😈😈😈 PGP 256% AIRDROP BOUNTY SIGNATURE SPAM CAMPAIGN! Old-school CRYPTO 😈😈😈

[nullius]

Announcing the.nym.zone’s

PGP 2²⁵⁶% AIRDROP SIGNATURE SPAM CAMPAIGN
😈😈😈 BOUNTY for old-school CRYPTO! 😈😈😈
Get your Pretty Good Privacy!

Airdrop Bounty Shill Payola Terms:

In exchange for your participation in this campaign, you will receive 2²⁵⁶%* airdrop bounty spam payola consisting of pretty good privacy for yourself and those with whom you communicate.

(* All airdrop percentages herein stated apply the same quality of maths as seen in a typical scamcoin.)

Privacy is one of the most valuable things you can have in this world.  It is priceless!  And the more you participate in this campaign, the more privacy you will get airdropped to you by virtue of natural consequences.  This is without a doubt the #1 most honestly highest-paying spam campaign ever seen on this forum!

By participating, you will also show off that you are elite and cypherpunk chic.  Laugh at the n00bs who think that “crypto” means a knock-off shitcoin scam.  You will be using old-school crypto, 90s cypherpunk style.

Remember that the more you spam for the pro-PGP, pro-privacy message of this campaign, the more elite you will be!

Incentives for posting:  The more high-quality posts you make (as judged by the merit they earn) while participating in this campaign, the more awesome you will be.  This will make you rightfully proud.  Bonus giveaway:  Replying in this thread with a post which is both witty and PGP-signed will give you a chance to show off!  (Non-PGP-signed replies may be nuked by me, at my discretion.)

To be eligible for airdrop, users must follow these rules:

0x0. Use PGP.

0x1. Use PGP!

0x2. Add at least one (1) PGP fingerprint to your signature.  A longid/shortid does not suffice:  You must devote space in your signature to at least one full fingerprint, at normal or greater font size.

To qualify, the pertinent key MUST be available through sks-keyservers.net.  Of course, it MUST be a fingerprint for your own key, as verified through below requirements.  It MUST contain uid(s) with valid e-mail address(es) which people can use to contact you privately, using PGP from any other mailserver in the world (Protonmail is unacceptable).  If you are able to place links in your signature, then your PGP fingerprint MUST hyperlink to EITHER your key on sks-keyservers.net, OR on a website belonging to you or to some group or company of which you are a part (not on Keybase).  See my own signature for an example.

Note for those who already display full PGP fingerprints in their signatures:  I suggest that you follow the above-described format.  But if you don’t want to change your signature, I will consider it “grandfathered” if you post a link to an archive on web.archive.org or archive.is, showing a post of yours with your signature before the original timestamp of this post.  Of course, you will still need to follow the other rules, including a PGP-signed joinder message in this thread per Rule 0x4 below.

Privacy note for n00bs:  As true whenever you distribute a PGP key, your e-mail address(es) will be available through your key’s uid(s).  This is how the Internet is supposed to work:  You give out an e-mail address, so that people can contact you.  People connect.  Magic happens!  —  I do realize that not everybody on a Web forum wishes to expose an e-mail address.  Thus, I suggest two solutions:  Consider using a mail provider with excellent spam blocking.  Support my feature request for a forum remailer, in lieu of PM.

0x3. Add the words, “Use PGP!” (or another pro-PGP message of your creative choice) to your signature.  If you are able to place links in your signature, then the text must hyperlink to this thread.

0x4. Make a post in this thread to join the campaign.  Requirements are further stated below.

0x5. Spam the forum with high-quality posts which earn merit.  Users who fail to spam the forum with meritorious high-quality posts may be kicked out of this campaign, at my exclusive discretion.

0x6. Spam your friends by PM, e-mail, knocking on their doors, etc., to preach to them the good word that they should Use PGP!

0x7. Spam the hell out of Twitter, Facebook, Telegram, Reddit, and every other “social media” site and communications channel, with messages promoting PGP use!  Note:  I don’t use any of these sites, so I can’t check up on this requirement.

0x8. If you show patent evidence of having failed to read the rules, then you will be banned from the campaign for a duration at my discretion (likely permanent).  If you include a Bitcoin address in your PGP-signed joinder statement, then you will be permabanned from the campaign.  If you have negative trust, then you may be banned from the campaign at my discretion.  I may ban anybody for any reason or no reason, at my discretion.

0x9. These rules may be changed by me at any time.

0xa. Use PGP for your personal correspondence, your business correspondence—all your online corespondence, all the time!  If any of your correspondents do not use PGP, then you should send them a PGP-signed message explaining to them they should use PGP.

0xb. (Optional)  Staple copies of the Cyphernomicon, The Crypto Anarchist Manifesto, A Cypherpunk’s Manifesto, and other suitable propaganda to local lamp-posts, trees, goldfish, etc.

0xc. (Optional)  If you are female and attractive, use PGP-encrypted e-mail to express your intense desire for me.  Otherwise, just send me a PGP-encrypted “hello”.

0xd. (* Required)  Use Bitcoin.  Bitcoin is cypherpunk money.  Satoshi Nakamoto fulfilled a decades-old yearning when he invented Bitcoin!

0xe. (RECOMMENDED)  Take the next steps to securing all your communications, such as by using OTR for instant messaging.

0xf. Use PGP!

Requirements for joinder post:

To officially join this spam campaign, you must post in this thread a PGP clearsigned statement with the following information:

• Lusername and forum uid
• Your PGP fingerprint
• URL where your PGP key can be easily downloaded by lusers who don’t know how to use keyservers, meeting the requirements stated above.  KEYBASE LINKS DO NOT MEET THIS REQUIREMENT.
• Optional:  If your primary key(s) are certification-only and kept exclusively on an airgap machine, you MAY say so for extra elite-points.  Although there is no way for me to verify that you actually use an airgap machine, if you make such a statement, I will verify that you have a (C)-only primary key.  n00bs, if using GnuPG:  man gpg and look for --expert --full-generate-key and --export-secret-subkeys.  As for advice if you can’t figure it out (but first, RTFM and try).
• Optional:  Iff you plan to spam Twitter, etc. with messages promoting PGP use, please provide a link to your account so that others can follow you.

The statement MUST be PGP clearsigned.  Those who post unsigned join requests will be banned from the campaign.  You may enclose the statement in [code] tags if desired, or not if not desired.  The important part is that I must be able to verify it.

The statement MUST NOT contain any Bitcoin addresses, or other payment info.  Those who post join requests containing payment addresses will be permabanned from this campaign.  This rule is set so I can easily drop-kick bounty chasers who post in this thread without reading the rules.  Other than this, you may include other info and/or witty remarks as you desire.

Keybase links are not accepted, because I want to push people to get their keys out onto keyservers.

A live example of a statement meeting the above requirements:

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Lusername: nullius (#976210)

PGP fingerprint (ECC): 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C
https://sks-keyservers.net/pks/lookup?op=get&search=0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C
Certification-only primary key on airgap machine: true

PGP fingerprint (RSA): 0xA232750664CC39D61CE5D61536EBB4AB699A10EE
https://sks-keyservers.net/pks/lookup?op=get&search=0xA232750664CC39D61CE5D61536EBB4AB699A10EE
Certification-only primary key on airgap machine: true

“‘If you’re not doing anything wrong, you have nothing to hide.’
No!  Because I do nothing wrong, I have nothing to show.” — nullius

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSNOMR84IlYpr/EF5vEJ5MVn575SQUCWqXCiwAKCRDEJ5MVn575
SWOqAQCbAtG6sQ9UDkrViVuEjAXMHbOEbuk/D7c/sq77s8woTwEAocoR1d0hr8EE
UOnIWtWmB6dfZs86E0SfGdJKSolQSAE=
=dNtc
-----END PGP SIGNATURE-----

With that, I myself join this campaign!

Code:

#ifndef FOURTH_WALL

Meta:

Why am I doing this?

I am sufficiently passionate about PGP use that I would put on a live public sex show to promote it.  For a serious discussion, see “On the virtue of Ciphersex”.  Moreover, I struggle with an internal conflict over signature advertising campaigns.

I like signature ads (or at least tolerate them) when they make it worthwhile, or even make it possible for smart people to devote huge chunks of their lives to an Internet forum.  I highly respect some people who carry paid sig ads.  And I myself may come to face a pragmatic necessity for a paid signature ad.

But I really dislike the concept.  The old-school net curmudgeon in me feels that the purpose of a signature is for PGP fingerprints, witty quotes, and links to one’s own personal/business websites.  It’s a matter of culture; and culture is pervasive.  When I recently saw this opinion about how the forum thrived before paid signature advertising was invented—yes, I get it:

Would you also be happy if all the signature campaigns are removed from the forum ? That will make all the merits and ranks useless than right.

Radical solution lol, most users would be done using this forum.

Nonsense.   Five years ago there were no signature campaigns, and bitcoin was worth a few dollars.  This forum thrived back then.

Part of my motive behind this campaign is to create at least a modicum of positive social counter-pressure against monetary incentives.  Taking myself as an example:  The amount of money I could already get for a sig ad is very significant to me.  It’s painful not to take it.  One reason why I thus far don’t, is that I look at my PGP key fingerprints—and I get sad.  Negativity against sig ads is only one part:  I feel a positive urge to keep what I already have there.  Money needs to compete with something which has non-monetary value to me.  I want to induce others to feel the same way.

Code:

#endif /* !FOURTH_WALL */

End-User License Agreement:

By copying, quoting, or even reading this post, you irrevocably signify your agreement to be forever bound by the following terms and conditions:

Code:

/**
 * ----------------------------------------------------------------------------
 * "THE BEER-WARE LICENSE" (Revision 42):
 * <nullius@nym.zone> wrote this file.  As long as you retain this notice you
 * can do whatever you want with this stuff. If we meet some day, and you think
 * this stuff is worth it, you can buy me a beer in return.   "Michael Cassio"
 * ----------------------------------------------------------------------------
 */

(Shamelessly pilfered from the original Beer-Ware License by Poul-Henning Kamp.)

Credits:

• Campaign Manager: “Michael Cassio” <nullius@nym.zone>
  ECC: 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C
  (RSA: 0xA232750664CC39D61CE5D61536EBB4AB699A10EE)
  
  
  
  
  

  I claim that your real name is Michael Cassio. [...]
  
  

  Reputation, reputation, reputation! O, I have
  lost my reputation! I have lost the immortal part of
  myself, and what remains is bestial.

• Produced by: The.Nym.Zone
• Topic title emoji art credit, plus credit for what runs my PGP:
  
  
  
  
  
• Sponsored by: RFC 4880, your interest in your own privacy, and sarcasm.

[1714140021]

1714140021

[1714140021]

1714140021

[1714140021]

1714140021

[1714140021]

1714140021

[nullius]

😈😈😈 CAMPAIGN PARTICIPANTS 😈😈😈

Listed in chronological order.  Further explanation/rules will be added here and in OP.  (WIP)

Note:  All signatures have been verified by me.  Timestamps given are the timestamps claimed in the signature, not the post timestamp.  (Though if I see evidence of somebody playing games with this, I will use post timestamp for that person instead.)

Lusername	uid	Joining Rank	PGP Fignerprint(s)	Joined
nullius	976210	Member	0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C (0xA232750664CC39D61CE5D61536EBB4AB699A10EE)	2018-03-11T23:58:03Z
satoshi	3	Founder	0xDE4EFCA3E1AB9E41CE96CECB18C09E865EC948A1	(Honourary.)
mattcode	1361227	Newbie	0xBC2BB1D36104939BE924AA51A09E643F541C0FC5	2018-03-12T14:59:16Z
Meretrix	1935564	Newbie	0xB589C6F74DCAE7A2E932A9773E0E253A69696969	2018-03-25T16:28:09Z

[nullius]

Reserved for metadata (if any).

[mattcode]

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

BitcoinTalk Account: mattcode (#1361227)

PGP fingerprint: 0xBC2BB1D36104939BE924AA51A09E643F541C0FC5
https://sks-keyservers.net/pks/lookup?op=get&search=0xBC2BB1D36104939BE924AA51A09E643F541C0FC5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEvCux02EEk5vpJKpRoJ5kP1QcD8UFAlqmlcQACgkQoJ5kP1Qc
D8U+rQ/+Jr58uaD0/o6FKq525mPFNDNDsrIL46lXaF8+KJPd0AYdU8ubhOAo88Ty
Ts6nJPqRaWyjHWpxVtNebYWwOrmgy3ljnkke9djlI1v/hJL/0pKS9/866ojT/Px3
GXCfOMtKtzyGF9lAwhwX1OwnH0zsVahW5c0aQooOxmx/2zL8tCInnMTWqh+zB64t
xKkaPR9gqjVhf6qn5Dz+0gIgmQzY5ZqBljw9oR22WiGKL8e1lpOigHi+kuSxTnwm
7BHDPw9D3Plbg319dJgP8n8jAkGWxf79cHjGeUeuLDUn910+OfGYhM92R1PPGLiO
EB8DHeZMjyhq/VR1tbBL2SJLAYYmfbUbAHYULHCfV7kjHWeEYm4I3QbBpc/s81ra
oVzQI5RJNAL/JVGb2fkKgYLdgV28vCphoZFHuuKAvrZJtzjwuQ+bjRgms/BxSx+k
GeheN079yayG2phL+0YCViZ2Z35ap0qbGAcckGEAyR7nnHmaW2rqzSZhQIidWS9p
dlns6jtxpp79COK0NJpMA1x3ACYDlkmvLS1CC8Gx4MtP0PgUCEi6KQpbQgWA7ibU
o76T5jcK88Bp/APxbVNMGoaPZlZtMsb7fVqonDeBzxTVseeKCfPh3dHk/V+Gewky
cUep8Um2/Hn+JP/PH6C6dO0hAwwJ6y0ku+CoOSesOnZfVAtBv2w=
=qjbO
-----END PGP SIGNATURE-----

Wish my signature space wasn't so restrictive so that I could fit "Use PGP!" instead of just "PGP!".

ninja edit Just bought copper membership, everything fits nicely now

[YuTü.Co.in]

Professor nullius, would you be so kind in explaining to the class as to why PGP sigs are so long? BTW, nice lookin' apple you have there on your desk. I'm guessin' it's a Chelmsford Wonder. Was it from the teacher's pet or a leftover from your sacked lunch?

[nullius]

Professor nullius, would you be so kind in explaining to the class as to why PGP sigs are so long?

I presume that you refer to the long hexadecimal string in this spam campaign’s forum sig, not a PGP signature (as in a PGP-signed message).  Well, class, that hexadecimal string is a PGP key fingerprint.  It is calculated from the public part of the primary key, plus some metadata.  To understand what that string is, open your textbooks to RFC 4880 § 12.2:

A V4 fingerprint is the 160-bit SHA-1 hash of the octet 0x99, followed by the two-octet packet length, followed by the entire Public-Key packet starting with the version field.  The Key ID is the low-order 64 bits of the fingerprint.

To construct the public-key packet, you must consult several other sections of the RFC.  Well, that’s not the pertinent part here...  The answer to your question is that a PGP key fingerprint is a SHA-1 hash.  A SHA-1 hash is 160 bits, or 20 binary octets.  Encoded in hexadecimal, that takes 40 characters (not inclusive of any prepended “0x”).

The 64-character “Key ID” mentioned above is simply a portion of the hash.  I don’t consider that to be secure:  Supercomputers or distributed computing can do 2⁶⁴ work; an although this is not directly applicable due to using ASICs made for a different hash, the global Bitcoin mining network already does 2⁶⁴ double-SHA-256 hashes in a fraction of a second.  And the old 32-bit “short ID” is ridiculously insecure, as shown by the Evil32 site.  Rely only on the full fingerprint.  N.b. that although SHA-1 is broken for collision attacks, faking somebody else’s PGP fingerprint would require a preimage attack.  SHA-1 has not been broken for preimage attacks.

For homework, please read RFC 4880.  Tomorrow, I will give you a secret surprise pop quiz on which of the following items are needed to calculate a PGP fingerprint:

[0] IANA-assigned parameter identifying the public-key algorithm

[1] Unsigned 32-bit creation time

[2] Private key data

[3] Public key data

[4] Merkle nonce

[5] A gift to your professor of apple brandy

(Choose all which apply, and none which do not.)

BTW, nice lookin' apple you have there on your desk. I'm guessin' it's a Chelmsford Wonder. Was it from the teacher's pet or a leftover from your sacked lunch?

Neither.  My buddy who runs a home distillery had that left over from the ingredients for his latest new batch of brandy.  He switched to Chelmsford Wonder, after I told him that Macintosh is overpriced junk.

[YuTü.Co.in]

Professor nullius, would you be so kind in explaining to the class as to why PGP sigs are so long?

I presume that you refer to the long hexadecimal string in this spam campaign’s forum sig, not a PGP signature (as in a PGP-signed message).  Well, class, that hexadecimal string is a PGP key fingerprint.  It is calculated from the public part of the primary key, plus some metadata.  To understand what that string is, open your textbooks to RFC 4880 § 12.2:

A V4 fingerprint is the 160-bit SHA-1 hash of the octet 0x99, followed by the two-octet packet length, followed by the entire Public-Key packet starting with the version field.  The Key ID is the low-order 64 bits of the fingerprint.

To construct the public-key packet, you must consult several other sections of the RFC.  Well, that’s not the pertinent part here...  The answer to your question is that a PGP key fingerprint is a SHA-1 hash.  A SHA-1 hash is 160 bits, or 20 binary octets.  Encoded in hexadecimal, that takes 40 characters (not inclusive of any prepended “0x”).

The 64-character “Key ID” mentioned above is simply a portion of the hash.  I don’t consider that to be secure:  Supercomputers or distributed computing can do 2⁶⁴ work; an although this is not directly applicable due to using ASICs made for a different hash, the global Bitcoin mining network already does 2⁶⁴ double-SHA-256 hashes in a fraction of a second.  And the old 32-bit “short ID” is ridiculously insecure, as shown by the Evil32 site.  Rely only on the full fingerprint.  N.b. that although SHA-1 is broken for collision attacks, faking somebody else’s PGP fingerprint would require a preimage attack.  SHA-1 has not been broken for preimage attacks.

For homework, please read RFC 4880.  Tomorrow, I will give you a secret surprise pop quiz on which of the following items are needed to calculate a PGP fingerprint:

• IANA-assigned parameter identifying the public-key algorithm
  
  [1] Unsigned 32-bit creation time
  
  [2] Private key data
  
  [3] Public key data
  
  [4] Merkle nonce
  
  [5] A gift to your professor of apple brandy
  
  (Choose all which apply, and none which do not.)
  
  

  BTW, nice lookin' apple you have there on your desk. I'm guessin' it's a Chelmsford Wonder. Was it from the teacher's pet or a leftover from your sacked lunch?
  

  
  Neither.  My buddy who runs a home distillery had that left over from the ingredients for his latest new batch of brandy.  He switched to Chelmsford Wonder, after I told him that Macintosh is overpriced junk.
  

I noticed your avatar, bud. It resembles what I used at one time. In the past life, or was it the life before that? ... now I forgot what I was gonna say.  Wait, now I remember! Granny Smith.

[Meretrix]

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Lusername: Meretrix (#1935564)

PGP fingerprint (secp256k1): 0xB589C6F74DCAE7A2E932A9773E0E253A69696969
https://sks-keyservers.net/pks/lookup?op=get&search=0xB589C6F74DCAE7A2E932A9773E0E253A69696969
Certification-only primary key on airgap machine: true

I am key ID 0x69696969, because PGP is sexy. 😍

And my primary key uses secp256k1, for I love Bitcoin. :-)

-----BEGIN PGP SIGNATURE-----

iHUEARMKAB0WIQR2NiRH6y8H8a8wqpAmSzukVNnRjwUCWrfOVAAKCRAmSzukVNnR
jw/+AP4m+X0439ExxpzR4nINliCBAAs36HRqgEKkdZUAfdJoOgEA1ZVipkr9dciq
AnRCOf9BYQ1ALjRIGa1fz+Sj7zY6c3k=
=ZlYQ
-----END PGP SIGNATURE-----

[ovcijisir]

Great campaign! Didn't do all that is required but it sparked the interest for cryptography and made me realize why is it important.