Thank you both @wiktor and @yarmo for your thoughts on this.
yarmo maybe not desirable as it could facilitate harassment
This was a point I hadn't considered, and is obviously very important. We definitely don't want to be linking users' profiles together without them wanting that.
That said, I think that explicitly (a) adding your profile links to your published PGP key and (b) adding your PGP key link or fingerprint to your other profiles is quite a clear opt-in to linking those profiles together.
But definitely, this would be something on which a lot of community input should be sought to consider any potential harm and whether this would be expected behaviour on the part of people publishing their profile claims.
yarmo There is something we can (and should) do: allowing proofs to be (securely) hashed.
This sounds very interesting. From a technical point of view, how do you imagine this working? Presumably it's just the proof, and the claim is still plaintext?
yarmo With hashed proofs, I'd feel a lot better implementing reverse lookup because then, people could opt out of reverse lookup by hashing proofs.
Signature claims seems like another way to use Keyoxide while "opting out" of exactly this issue of your profiles being publicly linked.
wiktor I see that this couldn't be implemented for all proofs (e.g. it's not easily possible to identify proof document given user's github handle as we'd have to browse through all gists).
Definitely true. This would never be feasible for all proofs. With the example of Github, hopefully when https://codeberg.org/keyoxide/doipjs/issues/19 is implemented this would be much easier. And as you say, for other providers like Mastodon and Facebook, and for people's homepages if they link their PGP keys, it would be technically easy.
wiktor Keybase had its own database of all proofs [...] Currently Keyoxide operates in a "stateless" mode
Absolutely. Keyoxide should definitely remain stateless. So if this happens, it should only be for those sites where PGP keys or fingerprints are publicly published.
Kind of. I actually wanted to bring this up separately, but: though it's useful to be able to specify WKD or HKP if you understand what those mean, I'll wager >90% of people with PGP keys (already a vanishingly small population) have no clue what those terms mean. I'd like it if the default was an "auto" mode, rather like what most clients do when looking up an unknown key: try WKD first, then if it fails, try HKP.
So for example, https://email@example.com would use that "auto" strategy, rather than only trying WKD like it does now.