Hi All,
Last night I saw a video by Charles about fixing Twitter.
He proposed using Cardano to fix the problem of fake Twitter posts by offering the ability to sign messages using the public/private key encryption already built into Cardano in a way that does not add complexity to the user experience.
There is a real danger that the Twitter accounts of leaders may be hijacked and used to cause panic.
So I see this as an important service that the Cardano community can provide.
I would like to see an integration with the Ledger Nano, or similar hardware wallet as well, because people will be trusting the tweets more if they are signed whereas there is room to doubt the authenticity of a tweet now. So while the frequency of these attacks are greater now, the severity of the attacks will be greater if someone fakes a signed tweet.
The Ledger Nano or other hardware wallet could help with this. When making transactions, the Nano reduces the possibility of losing control of the private key, but just as important, the Nano anticipates the possibility that the computer or phone you are using to make a financial transaction has been compromised. That’s why you see the recipient’s address on the little Nano screen before sending funds. The nano is making sure that the recipient’s address on your computer screen is the same address for which the computer is asking the Nano to send funds. The Nano is confirming that your computer is not lying to you.
The same mechanism could be used for sending tweets. Before the Nano signs the tweets it would show you the tweet on the little nano screen to be sure that the computer is showing you the same thing it is showing to the Nano. Seems to me that this is just another little application that can be built for the Nano using the BOLOS development environment. Regular twitter accounts may not need all this extra protection but leaders should consider using it on their accounts.
For Crypto-Journalism where the journalist may or may not wish to remain anonymous, and wants to prove that he or she is the author of a complete body of work, (such as a regular column in a newspaper) and that the work has not been tampered with - a Nano will not work because the screen is to small and because two buttons is not enough for a reasonable person to write with. Still the security issues remain the same. It must be assumed that any computer which connects to the Internet can be remoted into by any government and by most criminals or has been compromised in some other way. For this situation my brother and I have developed the free and opensource PrivateKeyVault. This is an airgapped computer. The journalist writes documents from behind the airgap where remote viewing is not possible and sends them across the airgap via qr-codes for publishing.
This video shows how to use the Vault for crypto-journalism.
The video takes 48 minutes to demonstrate how to create, send, receive, and read a secret cake recipe between two affiliated bakeries. So the whole thing is kind of silly. But I might give others in the community some ideas on how to solve the real problems faced by reporters and leaders with regard to establishing the authenticity of a broadcast document.
Finally, MyEtherWallet as a built in utility for signing documents and another for verifying authenticity using the same private key which is used for spending. I think this would be a very handy addition to the Yoroi wallet if there is time for that.
One of the things MEW states is that a signed message can be saved by bad actors and reused in ways that are not intended by the author. So each message should be uniquely identified with perhaps a time stamp and other information that would make it obvious that the signed message is not being used as intended.