-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Sun Mar 16 06:16:12 AM EDT 2025 I am the admin of itsnothing.net (@Unknown@ioc.exchange) and co-admin of THGTOA. I will update this canary within 1 month. Sorry for any possible confusion this may cause. Latest bitcoin block hash: 00000000000000000001b1fc228c3c7ad22e46d0ec73efcef9bae44dd1bb737b I am in complete control of all my key material. All previous keys have been revoked as part of standard OPSEC key rotation procedures. Do NOT encrypt communications to my old keys, I will not read them. The key currently published on https://keyoxide.org/8B3A74890536BAD50D9376EBF1CB32F67E3302A1 with a fingerprint of 8B3A74890536BAD50D9376EBF1CB32F67E3302A1, is my only PGP key for public communication. It IS published on public keyservers now. Please refrain from uploading it there (again). Someone already broke this rule. Permanent record of old and new PGP keys: the old key(s) were: pub rsa4096/0xB208C4084A2C582D 2022-11-04 [SC] [expires: 2027-11-03] Key fingerprint = D793 9998 F78B ADB5 18C1 B600 B208 C408 4A2C 582D uid [ultimate] Nope pub ed25519/0x21AB6B6A6CB2C337 2023-07-14 [SC] Key fingerprint = C87D 8746 6FD2 0594 5CF1 0A38 21AB 6B6A 6CB2 C337 uid [ultimate] nopenothinghere@proton.me and the new key is: pub ed25519/0xF1CB32F67E3302A1 2024-03-29 [SC] Key fingerprint = 8B3A 7489 0536 BAD5 0D93 76EB F1CB 32F6 7E33 02A1 uid [ultimate] nopenothinghere@proton.me To fetch the full key, you can simply do: gpg --keyserver keys.openpgp.org --recv-key 0xF1CB32F67E3302A1 ** Note: this keyserver is experimental.[0] I still have yet to add these keys to the I2P keyserver pool, and I don't know if I will. If you have previously signed my key but did a local-only signature (lsign), you will not want to issue the following, instead you will want to use --lsign-key, and not send the signatures to the keyserver. ** gpg --sign-key 0xF1CB32F67E3302A1 I'd like to receive your signatures on my key. You can either send me an e-mail with the new signatures (if you have a functional MTA on your system): gpg --export 0xF1CB32F67E3302A1 | gpg --encrypt -r 0xF1CB32F67E3302A1 --armor \ | mail -s 'OpenPGP Signatures' Additionally, I highly recommend that you implement a mechanism to keep your key material up-to-date so that you obtain the latest revocations, and other updates in a timely manner. You can do regular key updates by using parcimonie[1] to refresh your keyring. Parcimonie is a daemon that slowly refreshes your keyring from a keyserver over Tor. It uses a randomized sleep, and fresh tor circuits for each key. The purpose is to make it hard for an attacker to correlate the key updates with your keyring. I also highly recommend checking out the excellent Riseup GPG best practices doc, from which I stole most of the text for this transition message ;-) https://riseup.net/en/security/message-security/openpgp/gpg-keys Please let me know if you have any questions on how to verify. Nope (Anonymous Planet) 0. https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f 1. https://directory.fsf.org/wiki/Parcimonie -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQSLOnSJBTa61Q2TduvxyzL2fjMCoQUCZ9aleQAKCRDxyzL2fjMC oVmWAP9IWPFx9h1DTPtxZxSBAXbdE5FmIBFRso/hPRpT84kckgEAo8CeU0/DsCmS GRMMkWI6LQMGwV+bNEYwAaHofnyW+go= =ppEo -----END PGP SIGNATURE-----