I’ve started signing all of my posts here with my GPG key. As a tl;dr, you can get the markdown source and the signature file at the bottom of each post, and you can verify that the post was signed by me by using my public GPG key.

Why sign blog posts?

Let’s say you run an underground news website, disseminating important information. Perhaps you live in a failed democracy and you need to broadcast information to the world about the things that are happening there. You want your readers to be able to trust that the information they receive is coming from the same group, in case your website gets hacked. If you set up a GPG key when you start your blog, and always sign your posts.

Ok, but why are you signing your blog posts?

To be honest, it’s a bit silly. No one is likely to even read my blog, let alone ‘attack’ me. The above scenario is pretty unlikely to happen on Anna’s Dusty Old Blog. And for general proof-of-ownership, my keybase profile already connects this domain name to the rest of my online identity.

But over the next few years, I think it’s depressingly likely that we will need something like a Voice of the Resistance. Maybe I’m being paranoid. I sincerely hope I’m being paranoid. But this is a proof of concept.

I can’t do very many things to help fight against injustice. I’m no good in a physical fight. I’m terrible at public speaking. But I know software, and infrastructure, and I have a pretty decent handle on crypto. And I want to be ready.

So, if you want to see how I’ve set this up, this site’s source code is available on github. It runs on jekyll.

And if you aren’t especially technical but you find yourself needing to set up something similar for a more ‘serious’ purpose, get in touch.