SUCH a cool experiment out of the Harvard Library Innovation Lab: https://archive.social
Allows you to capture a thread from Twitter and archive it in sealed PDFs to attest to legitimacy.
Could be enormously useful to journalists, archivists, etc, particularly with Twitter facing a perilous future.
@molly0xfff This is pretty neat, but the explanation leaves me with questions.
First, I wonder about the wisdom of putting the signing key within the blast radius of nginx, certbot, etc... This key needs to remain private for the useful life of the captures, so that seems needlessly risky.
As it's explained here, a heartbleed style bug (or web server compromise) would render prior signatures useless.
@molly0xfff Second, "we couldn't have created it after a certain date" -- Why? Is there a 3rd party timestamp authority here?
If so, it could mitigate the previous concern (not super well - you'd be talking about whether the key was compromised before/after signing).
Surely the timestamp authority would have been worth mentioning.
Molly White
chrismarget