1---
2title: Removing your site from the Wayback Machine (GPG)
3subtitle: A quick-ish and easy-ish guide
4author: Amolith
5description: Quick-ish and easy-ish guide on removing and excluding your domain from Archive.org's Wayback Machine using GPG keys
6cover: /assets/pngs/archive.png
7date: 2019-06-04T21:57:00-04:00
8draft: false
9categories:
10 - Technology
11tags:
12 - Archive.org
13 - Privacy
14 - Sysadmin
15toc: true
16---
17
18## Preface
19If you simply want to remove your website and nothing else, read through
20the setup and verifying identities sections then continue from the [For
21domains you
22own](/removing-your-site-from-the-wayback-machine-keybase/#for-domains-you-own)
23section of the previous post. If you're wanting to address
24accounts/profiles on websites you don't own, read on.
25
26In addition to dealing with the Wayback Machine, this article is also
27supposed to help you get started using GPG in every-day life for general
28security and privacy.
29
30## Getting set up
31### Installation & Generating Keys
32First of all, you'll want to install GPG. The package on most
33distributions should be just be `gnupg`.
34- Debian: `sudo apt install gnupg`
35- Arch: `sudo pacman -S gnupg`
36- Fedora: `sudo dnf install gnupg`
37
38The next step is generating your key. While it will take a bit longer to
39generate, a stronger key will be more secure. Also make sure you read
40this excerpt from the `man` page as it contains a useful warning.
41
42>**WARNINGS**
43>
44>Use a *good* password for your user account and a *good* passphrase to
45>protect your secret key. This passphrase is the weakest part of the
46>whole system. Programs to do dictionary attacks on your secret keyring
47>are very easy to write and so you should protect your `~/.gnupg/`
48>directory very well.
49
50With that said, use `gpg --full-gen-key` to get started. Keep in mind
51that you don't actually have to use your real name or personal email
52address. If you *want* a personal key, go ahead and create one but you
53can also use a pseudonym and fake address if you'd like.
54
551. I would use the default (1) of "RSA and RSA".
562. Again, you can use default but I would recommend 4096 bits because
57 it's much more secure. This does mean, however, that it will take
58 longer to generate the key.
593. An expiry date is recommended but you don't necessarily have to set
60 one.
614. You *don't* have to use your real name. You can use a pseudonym if
62 you wish.
635. You *don't* have to use your personal email. You can use a
64 pseudonymous one if you wish.
656. You don't need a comment
667. Confirm
678. Come up with a ***secure*** password or, even better, a pass*phrase*.
689. Move your mouse around a bit, type, something like that while it's
69 generating the key.
70
71### Email
72I use [Thunderbird](https://www.thunderbird.net/) for email and there is
73a great addon for it called [Enigmail](https://enigmail.net/). It's
74quite easy to set up and use but there is a really annoying bug that
75you'll experience when replying in threaded mode. If you want to encrypt
76a reply, simply open the editor in a new window.
77
78## Verifying Identities
79In general, all you'll have to do is type something along the lines of:
80
81> I am \<your-name-here\> and I own the following accounts:
82> - Account 1 - \<link\>
83> - Account 2 - \<link\>
84> - Etc.
85
86You'll save that in a text file, run `gpg --clearsign file.txt`, copy
87the output, then paste it wherever it needs to go, whether that's a
88blog, a GitHub gist, etc. With Twitter/Mastodon and their character
89limit, this won't quite work. The best solution there is probably to
90post a link to a gpg-signed message on your website that links back to
91the post.
92
93Really, all you have to do is tie all of your accounts together in as
94close-knit a web as you can and sign with your GPG key wherever
95possible. Linking everything to everything else would definitely work
96but it should also be enough to link everything to a single document on
97your website (or a gist in GitHub etc.) that links back to all of those.
98
99I'm probably not explaining very well so here's a diagram showing it.
100
101
103
104Note that the email links to everything else but nothing links back to
105the email. It's the main document that's at the centre of it all. Make
106sure both it and the email are signed. If you toot, link to the toot in
107the main document. If you make a gist, link to the gist in the main
108document.
109
110## Sending the email
111Once you have all the groundwork laid out, you'll be ready to send the
112email; the address is [info@archive.org.](mailto:info@archive.org)
113Explain what you would like done and link to the document requesting
114your domain exclusion first as that's the easiest to verify. In the next
115paragraph, I would explain a little bit about what you've set up with
116signing messages and creating the "Web of Verification" (lol). Under
117that, I would link to the posts asking for the accounts to be removed.
118Make sure those posts also link back to the main document. Be polite,
119say thank you, then send the email!