News: ReddiTrust, New Browser Addon to Combat Reddit Identity Theft

Featured Image: A demonstration of the ReddiTrust application using an intentionally malformed message

As soon as I saw the news that /u/spez, administrator of Reddit, had silently edited comments against user’s intent, I came up with the relatively simple idea of an application which allows you to sign your messages, allowing others to know they really came from you.

ReddiTrust on GitHub

The principle is simple, the application, which I call ‘ReddiTrust’ uses public-key cryptography to allow you to sign and verify messages on reddit. The idea being, you use a ‘private’ key to ‘sign’ you messages, which can be verified using you ‘public’ key. Because only signatures signed by your private key will verify, somebody logging on to your reddit account or a sneaky administrator editing your posts won’t be able to impersonate your ‘signature’.

Right now the public-key scheme used by ReddiTrust is called RSA. Elliptic-curve support is on the way.

To use ReddiTrust yourself, feel free to install version Alpha 1.2 and check it out (Install Instructions).

Please report any bugs you find to me as the application is currently in alpha. As of right now I am also very sleepy and too tired to see any bugs myself.

Please take note that this application is in alpha, and that I can guarentee you it is not secure against a battle-ready reddit. Do not count on it for any high-risk applications should you get the idea.

UPDATE: Alpha 1.0a released, fixes bugs. Noncritical but recommended

UPDATE: Alpha 1.0b released, fixes bugs. Critical that you update

UPDATE: Alpha 1.0c released, fixes bugs. Relatively important that you update

UPDATE: Alpha 1.1 released, adds new features. You probably want this update

UPDATE: Alpha 1.1a released. Minor fixes.

UPDATE: Alpha 1.2 released. New features, higher usability


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s