blob: 9865558132d1287e856bb3d840a91a2c7703ec53 (plain
registered, if they do then all scripts loaded from that domain must be signed by
the user using a `data-signature` attribute containing a link to the detached
signature of the script.
Keybase user. Any subsequent changes to domain ownership on Keybase must be validated
by the user.
Compromised web servers run rampant in the wild. We visit all sorts of websites and run arbitrary
code from hundreds of different domains daily. The boys in tinfoil hats run [NoScript](https://noscript.net/)
That's where KPJS comes in, instead of trusting a server in some data centre somewhere to give us "safe" scripts,
we trust people instead. Using GPG and Keybase we can have publicly verifiable proof that a script was signed by a person
that we trust rather than a malicious third party (unless our trusted party's GPG key is compromised - but that's a
little bit harder than compromising a server and usually involves leaving the house).
## Things to note
- this hasn't been audited and shouldn't be used as front-line defence for your questionable internet activities