I would suggest that the only truly reliable way to validate identities is through long time friends/relatives who can ask about memorable but otherwise unremarkable life events.
e.g. Who barfed on Uncle Joe's shirt at his wedding?Anyone who was actually present at the wedding would remember this, but the odds of it being recorded in some database are minimal.
Let me propose a scheme:1) Provided you log on to some unrelated account once per week/month/whatever then nothing happens.
2) If someone FAILS to log on to that account (many possible explanations at this point) then emails are sent to several friends/relatives with a message saying something to the effect that "something has appears to have happened to Bill please contact him ASAP and ask him about XXX AND SOME OTHER QUESTION THAT ONLY HE COULD ANSWER!"
3) If the phone call/contact shows that Bill is still alive and freely answering questions (including ones that no one could anticipate!) Then everything resets. However if "Bill gives a WRONG answer then the friend/relative is asked to send an email to XXX@xxxxxxx with a specific message. Obviously several friends/relatives NOT associated in any way to this program are required!
4) IF (and ONLY IF) the specific message is received then the alarm is sounded - as loud and widespread as possible!
I think this satisfies several requirements for such a "warrant canary:1) If all is well no one need do anything (i.e. there is nothing to forget). Remember this will be the case for many years. Automation is essential.
2) Anonymity (to whatever level is desired) is preserved - ONLY the relative/friends need know the person's identity, and even they do not need to know that "Bill" is associated with some "subversive" project!
3) After several weeks of "mulling" this I rally can't see any "fall through" holes which would defeat it.
Only the "evil Bogon Empire" who have complete records of everything the Human Race has said and done for the past 100 years could defeat this.
NO NONE knows me like my sister or 20+ year friends! For example I have used an alias on many "comment boards", my sister spotted the reference the moment she saw it! No one else could possibly have done so!
Comments? Paranoia? Mike On 06/21/2014 02:52 PM, Kyle Marek wrote:
On 06/21/2014 04:54 PM, Pier-Luc Caron St-Pierre wrote:Since PGP is a decentralized model, we need to find a way to validate our identities.We could read our fingerprints to each other over TeamSpeak ------------------------------------------------------------------------ At the time of sending this message, I have not been contacted by any government official or worker regarding my participation in CipherShed or any related project. I have not been asked to supply any information to them that may be used to impersonate me nor have I been asked to aid the government or it's officials or workers in modifying part of CipherShed or any related project. I am not aware of any of my property or anything regarding me being bugged, searched, or compromised in any way. Anything that accepts PGP encryption or signing should have been cryptographically secured with my PGP key.
-- *"Ayn Rand - Philosopher in Chief to the intellectually bankrupt" Sherlock Holmes* This work is licensed under a Creative Commons Attribution 3.0 Unported License.
