[jdavis703]

This is the first time I’ve heard someone say sharing public keys is a security risk. Can you explain the threat model here?

[wtetzner]

I think it’s more of a privacy leak. E.g., the service could potentially figure out who you are if your public keys are tied to some other service, like GitHub.

[ragona]

If you ever manage to leak a private key it’s easier to track it back to you. There was a recent paper showing the ability to tie rather a lot of keys to the associated developers.

[lenkite]

Would be easy to contact other web services and determine the identity marching a public key.