About Sign My Data!
Secure Evidence Attribution Llabel (SEAL) is an open solution for assigning attribution with authentication to media. It can be easily applied to pictures, audio files, videos, documents, and other file formats.The basic concept is that you can create a file and digitally sign it.
- The signature does not mean that the file belongs to you and does not imply that the contents or metadata are accurate.
- The signature means that you attest to the contents.
What does it mean to "attest" to a file?
- Witnessing: Like a notary, the signer validates that the contents of the file existed at the time of the signing. (This is not the same as validating the contents; validation is a different process. The witness only knows that the content existed at the time of the signing.)
- Tamper-proof: After signing, someone else cannot alter the file or contents without invalidating the signature. (In order to tamper with the file, the forgery must replace the signature.)
- Impersonation-proof: The only person who can sign with the signer's signature is the signer. Someone else cannot impersonate the signer's signature.
Why use SEAL?
- Ownership: If you claim to own a file (copyright, authorship, etc.), then sign it! This doesn't resolve the issue where two different people sign the same file contents, resulting in competing signatures. However, it does help someone track down the different people who attest to the signatures.
- Pedigree: Where did this file come from or how was it handled? If an online service signs a file, then you know that it was processed by that service. If the signature is attributed to a person, then that person handled the file and may be able to clarify the otherwise-unverified information in the metadata.
- Evidence: Evidence for use in a court of law requires proper collection and handling processes. Evidence that is altered (tainted, tampered) can easily be excluded from a court proceeding. SEAL permits signing a file and detecting that it has not been altered after the initial signature.
What is Sign My Data!?
The SEAL process supports local signing and remote signing:- Local signing: You sign your own document (image, video, text file, etc.). The signature is as trustworthy as the signer.
- Remote signing: The document is signed by an external notary service. Since the notary is unrelated to the document being signed, the signature is more trustworthy.
To put this into perspective:
Anyone can take a photo with a camera. But how can you show that you took the photo?
- The original camera metadata typically identifies the device, camera settings, and date/time the photo was captured. If GPS is available, then it may also record the general area where it was photographed. However, this may not identify that you took the photo. (Authorship, copyright, and other distinctive credits are usually not recorded by the camera.)
- Many graphics programs and metadata editors permit annotating files. This includes specifying the photographer and copyright information. However, this doesn't prevent someone else from altering the data. A false attribution can permit stealing someone else's content or can attribute the content to someone else (impersonation).
- The SEAL system allows you to sign the file. At that point, the signature is only valid if the data is unaltered. While someone else could remove the signature, SEAL prevents someone else from signing it as you; SEAL stops impersonations.
- A remote signer, like Sign My Data!, adds one more level of security: it is an independent notary who witnessed that the content and metadata existed at a specific date and time. It also proves that it was signed at your specific request.
Does Sign My Data! keep a copy of the file?
Sign My Data! never needs to see the file that you are signing. Instead, you generate a digest of the file (e.g., a SHA256 or similar hash) and then provide the digest for signing. The digest identifies your file without distributing your file, while the signature ensures that the digest is correct.Even if your file is many gigabytes in size, a digest like SHA256 summaries the file into 32 bytes. (That's really tiny.) The digest cannot be used to regenerate the file, and the likelihood of any two different files having the same SHA256 value is about 1 in one hundred fifteen quattuorvigintillion (1 followed by 77 zeros). (Or for you math gurus who want to include the birthday paradox, then it's about 1 in three hundred forty undecillion, or 340 followed by 36 zeros.) In any case, the likelihood of two files coincidentally having the same SHA256 digest value is so remote that the SHA256 digest is effectively unique. If two files have the same digest, then they are likely the same file, and if two files have different digests then they are definitely different files.
Sign My Data! must receive a copy of your computed digest for signing. However, that digest cannot be used to recreate your file. (This ensures privacy.) Moreover, Sign My Data! does not retain a copy of your file's digest.
In addition to the signing, the Sign My Data! service is not needed to validate the signature. We never know who or when the signature is being evaluated.
Is Sign My Data! free?
The SEAL specifications are free, open source, and public domain.The signing tools used by SEAL are also free and open source. Because they are provided by different developers, they have different licenses. Some are public domain, while others use GPL, MIT, BSD, or other public licenses.
This Sign My Data! online service is provided by Hacker Factor, the same company that provides FotoForensics, Hintfo, and other forensic services. Sign My Data! requires account registration but does sell that information and does not collect other data. In addition, we don't use ads or other web services that could track you. (There's a jaded view of free online services: "if you're not paying for the service then you are the product." With this service, you are not the product, you are the customer.)
Sign My Data! is currently offered as a free service. However, hosting, bandwidth, and maintenance are not free. If users begin abusing the service (like when a Google employee tried to send every image at Imgur through FotoForensics; I'm still miffed about that), then we may have to limit the number of free signatures per month.