In other words, your trust is anchored by Twitter or GitHub. I have to gauge that the key I got was uploaded by you rather than someone else and the thing building that trust is by linking it to an identity established on those services.
PGP had the same problem: the web of trust didn’t scale well outside of existing communities – and where people signed keys for strangers, they also relied on trusted third parties (driver’s license, student ID, etc.) to establish that.
PGP had the same problem: the web of trust didn’t scale well outside of existing communities – and where people signed keys for strangers, they also relied on trusted third parties (driver’s license, student ID, etc.) to establish that.