Saidit.net Canary #11
submitted 4 years ago by magnora7 from (self.SaiditCanary)
view the rest of the comments →
[–]Drewski 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 0 fun5 insightful - 1 fun - 4 years ago (9 children)
Would like to see these posted with a GPG signature.
[–]magnora7[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 0 fun4 insightful - 1 fun - 4 years ago (8 children)
I don't think that increases authenticity or security at all imo, as they're extremely easy to fake.
[–]Drewski 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - 4 years ago (7 children)
Of course you have to trust that you're getting the public key from a legitimate source initially, but after you've added a public key to your keychain AFAIK there is no known way to fake a signed message unless I'm missing something.
[–]magnora7[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - 4 years ago (6 children)
I guess I don't understand how's it any different from me simply posting or not posting the thing in the first place? I just don't understand the benefit I guess. The fact the magora7 account is posting the canary on saidit, is the signature. What security does a GPG signature add beyond this already-existing proof of identity?
[–]Drewski 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 0 fun6 insightful - 1 fun - 4 years ago (4 children)
Right, so we're initially trusting that you are who you say you are when you share your public key. After that though, we can verify messages signed by you as being authentic (as long as you protect your private key sufficiently). If anything were to happen to Saidit, or if your account were compromised, you could verify your identity with a signed message. It would also prevent the possibility of modifying a past post or canary because of the timestamp. Also you could use it to communicate securely, in case anyone needed to send you an encrypted message. It's not foolproof, but it does provide some additional security backed by strong cryptography.
[–]magnora7[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - 4 years ago (3 children)
Interesting, but I feel as though if I was in a situation where my saidit account was compromised, then my key would also probably be compromised. The idea about it being useful to verify who I am if I have to change accounts is interesting. What software is required to make it work?
[–]Drewski 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 0 fun5 insightful - 1 fun - 4 years ago (1 child)
If you're on linux, most distros have it built in with GnuPG. For Windows, there's Gpg4win. It can be used via the command line or the GPA front end.
[–]magnora7[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - 4 years ago (0 children)
Thanks, maybe I'll give it a go
use the following search parameters to narrow your results:
e.g. sub:pics site:imgur.com dog
sub:pics site:imgur.com dog
advanced search: by author, sub...
~4 users here now
SaiditCanary
view the rest of the comments →
[–]Drewski 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 0 fun5 insightful - 1 fun - (9 children)
[–]magnora7[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 0 fun4 insightful - 1 fun - (8 children)
[–]Drewski 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - (7 children)
[–]magnora7[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - (6 children)
[–]Drewski 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 0 fun6 insightful - 1 fun - (4 children)
[–]magnora7[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - (3 children)
[–]Drewski 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 0 fun5 insightful - 1 fun - (1 child)
[–]magnora7[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - (0 children)