Slightly off topic, but the page says "we don't want your email" and I vaguely r... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		binwiederhier on July 18, 2022 \| parent \| context \| favorite \| on: Prose.sh – A blog platform for hackers Slightly off topic, but the page says "we don't want your email" and I vaguely remember a site that was looking up public keys on GitHub and getting the email address from the GitHub account. Not sure if I got that right, or what the site name was, but it's definitely possible to get public keys from GitHub users like so: https://github.com/binwiederhier.keys If you mine these, along with crawling GitHub for email addresses, you can map public keys to email addresses.

drKarl on July 18, 2022 [–]

Best practice and what everyone should be doing is have different ssh key for every different server, that is, create a new ssh key for prose.sh with a custom file name.

Of course there will be many people reusing the same key for everything and I think it's obvious that doing that increases the risk exposure

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact