←back to thread

ArchiveBox is evolving: the future of self-hosted internet archives

(docs.sweeting.me)
663 points nikisweeting | 2 comments | 16 Oct 24 16:18 UTC | HN request time: 0.001s | source

We've been pushing really hard over the last 6mo to develop this release. I'd love to hear feedback from people who've worked on big plugin systems in the past, or anyone who's tried our betas!
Show context
petertodd ◴[16 Oct 24 20:05 UTC] No.41863256[source]
You really should add timestamping to ArchiveBox. The easiest way to do that would be via my OpenTimestamps protocol, https://opentimestamps.org It's open source and free to use, and uses Bitcoin for the actual timestamps. Users of it do not need to make Bitcoin transactions themselves as a set of community calendar servers do that for you. You also don't need a Bitcoin node to create an OTS timestamp, and you can validate an OTS timestamp without a Bitcoin node as well by trusting someone else to do that for you.

The big thing that ArchiveBox can't do, and the Internet Archive can, is attest to the accuracy of the archive. Being at least able to prove that the archive was created in the past, prior to there being a reason to tamper it, is the best we can realistically do with current cryptography. So it'd be really good if support for timestamping was added.

IIUC ArchiveBox is written in Python; OTS has a Python library that should work fine for you: https://github.com/opentimestamps/python-opentimestamps

replies(2): >>41863331 #>>41863419 #
nikisweeting ◴[16 Oct 24 20:10 UTC] No.41863331[source]
We're going to add TLSNotary support for real cryptographic signing, see my comments below :)

Timestamping is also on my roadmap, definitely as a plugin (and likely paid) as it's more corporate users that really need it. We need to keep some of the really advanced attestation features paid to be able to support the rest of the business.

replies(2): >>41863370 #>>41865422 #
1. petertodd ◴[17 Oct 24 01:00 UTC] No.41865422[source]
> We're going to add TLSNotary support for real cryptographic signing, see my comments below :)

Last I checked TLSNotary requires a trusted third party. I would strongly suggest timestamping TLSNotary evidence, to be able to prove that evidence was created prior to any of these trusted third parties being compromised.

replies(1): >>41867122 #
2. nikisweeting ◴[17 Oct 24 07:01 UTC] No.41867122[source]
Of course, TLSNotary stuff would necessarily come with a whole ecosystem, including some sort of transparency log like certificate transparency logs, DNS record keeping, timestamping, etc.

But we'll start with the basics and work our way up to completeness.