I'm trying to get my head round HTTP Signatures as they're used extensively in the Fediverse. Conceptually, they're relatively straightforward. You send me a normal HTTP request. For example, you want to POST something to https://example.com/data You send me these headers: POST /data Host: example.com Date: Sat, 24 Feb 2024 14:43:48 GMT Accept-Encoding: gzip Digest: SHA-256=aaC57TDzM0Wq+50We2TkCsdMDvdqON92edg7KI+Hk8M= Content-Type: application/activity+json Signature:…
Continue reading →
I recently saw Robin Moisson's method of password protecting a statically served HTML page. It's quite neat! But it does rely on JavaScript. That got me wondering if there was a way to encrypt a static page only using CSS? And... I think I've done it! I'll warn you now, this is a deeply stupid way to solve the problem. Here's a screencast of the demo in action: https://shkspr.mobi/blog/wp-content/uploads/2023/02/fucking-stupid-css-encryption-lol.mp4 Type the password and the page…
Continue reading →
Messaging app Signal is launching a payment service in the UK. This will allow users to send each other money cryptocurrency. Many people have written about why this is a daft idea. But they've mostly talked about why cryptocoins corrupt everything they touch. I want to talk about why this is a shitty idea from a product perspective. It all comes down to user needs. What pain point are you removing? Uber made taxis mildly less irritating, for example. But the UK already has a fairly mature…
Continue reading →
I'm not sure if I'm the first person to do this - but I'm going to claim credit anyway! Terence Eden is on Mastodon@edentHello! This Tweet has been signed with my PGP Key. pic.x.com/ed4rcldlvw❤️ 41💬 7♻️ 008:03 - Thu 14 May 2020 You can verify by pasting the alt text into keybase.io/verify - or by using your favourite command line tool. Back in 2017, I wondered if Twitter's alt text could be (ab)used to store message metadata like a PGP signature. Sadly, the limit was 420 characters per image.…
Continue reading →
This is a quick tutorial on how to encrypt your Twitter messages using PGP with the help of Keybase.io. I read an article yesterday which seemed to imply that Twitter was mangling PGP encrypted messages (albeit unintentionally). There is a minor bug in Twitter's web interface - but PGP seems to work perfectly in apps. So, I want to demonstrate how it can be done successfully. I've written this article with a non-technical audience in mind - feel free to point out any areas where I can make…
Continue reading →
(An adaptation of my earlier blog post on the same topic.) This is a case study focusing on the usability of encryption systems as used by political dissidents in Apartheid era South Africa. Background - South Africa Between 1948 and 1994, the nation of South Africa was ruled by an ethnically white minority. They set in place a system of government – known as Apartheid - which suppressed, brutalised and discriminated against other races. The African National Congress (ANC) was formed in the …
Continue reading →
In 1987 MI5's former Assistant Director, Peter Wright, released his autobiography. Spycatcher: The Candid Autobiography of a Senior Intelligence Officer. It was immediately banned by the British Government. Although the Internet wasn't around to facilitate its distribution, it was trivial to obtain copies imported from Australia. As a boy, I remember seeing the publicity about it on the news and being very upset that my parents had a copy! In light of the recent revelations by Edward…
Continue reading →
I have been reading a wonderful account of how The ANC in South Africa developed and used encryption to avoid persecution by the Apartheid regime. The article is a good 15,000 words and will take you some time to read. It is a fascinating account of how an ersatz encryption technology was developed by enthusiastic amateurs using acoustic couplers, DTMF, tape recorders, and early mobile phones. I'm going to ignore the technical aspects - which are wonderful to read - and talk about the human…
Continue reading →
You should visit Bletchley Park. Seriously. It's the most amazing museum - dedicated to the wartime effort to crack Enigma; the Nazi cryptographic machines. The tour guides of Bletchley Park are full of fascinating stories. They can tell you how all the primitive computers work, about the history of each building, they know all the curious little facts which make visiting the park an absolute joy. There's one story in particular that I never tire of hearing. By 1945, Turing's computers…
Continue reading →
As Shakespeare said... "[Blog posts are] a tale told by an idiot, full of sound and fury, signifying nothing." Today Ofcom published the responses it had for its consultation on plans for the BBC to encrypt its HD broadcasts. The blogosphere went nuts! DRM? Not on our watch. Boing Boing mobilised its army of commentators, the BBC published two blog posts which quickly filled up with comments, Facebook statuses were updated and all these links were retweeted until our fingers were worn to …
Continue reading →
· ActivityPub CyberSecurity encryption fediverse http · 10 comments · 550 words