summaryrefslogtreecommitdiff
path: root/content/entry/icannot-be-trusted.md
diff options
context:
space:
mode:
authorNicholas Johnson <nick@nicholasjohnson.ch>2023-10-20 00:00:00 +0000
committerNicholas Johnson <nick@nicholasjohnson.ch>2023-10-20 00:00:00 +0000
commitd25b7743fb26bbe4f1648048214d17da621d070beb202630c31ae044906b3ed7 (patch)
tree027fd6c53f7fd949df4c7a22e87a90dea96cb0e88dd3dfb8dc988b43213bac1a /content/entry/icannot-be-trusted.md
parentb42f03332f305b08390e71ee498135e46ab6d1fe67ebcf85d9a37a666901d464 (diff)
downloadjournal-signify-signature-7.tar.gz
journal-signify-signature-7.zip
Use SWHIDs in Software Heritage linkssignify-signature-7
Diffstat (limited to 'content/entry/icannot-be-trusted.md')
-rw-r--r--content/entry/icannot-be-trusted.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/content/entry/icannot-be-trusted.md b/content/entry/icannot-be-trusted.md
index 54e09f9..9d1122f 100644
--- a/content/entry/icannot-be-trusted.md
+++ b/content/entry/icannot-be-trusted.md
@@ -18,6 +18,6 @@ Ideally, you're accessing this journal [over](gemini://nick6gsepvtmkcpibpid6dqtq
My Tor onion and I2P addresses aren't foolproof. They're hosted on a VPS, meaning my VPS provider could hijack them. Using nicholasjohnson.ch to access my journal, you have to trust both ICANN and my VPS though. So you're better off using Tor or I2P so you only need to trust one third party, not two.
-Brief digression: To avoid trusting any third party, you can always [verify my journal's Git repository](https://archive.softwareheritage.org/browse/origin/directory/?branch=refs/tags/signify-signature-1&snapshot=d25282c0c441839d1ca147a90699bd2c7d986a21) with [my public Signify key](/resource/signify.pub) and a small utility called [git-signify](https://git.nicholasjohnson.ch/git-signify/). If there's any doubt the key is mine, I gave a [Libreplanet talk](https://media.libreplanet.org/u/libreplanet/m/taking-back-the-web-with-haketilo/) with my public key in the slides five months ago and I have an unbroken history of public keys going back to December of 2020 starting with my original [GPG key](/2021/12/30/statement-of-gpg-key-transition/) which I transitioned away from.
+Brief digression: To avoid trusting any third party, you can always [verify my journal's Git repository](https://archive.softwareheritage.org/swh:1:rev:0990ac4365ea2e436a9d28aeefdd16ec65c27afa;visit=swh:1:snp:d25282c0c441839d1ca147a90699bd2c7d986a21) with [my public Signify key](/resource/signify.pub) and a small utility called [git-signify](https://git.nicholasjohnson.ch/git-signify/). If there's any doubt the key is mine, I gave a [Libreplanet talk](https://media.libreplanet.org/u/libreplanet/m/taking-back-the-web-with-haketilo/) with my public key in the slides five months ago and I have an unbroken history of public keys going back to December of 2020 starting with my original [GPG key](/2021/12/30/statement-of-gpg-key-transition/) which I transitioned away from.
If you yourself are an online service provider, please follow my example and offer a Tor onion and/or I2P address to help resist ICANN's power.