entirely ?

I hate spam, but I don't believe in hiding email addresses.

• hiding is boring
• it should be easy to contact me for feedback, idea's etc
• hiding only works if it is 100 percent successful ; it sets limits to what you can do
• fighting spam is better than hiding from it

My various email addresses appear on countless many web pages. A lot of spam is stopped by our MTA (postfix) ; the rest is filtered out by spamassassin ; I see some 10 spams a day ; they are fed to spamassassin's learn, and I never see them again.

Removing 10 spams a day is all it costs me to get the freedom to publish my email addresses everywhere I like. Small loss, big gain.

infrequently asked questions

where does the data come from ?

Before februari 2012, the data was provided by Jörgen Cederlöf & Patrick Feisthammel. Jörgen Cederlöf runs the web of trust statistics and pathfinder (wotsap) project. Among other things, each day a fresh .wot file was published in an archive. Each wot contains

• the key id's of the pgp keys in the strong set.
• for each key, the most recently selfsigned uid.
• for each key, a list of keys that signed the key
• for each signature, some trust info

In december 2012, Christoph Egger announced he will provide a fresh wot weekly ; great news!

how fresh is the data ?

The data is refreshed weekly from a keyserver and stored in the archive.

Near the bottom of each stats and paths page, you will find date/time when the data was last refreshed.

A special program computes and stores (for each key)

• the key's dist table, as shown on the key stats page
• the key's ranking

The shortest paths are computed on the fly.

why are some signatures missing ?

Sometimes the keyserver where the strong set is extracted is not entirely up-to-date. You can lookup your own key (or any other public key) and submit (again).

The keyserver is talking with other keyservers, exchanging info on inserts/deletes of public keys and signatures.