On Sun, 22 Jun 2014 02:06:52 -0700 Karen Palen <karenpalensl@xxxxxxxxx> wrote: > I would suggest that the only truly reliable way to validate identities > is through long time friends/relatives who can ask about memorable but > otherwise unremarkable life events. > > e.g. Who barfed on Uncle Joe's shirt at his wedding? > > Anyone who was actually present at the wedding would remember this, but > the odds of it being recorded in some database are minimal. > > Let me propose a scheme: > > 1) Provided you log on to some unrelated account once per > week/month/whatever then nothing happens. > > 2) If someone FAILS to log on to that account (many possible > explanations at this point) then emails are sent to several > friends/relatives with a message saying something to the effect that > "something has appears to have happened to Bill please contact him ASAP > and ask him about XXX AND SOME OTHER QUESTION THAT ONLY HE COULD ANSWER!" > > 3) If the phone call/contact shows that Bill is still alive and freely > answering questions (including ones that no one could anticipate!) Then > everything resets. However if "Bill gives a WRONG answer then the > friend/relative is asked to send an email to XXX@xxxxxxx with a specific > message. Obviously several friends/relatives NOT associated in any way > to this program are required! If any entity actually is able and willing to spend enough effort, money, resources to dig me up at my home, force me to hand over my keys, to shut up and to keep posting my warrant canary at the bottom of my emails, then why should they not be capable of doing any one of the following: - Also present warrants to my family & friends, forbiding them to ring the alarm (remember that they can certainly forbid people to speak out. the canary works on the assumption that they can not force us--at least not legally--to lie). - intercept said email - send a second email stating "sorry, false alarm, in fact she / he's all good!" (no signatures of any kind either) - also force me to tell my family all is good - since they got my keys and passwords, just log on to said account on my behalf every week In fact I felt that this was barely more secure, but certainly more complex than the simple email-signature canary. I will elaborate on my view on the topic in a later email--possibly tonight. Niklas > > 4) IF (and ONLY IF) the specific message is received then the alarm is > sounded - as loud and widespread as possible! > > I think this satisfies several requirements for such a "warrant canary: > > 1) If all is well no one need do anything (i.e. there is nothing to > forget). Remember this will be the case for many years. Automation is > essential. > > 2) Anonymity (to whatever level is desired) is preserved - ONLY the > relative/friends need know the person's identity, and even they do not > need to know that "Bill" is associated with some "subversive" project! > > 3) After several weeks of "mulling" this I rally can't see any "fall > through" holes which would defeat it. > > Only the "evil Bogon Empire" who have complete records of everything the > Human Race has said and done for the past 100 years could defeat this. > > NO NONE knows me like my sister or 20+ year friends! For example I have > used an alias on many "comment boards", my sister spotted the reference > the moment she saw it! No one else could possibly have done so! > > Comments? Paranoia? > > Mike > > On 06/21/2014 02:52 PM, Kyle Marek wrote: > > On 06/21/2014 04:54 PM, Pier-Luc Caron St-Pierre wrote: > >> Since PGP is a decentralized model, we need to find a way to validate > >> our identities. > > We could read our fingerprints to each other over TeamSpeak > > > > ------------------------------------------------------------------------ > > > > At the time of sending this message, I have not been contacted by > > any government official or worker regarding my participation in > > CipherShed or any related project. I have not been asked to supply any > > information to them that may be used to impersonate me nor have I been > > asked to aid the government or it's officials or workers in modifying > > part of CipherShed or any related project. I am not aware of any of my > > property or anything regarding me being bugged, searched, or compromised > > in any way. Anything that accepts PGP encryption or signing should have > > been cryptographically secured with my PGP key. > -- Niklas At the time of writing, no warrants have ever been served to me, Niklas Lemcke, nor am I under any personal legal compulsion concerning the CipherShed project. I do not know of any searches or seizures of my assets.
Attachment:
signature.asc
Description: PGP signature
