Matt Traudt

An onion a day keeps the bad guys away | About me

Yes my website's onion service has changed

Posted on 19 Dec 2019 by Matt Traudt

permalink

My hosting provider went out of business.

I didn't get my onion service's keys off the box in time. Stupid. Kept putting it off like an idiot.

I took this opportunity to stop offering a v2 onion service. Now you have to use that that hot v3 goodness. Oh nooooo.

It's at http://tv54samlti22655ohq3oaswm64cwf7ulp6wzkjcvdla2hagqcu7uokid.onion now.

Like you've always been able to (but probably no one has ever done), you can verify this post was written by me by downloading this page, downloading the signature of this page by appending .asc to the URL, and using (e.g.) GnuPG. Oh and hopefully you already have my key or have a good reason to trust that the key in the footer of my website is mine. I am B7E105FC4E6D9377F89CBA4C83BCA95294FBBB0A. But the preceeding sentence is meaningless if you didn't already know that. But now I'm repeating myself. Ugh trust. Identities.

$ wget -q https://matt.traudt.xyz/posts/yes-my-websites-w6t3nxCA.html
$ wget -q https://matt.traudt.xyz/posts/yes-my-websites-w6t3nxCA.html.asc
$ gpg --verify yes-my-websites-w6t3nxCA.html.asc 
gpg: assuming signed data in 'yes-my-websites-w6t3nxCA.html'
gpg: Signature made Thu 19 Dec 2019 07:51:10 PM EST
gpg:                using RSA key B7E105FC4E6D9377F89CBA4C83BCA95294FBBB0A
gpg: Good signature from "Matt Traudt <sirmatt@ksu.edu>" [unknown]
gpg:                 aka "Matt Traudt <matthew.traudt@nrl.navy.mil>" [unknown]
gpg:                 aka "Matt Traudt <pastly@torproject.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B7E1 05FC 4E6D 9377 F89C  BA4C 83BC A952 94FB BB0A

If you're familiar with PGP you know what can be different from the above without concern. If you're not familiar with PGP, you shouldn't be trusting things because they are "PGP verified."