wiki:doc/proper

Version 3 (modified by proper, 8 years ago) (diff)

--

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is my personal user site in the torproject.org wiki. It explains how you can contact me and what the caveats are.



Contact me by e-mail

I do not trust any e-mail providers. They can shut down or impersonate my account at any time. If that concerns you, read GPG security below.

In the past I used proper at tormail.net but it was way too often not reachable and even mails got bounced.

At the moment I am using '''proper _a-t_ secure-mail _d-o-t_ biz'''.



GPG security

GPG as it is, is secure. The tricky thing is the web of trust model and being sure, you got the right GPG key. As an anonymous developer I can't get my GPG key signed.

Anyone can edit the torproject.org wiki and exchange this content with malicious one. Therefore check the history feature. Obviously I do trust Tor and torproject.org. My wiki account should be genuine.

I have another personal site, [https://github.com/TorBOX/TorBOX https://github.com/TorBOX/TorBOX], which contains my GPG key. Github.com is accessible over SSL. Note, that the SSL public certificate authority system is not to be trusted, since the recent major security breaks. Github.com has also the power to exchange my GPG key with a malicious one.

As soon as our website https://www.torbox.org is ready, my GPG key and GPG fingerprint will be mirrored on at least on three different sites (torproject wiki, torbox,org, github).

gpg --fingerprint 9C131AD3713AAEEF

pub   4096R/713AAEEF 2012-03-02
      Key fingerprint = 9B15 7153 925C 303A 4225  3AFB 9C13 1AD3 713A AEEF
uid                  proper <e-mail removed>
sub   4096R/794279C4 2012-03-02

After all, the GPG key also only proves, that a message was singed with a specific key id. It doesn't prove, if I am a genuine or evil developer or even a whole entity. Also see [https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Trust TorBOX/Trust].

-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJPxN6BAAoJEJwTGtNxOq7vmosP/R7GgWaTEBn51UVsThjk5UcL
DN/mP1cnncEZAhUYnfkJEamny+PBgKNSkGC6OB85VvRFKINFNIY/uWsa8rCKZydF
8K9+WNEHKwIKj3Md04WkkH44dVWLGU35WCE/+w57dO8ShaA9/ZO9QEIUBln8t8Oq
0p004o8cMmPHKHkI2aomCfnQpRTX657xeJHqEP+g1AvHBurOxrwX5ZZPfWwLV9s5
96cDdgW84khel26qR59icM6LJ+KFEI2a6mAlJ4LxyjxcIfKjaxr3lDCV2rXEh2ZB
y5dJD/PXxhK2X1lASroVvTTfFoksNpvxPDWd4+GXx3ZBHGx/Htbb0PBW1aLBT1O6
52L4RqEHkJmDQR9tkCM2fGtqBhbEy7KYKfAciBrKmVUScrMSCmYi0wh6ap2S55YP
h/NuJWu7MCzgO6QnADNC94XlBJGnYjCT4EUbBPfKVTly47wmJNGt6hvA5G8GQgeD
ah/DfknyD7x0fNG96eDvNJlUp8OA9M4QbmdAbYDRu3C+hmVoWr0WoHmxWBXZ2nqc
3wyBGln/awrjevGwv/mJfZ3vlLYiGSEDUg/haTScV4Io4ZDa24Ot2akBLdkujzRR
ezCu/xEdaxzbFvPrjMmLDL3TTWcp8ipvCf5axTX2ozRus94NTwxtmglsrHdkBsmO
++uIzNsprXMR/Y6ZKhSn
=DwT/
-----END PGP SIGNATURE-----