From 07c979edd9ae8941ddb182a2ef7bfa39df3fe0a0042e62cee6a4b91792ab6e64 Mon Sep 17 00:00:00 2001 From: Nicholas Johnson Date: Mon, 8 Apr 2024 00:00:00 +0000 Subject: New entry: why-i-timestamped-my-journal --- content/entry/why-i-timestamped-my-journal.md | 50 +++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 content/entry/why-i-timestamped-my-journal.md (limited to 'content/entry/why-i-timestamped-my-journal.md') diff --git a/content/entry/why-i-timestamped-my-journal.md b/content/entry/why-i-timestamped-my-journal.md new file mode 100644 index 0000000..37500b1 --- /dev/null +++ b/content/entry/why-i-timestamped-my-journal.md @@ -0,0 +1,50 @@ +--- +title: "Why I Timestamped My Journal" +date: 2024-04-08T00:00:00Z +tags: ['computing'] +draft: false +--- +## Foreword + +Before I talk about timestamping, I just want to make clear that this entry does not constitute a return to writing. I'm still [taking a step back](/2023/12/09/journal-update-26/ "Journal Update 26: Taking a Step Back") from writing. I'm only writing this entry to give context for the new timestamp I created. + + +## Why I Timestamped My Journal + +As AI improves, it will get harder to differentiate synthetic (AI-generated) media from human-created media. Thus there's a need for a verification system that can confirm the human provenance of media. What does this have to do with timestamps? Well, for sophisticated data such as this journal, timestamps can be used to prove that it existed *prior* to AI's ability to generate it. This proves its human provenance. + + +## How I Timestamped My Journal + +One way to timestamp data is by embedding its hash into the Bitcoin blockchain. Even if Bitcoin falls out of favor and miners stop securing its blockchain, a historical copy of the ledger would be all that's necessary to verify timestamped data. Given Bitcoin's cultural significance and the fact that its ledger is widely witnessed, genuine historical copies of its blockchain will probably be preserved for a long time, allowing verification of any timestamps within it. [OpenTimestamps](https://opentimestamps.org/) is the software I used to do just this. + + +## How to Verify The Timestamp + +Here's the procedure for verifying this journal's timestamp (and thus its human provenance): + +Prerequisites: + +* Git +* OpenTimestamps +* A local Bitcoin node + +Commands: + +```sh +git clone https://git.nicholasjohnson.ch/journal && cd journal +ots verify -d "$(git show-ref --hash signify-signature-10)" static/resource/timestamp-2.ots +``` + + +## Critiquing My Last Timestamping Entry + +Now I first had this idea back in November of 2021 and wrote an entry about it titled "[future-proof digital timestamping](/2021/11/13/future-proof-digital-timestamping/ "Future-Proof Digital Timestamping")". There are a number of issues with that entry and I could spend time nitpicking it, but it's primary deficiency is that the idea of timestamp chaining via successor ledgers is erroneous. + +Timestamp chaining could perhaps provide stronger assurance of the legitimacy of the timestamps (due to the successive blockchains having the largest amount of cumulative work), but the gains in assurance would only be very marginal at best, it's all predicated on Bitcoin having endless successors that also rely on energy-intensive proof-of-work, and there would have to be software supporting such a scheme. In my estimation, that's all highly unlikely. + +But one good idea contained in that entry was to restamp this journal's Git repo to future-proof its timestamp. The old timestamp was performed on the old repo which used the broken SHA-1 hashing algorithm. Since then, I converted the repo to the new SHA-2 object format and SHA-2 support in Git has been stabilized. So everything I needed to create a new, stronger timestamp was present. Well, almost everything. + +The only issue I ran into was that the OpenTimestamps software does not have sufficient [Git integration](https://github.com/opentimestamps/opentimestamps-client/blob/master/doc/git-integration.md "OpenTimestamps Git Integration") to embed timestamps within Git objects in SHA-2 repos like it can for SHA-1 repos. So I just timestamped [the most recent tag](https://git.nicholasjohnson.ch/journal/tag/?h=signify-signature-10 "Most Recent Tag of Journal Repo") manually, creating a fully separate [.ots proof file](/resource/timestamp-2.ots "Timestamp Proof File") which is verified without using OpenTimestamps' GnuPG wrapper. + +Hopefully the new timestamp lasts. If not, both [Software Heritage](https://archive.softwareheritage.org/browse/origin/directory/?origin_url=https://git.nicholasjohnson.ch/journal "Journal Repo on Software Heritage") and [Archive.org](https://web.archive.org/web/*/https://nicholasjohnson.ch/ "Journal on Archive.org") have centralized timestamps of this journal as fallbacks. -- cgit v1.2.3