If you're reading this, you are probably wondering what to do with that .sig file you just downloaded. This is a detached GPG signature. If you download the full size photo (click on the image), you can verify the authenticity against my public PGP key using a command like so:

gpg --verify IMG_1234.JPG.sig IMG_1234.JPG

A digital image is a rectangular grid of pixels. Each pixel can be altered by a piece of software such as Photoshop, with absolute precision, and in principle leaving no evidence that such alteration has occurred. In practice, sweeping changes to an image are often made in a sloppy manner which leaves detectable traces such as a high contrast edge, but there is a growing community of skilled image manipulators who are capable of creating artful forgeries.

Furthermore, it will not be long before such forgery can be done on a massive, automated scale. It is not inconceivable that somebody might hook up a face detection system to a fact replacement system and install it on a core router to alter history.

A 23rd century historian will likely have a deep mistrust of digital sources: a digital image is just a bit stream, a bit stream is just a number, and a number has no intrinsic historicity. We are in the early years of a total digital migration; historians will learn about us not by digging our trinkets out of the mud, but by sifting through our bit streams. And when probing the contents of web.zip, how are they to know which parts are authentic and which might have been tampered with in a 22nd century practical joke?

Public-key cryptography provides a partial solution. By signing our artifacts and building a web of trust, our treasured facts can survive further into the future without evaporating into myth.