
Ask HN: Is it time for social media posts to have digital signatures? - gjvnq
Given the recent Twitter hack, I wonder if we would all be safer if there was a way to digitally sign tweets and other posts.<p>Basically you could sign your tweet with PGP or X.509 and anyone could click on a little padlock icon on your tweet to  download the signature for verification.<p>I imagine only a few accounts would actually use it (mainly cryptonerds and important officials).<p>Do you think it would help or would it just be a waste of time?
======
rootshelled
How would this even work? Normally for such signatures there is either a
hierchy of trust (ssl) or you know them personally (PGP). Even if there was a
working model, if Twitter itself got hacked, an account could just claim they
lost their key and made a new one.

~~~
shuntress
For most people that's true but for extremely high profile like Barack Obama,
Jeff Bezos, Bill Gates, they will have other channels to confirm their
identity (and their current public key).

If you want to stretch to the logical extreme full-dystopian deepfake future
where any message could be fake then the only real solution is the free press.
A distributed network of groups and individuals that will each independently
validate the things that people do and say then make those validations
available for the general public to review.

------
Rishi2184
In my opinion that definitely will help theoretically! But a significant
number of users will find it complicated to use, in a business point of view
implementing something that compromises user-friendliness isn't a good
strategy. Probably this is one reason why blockchain based dApps are yet far
from being mainstream. Majority of users of mainstream social network/email
don't even use MFA to secure their accounts.

------
fabianfabian
Yep signed tweets solve this and it doesn’t need to be perfect, it can even be
partially automanaged by Twitter infrastructure just to restrict staff.

------
fractionalhare
This feature - social media comment authentication - substantially exists
already on Twitter. It also already involves cryptography.

Under the current flow, tweets by notable people are authenticated if their
profiles have the blue check mark. In turn, Twitter is authenticated by the
TLS connection between your web browser and the server located at twitter.com,
which is itself attested by one of a selection of certificate authorities you
trust. A security compromise in Twitter should break your trust in the blue
check mark authentication "scheme", just as a breach in a certificate
authority should undermine your trust in the certificates it signs.

Suppose you want to augment this chain of trust with additional cryptography.
You stand up a public key infrastructure (PKI) with unique public/private key
pairs corresponding to every Twitter account. Each tweet is now digitally
signed with the private key of its account owner, and the tweet view features
a small tooltip which allows you to view the signature and the public key.

How do you augment this system so it's robust against a user's account being
compromised? You could enforce two-factor authentication, sure. But if an
individual account is successfully compromised, the attacker will be able to
post arbitrary tweets with valid signatures corresponding to the victim's
account, unless you segregate the signing functionality from the posting
functionality. This puts us back to where we are now, but with more software
to support and maintain.

What if we design this system to be robust against account takeover? We can
make it so that every tweet requires a signature based on something only the
real account owner owns. For example you could move the private key onto a
Yubikey, which doubles for two factor authentication. Then a user needs to use
the Yubikey to sign each tweet at post time. This incurs a significant
usability barrier, but it might still be attractive to a small set of paranoid
users. However the threat model it's defending against is not very compelling,
because if you already have a hardware security token for producing digital
signatures, your two factor authentication is robust anyway. Signing tweets in
this way reduces to just authenticating with that token when you log into the
account.

Finally, how do you defend against Twitter itself being compromised? This is
what happened today. Assuming Twitter is being trusted to run this PKI, a
compromise in Twitter is still going to undermine your trust in the
authenticity of any given tweet. That again brings us back to where we
currently are, but with more complex software to maintain and nontrivial
performance cost.

It's an interesting idea, but I don't think the juice is worth the squeeze.

------
georgehparsons
yes, it would help

------
georgehparsons
yes

