Update: Might not actually be targeted. See Evil 32. Thanks to Ximin Luo for giving me more peace of mind!
Update: I’m not the only one hit by this. Here’s a conversation on GNU social with more people hit - though no one else reported yet having two keys faked and cross-signed.
Update: At the very least you should do this:
echo keyid-format long >> ~/.gnupg/gpg.conf
On the 29th of August a colleague asked me “which key should I use to encrypt to you?” I was confused, because I only have one key for that email address. So he showed me the keys he saw:
$ gpg2 --list-keys --fingerprint arne.babenhauserheide ------------------------------- pub 2048R/A70DA09E 2011-10-07 [expires: 2016-10-05] uid Arne Babenhauserheide <email@example.com> sub 2048R/39829E5F 2011-10-07 [expires: 2016-10-05] pub 2048R/A70DA09E 2014-06-16 [revoked: 2016-08-16] uid Arne Babenhauserheide <firstname.lastname@example.org>
The European Copyright directive threatens online communication in Europe.
But thanks to massive shared action earlier this year, the European parliament can still prevent the problems. For each of the articles there are proposals which fix them. The parliamentarians (MEPs) just have to vote for them. And since they are under massive pressure from large media companies, that went as far as defaming those who took action as fake people, the MEPs need to hear your voice to know that your are real.
If you care about the future of the Internet in the EU, please Call your MEPs.