RoverTreks
RoverTreks

In part I of this series on How To Protect Your Property Online, we talked about the value of using digital signatures and setting your files to a read-only status before posting them on the Internet. In this post, we’ll talk about two different cryptographic solutions you might find useful.

Pick A Solution: A Free or Paid Service?

Here are two solutions for you to consider. The first is free. The second is a paid service.

A Free Solution: GPG Tools

GPG Tools is a free cryptographic application you download and install on your computer. You use this program to sign files with your digital signature. Here's how it works.

First, you create a public/secret key pair. Your public key is that which you share with others so they can send encrypted files to you. Your secret key is for your use only. If you share your secret key with someone, you’re compromising your security.

Second, you use your key to sign files. You select the file, right-click on it, and create a digital signature of that file. You use the same procedure with batches of files.

GPG creates a separate signature file for every file you sign. A best practice is to make your file is read-only before you sign it. Yes, someone can “undo” the read-only status of the file and alter it. Your goal is to have proof of the existence of the file, in a certain composition, digitally signed at a certain date and time, before anyone else is known to possess that file.

You can also use GPG to sign and/or encrypt Email messages and files. And you can exchange them with others using GPG. All you do is exchange public keys with your recipients.

Want to test your key? Send us an Email bearing your digital signature. Make sure to tell us where you're roving or, what your plans to rove are in the future!

Want to send us a test encrypted message? Go to the PGP/GPG public key server (your GPG program links to it) and download our RoverTreks public key. You'll need that key to encrypt your message to us.

Note: Some Internet Service Providers won't let you post your GPG public key on your website. They consider these keys to be a “security risk” on their servers.
Is the key dangerous? In and of itself, no. What they're worried about is you and your correspondents trafficking in encrypted communications they can't “see”. For all they know, you could be engaged in criminal activity.

  • GPG is the open source (meaning free with the source code open to public inspection) version of the commercial PGP suite.
  • Go here to download GPG for Windows.
  • Go here to download GPG for the Mac.
  • For instructions on how to install and use GPG for Windows go here.
  • For instructions on how to install and use GPG for the Mac go here.

GPG: Advantages

  • Free
  • Easy to use
  • You're in control: No reliance on third-party services.
  • You can sign files one at a time or in batches
  • Provides proof of ownership by digital signature with a date/time stamp
  • You can encrypt Email and files and send them to trusted parties who also use GPG/PGP

GPG: Disadvantages

  • No easy way to keep track of all the files you sign, even if you create a method to batch sign files. You'll need to keep your files in directories or create a database to keep track of all digitally signed files with their signature files.

A Commercial Solution: DigiProve

DigiProve is a commercial digital signature service. You can sign up for a free account or pay for more robust services via monthly plans.

If you run a WordPress site, you'll install the DigiProve plugin. After you configure it, the plugin does all the work for you. You can set up the plugin to sign just about anything on your site: posts, pages, files, HTML, and more. Once you click the “Digiprove and Publish” button on your website, your post and all files associated with that post are signed digitally. Digiprove will keep the certifications on their site. You can download copies of these certifications when you need them.

Digiprove offers other features too. You can set up the application to thwart web scraping. The Digiprove plugin will inhibit the common right-click and copy function available to users through their browsers, warn them about copying protected material, and send you an Email alert bearing the IP address of the user behind the copy attempt.

Here’s an example of a DigiProve Email alert about an attempt to select and copy a post from RoverTreks on February 24, 2018:

Digiprove's Copyright Proof plugin detected the following event:
A user long-touched (tried to select), page=driftwood-artist-converts-dreams-to-realities/
IP address: 73.169.207.109
You are receiving this email because of your WordPress Copyright Proof settings for the site rovertreks.com
You can visit your Digiprove account by logging in at …

We assume from this DigiProve alert that a user was trying to scrape the driftwood images off of our RoverTreks site.

DigiProve Advantages

  • Basic service is free
  • The first month of any service is free
  • It's nearly transparent to the user once set up
  • It's a comprehensive solution for your website. You can sign some or all files on your site, including all website configuration files
  • Off-site storage of all signed file certificates on the DigiProve site
  • A separate, standalone application that runs on the computer that allows you to batch process digital signatures for entire directories/drives
  • Provides third-party proof of your ownership
  • Inhibits right-click select and copy functions on your website
  • Relieves users from some of the manual steps involved in signing files
  • Additional services include Tweets, Emails, files and more signed by DigiProve

DigiProve Disadvantages

  • The standalone batch signature application for the MAC doesn't work at present. DigiProve is working on a fix. We haven't tested this app on a PC.
  • They don't offer encryption services. Their business model focuses on authentication and non-repudiation in cyberspace (see Part I about these notions).

Example

Look at our photo below of a painter in Thailand. We referenced this photo in Part I of this series.

This photo is a target for webscrapers. But we post it here and on RoverTreks social media accounts because it is signed by DigiProve and RoverTreks digital keys. If it shows up somewhere else, we have proof it belongs to RoverTreks.

Painter, Terra Cotta Arts Garden, Chiang Mai, Thailand. Digitally signed by RoverTreks.
Painter, Terra Cotta Arts Garden, Chiang Mai, Thailand. Digitally signed by RoverTreks.

Wrap-up

These tools work. And you can find other free and fee-for-service tools you can use on the Internet. Just do a Google search for digital signature services.

Your best defense is a good offense. Brand yourself and your work. Trademark your brand. Specify the rights to your work. Use digital signatures to brand and create evidence of your work. You'll be glad you did so if the day arrives when you need proof.

Up Next

In Part III of this series, we'll share some ideas on how to detect online reuse of your content

Until then, practice safe hex in cyberspace.

Tom & Karla

Post Update:

After our initial post, some readers decided to check out the right-click-copy function of the DigiProve plugin that runs on this site. Here's one message we received about this copy attempt.

Digiprove's Copyright Proof plugin detected the following event:
A user long-touched, page=rovertreks-a-photographic-review-of-our-travels-in-2017/
IP address: 174.58.214.104
You are receiving this email because of your WordPress Copyright Proof settings for the site rovertreks.com

******************************************************************

Editors Note

We publish this post for your use as information only and under the condition, it is not construed as us rendering legal advice to you. Please note the terms and conditions for your use of this site here if you would like more information.

******************************************************************

***********************************************************************

You've come this far.  Please signup for our alerts list to see the latest stories as we post them. It’s free!  And we won’t share your data with anyone – period. You can sign up here. And here's plus. Once you sign up, you can comment on our stories via Email!

***********************************************************************

Previous articleHow to Protect Your Property Online: Part I
Next articleSavannah’s Prohibition Museum: History And Our Love-Hate Relationship with Alcohol
Karla & Tom — Editors, RoverTreks
Karla is the Chief Executive Officer of RoverTreks.Com. She is a member of the bar in Georgia and Texas, with 30-years of public sector executive experience and 10-years as an Adjunct Professor teaching Technology Law and Enforcement, Cyber Civil Litigation, and Cyber Business Law courses at the graduate school level. She is a member of the North American Travel Journalists Association. Tom is a retired cybercrime expert (see tomtalleur.com) who now works as a technology and travel journalist. His feature-length stories span travel, technology, history, culture, security, national security, military affairs, languages, communications technologies, and law. He's is the Managing Editor of RoverTreks, and member of the North American Travel Journalists Association and the International Food, Wine and Travel Writers Association. Media appearances: CNN, CNBC, ABC, MSNBC, National Public Radio, The Washington Post, Los Angeles Times, New York Times, The National Law Journal, Decision Management (Ireland), Fortune Magazine, Ebusinessforum.com, ZDNet News, USA Today, e-BUSINESS Advisor magazine, eWEEK, CIO magazine, CFO magazine, Accounting Today, Government Executive Magazine, Time, The San Francisco Chronicle, Matrix, The Chronicle for Higher Education, Newsbits, Information Security News, and Business 2.0.