Eugen RochkoBEGIN KEYBASE SALTPACK SIGNED MESSAGE. kXR7VktZdyH7rvq v5wcIkHbsCt0yJF jncIIVWkV03MTb9 0N48z5wEwi2qKSi JzzJW0TxAnT51N5 1ilqiPF1fB2OdZs lUPR2qlJ83nvY6N gvpGWXAiIU7DjF9 b9Fe6cxmWsfPx7M i1zLyl7tTkd9yEI rGjIwq2ZBfy5Bi9 eDMTx6d6TPOu0mL AqMYPPyWBmaaenz RwTMUTbrQPL2jdC aNYkwRN8enSv2w8 nEm6US6VNaANbHh M2ur0HJ0ZkCkuXo OmV1XPJqgCJUswE NaBHAwxRi0fVM7P vjM2VkB8vz9PJpR u8XNF7VD6wkMfDB Jx9bvlo4fqKRu5b 60. END KEYBASE SALTPACK SIGNED MESSAGE.
If some account claiming to be me cannot do that, it's an obvious fake.
This verifies a connection to my Keybase account, which also links to my GitHub and Twitter accounts, it's signed using the key listed on zeonfederated.com, which was my domain for many years and uses SSL.
Kevin Marks@Gargron I still think rel="me" (and maybe rel="notme") is a better answer than adding yet another thing to check as a key.
Andrew Roach ✅@Gargron what stops people from doing a copypasta on the thing you just published?
@ajroach42 The message says "I am [email protected]" 😂
@Gargron oh. Derp. I guess that make sense.
Anonymous Memeity@memeity @ajroach42 You can't do that because you don't have my private key that I sign it with.
Jona Joachim@Gargron BEGIN FOOBAR ALLYPOURBASE SIGNED MESSAGE -2-@+8℅£=`¥×NSNZJJnskkzo+#+#++2=£=£=$=¢ END AWESOME MESSAGE this is linked to my example.com domain through the amazing technology of interwebs between youporn.com and bit.ly in the presence of jupiter. Can't be called a toot without it!
Ronflaix™ (inactive)@Gargron How can we tell if you're the right Eugen behind this account?
josef
eventi ✅@Gargron It would be cool if keybase supported a mastodon proof
INACTIVE@Gargron Can't a fake account just copy and paste that into their own toot?
Maiyannah Bishop@deadsuperhero Yes, they can.
Bryan@Gargron “obvious” for some non-zero amount of work to make it obvious. Better than nothing, though!
💻 Eelco ✅@Gargron does this mean I need to update my instance? I get the raw encoded message ...
@eelco No, no. It's supposed to be like this.
The Joker ❎@Gargron Ive seen these kind of messages before. Could you please tell me what they mean and how I can read them?
An octopus that has moved@Gargron Am I the only person that sees people posting these and just goes "Must be them then" without actually verifying them?
I get as far as "BEGIN SIGNED MESSAGE" before glazing over and thinking "Yeah, seems legit"
@troubleMoney Haha. Well, it's there for the record.
@Gargron I even have a keybase account, I really should bother checking these things occasionally, but eh... effort
mulander@troubleMoney @Gargron I light up seing BEGIN then read KEYBASE and realize that neither I nor any of my friends saw his ID. I don't also fully trust saltpack as a proven method.
@mulander @troubleMoney I could do PGP with the same key but I don't know if it would fit into 500 chars.
@Gargron @troubleMoney it would not, but you can make a specific toot and sign a message with a permalink to it.
Though on a serious note don't bother. What you did is OK and more than necessary for 90% people. It's definitely better than no verification at all.
I was making a small joke stab. I'm also on keybase: https://keybase.io/mulander