[ciphershed] Re: Trust - was: Warrant canary

  • From: Karen Palen <karenpalensl@xxxxxxxxx>
  • To: ciphershed@xxxxxxxxxxxxx
  • Date: Sun, 22 Jun 2014 02:55:51 -0700

Obviously no scheme can possible be 100% secure.

One of the things you have missed here is that this must be applied to EVERY project participant at the same instant!

Certainly you can defeat the scheme for any one individual, but to track down ALL of the friends/relatives of EVERY individual even remotely associated with the project is an enormous task. Even with this project as small as it is now must involve several thousand friends/relatives who have nothing whatever to do with this project.

To intimidate (legally or otherwise) EVERY one of them RIGHT NOW is as close to impossible as I can imagine, especially since (in my case at least) they would be spread over 20+ countries!

That being said, it would take some really HUGE resources to track down every friend/contact that even I alone have made for the past 30+ years. As a Ham Radio operator for 50+ years my friends include people from literally every corner of the Earth!

Many years ago I actually explored this with the NSA as a way to provide password security and they admitted that there was no way that they could keep track of my Ham Radio contacts! I doubt if the situation is much different today - unless you postulate and "evil Bogon Empire".

The essence of the scheme is to verify identity and I cannot think of any better way that through those who have known you for much of your life.

The rest is subject to revision, but I do insist that ANY scheme be a "no brainier"/"no effort" for the very long time that "nothing happens"!

Too many false alarms are deadly!


On 06/22/2014 02:19 AM, Niklas Lemcke - 林樂寬 wrote:
On Sun, 22 Jun 2014 02:06:52 -0700
Karen Palen <karenpalensl@xxxxxxxxx> wrote:

I would suggest that the only truly reliable way to validate identities
is through long time friends/relatives who can ask about memorable but
otherwise unremarkable life events.

e.g. Who barfed on Uncle Joe's shirt at his wedding?

Anyone who was actually present at the wedding would remember this, but
the odds of it being recorded in some database are minimal.

Let me propose a scheme:

1) Provided you log on to some unrelated account once per
week/month/whatever then nothing happens.

2) If someone FAILS to log on to that account (many possible
explanations at this point) then emails are sent to several
friends/relatives with a message saying something to the effect that
"something has appears to have happened to Bill please contact him ASAP

3) If the phone call/contact shows that Bill is still alive and freely
answering questions (including ones that no one could anticipate!) Then
everything resets. However if "Bill gives a WRONG answer then the
friend/relative is asked to send an email to XXX@xxxxxxx with a specific
message. Obviously several friends/relatives NOT associated in any way
to this program are required!

If any entity actually is able and willing to spend enough effort,
money, resources to dig me up at my home, force me to hand over my
keys, to shut up and to keep posting my warrant canary at the bottom of
my emails, then why should they not be capable of doing any one of the

  - Also present warrants to my family & friends, forbiding them to ring
the alarm (remember that they can certainly forbid people to speak out.
the canary works on the assumption that they can not force us--at
least not legally--to lie).

  - intercept said email

  - send a second email stating "sorry, false alarm, in fact she / he's
all good!" (no signatures of any kind either)

  - also force me to tell my family all is good

  - since they got my keys and passwords, just log on to said account on
my behalf every week

In fact I felt that this was barely more secure, but certainly more
complex than the simple email-signature canary.

I will elaborate on my view on the topic in a later email--possibly


4) IF (and ONLY IF) the specific message is received then the alarm is
sounded - as loud and widespread as possible!

I think this satisfies several requirements for such a "warrant canary:

1) If all is well no one need do anything (i.e. there is nothing to
forget). Remember this will be the case for many years. Automation is

2) Anonymity (to whatever level is desired) is preserved - ONLY the
relative/friends need know the person's identity, and even they do not
need to know that "Bill" is associated with some "subversive" project!

3) After several weeks of "mulling" this I rally can't see any "fall
through" holes which would defeat it.

Only the "evil Bogon Empire" who have complete records of everything the
Human Race has said and done for the past 100 years could defeat this.

NO NONE knows me like my sister or 20+ year friends! For example I have
used an alias on many "comment boards", my sister spotted the reference
the moment she saw it! No one else could possibly have done so!

Comments? Paranoia?


On 06/21/2014 02:52 PM, Kyle Marek wrote:
On 06/21/2014 04:54 PM, Pier-Luc Caron St-Pierre wrote:
Since PGP is a decentralized model, we need to find a way to validate
our identities.
We could read our fingerprints to each other over TeamSpeak


      At the time of sending this message, I have not been contacted by
any government official or worker regarding my participation in
CipherShed or any related project. I have not been asked to supply any
information to them that may be used to impersonate me nor have I been
asked to aid the government or it's officials or workers in modifying
part of CipherShed or any related project. I am not aware of any of my
property or anything regarding me being bugged, searched, or compromised
in any way. Anything that accepts PGP encryption or signing should have
been cryptographically secured with my PGP key.


*"Ayn Rand - Philosopher in Chief to the intellectually bankrupt"
Sherlock Holmes*
This work is licensed under a Creative Commons Attribution 3.0 Unported

Other related posts: