Deniable

I just thought about an interesting for the mechanism explained in “Proof of concept hack for encrypted direct messages on Twitter - you could deny that you are the intended receiver of the message. Just post the encrypted stuff as a public tweet. The recipient just have to read the public timeline and just reads all messages, gathers all crypted tweets and tries to decrypt them. Messages for other people are unencryptable for you, as you don´t have the correct secret key, but the messages for you are encryptable, thus you know, that the messages are for you. BTW: You could use blog comments as well to transmit such messages. Just distribute a line per blog comment on a vast amount of messages. They have just a single point in common …. the pages with the comments are part of the first few hundred hits in Google blog search. The recipient knows the correct query (a shared secret for example as the google query “What to do with coronary insufficiency?”)and is able to gather them, reassembles them and tries to decode it. The whole mechanism described in this article isn´t new at all. It is the same idea used for the strange radio stations sending just rows of numbers. Update: The actual code of the proof-of-concept doesn´t strip of the key-ids. Before using this code, you have to add --throw-keyids to gpgopts($opts). But i have to reiterate about this: The code was meant to test encryption and reassembly/decryption … it´s not meant as actual production code.