Carter Has Gone. Please Welcome Rebel.

2025-07-07T14:57:48+08:00

Six days ago, I suffered from an OpenPGP compromise, and I had to revoke my old identity and establish a new one. Now, my new identity is ready. Please say goodbye to my old identity, Carter, and welcome my new identity - Rebel.

The Tough Times - What I Have Done Over the Past Six Days

Since 2025-07-01T09:18:05Z, the time when my OpenPGP was compromised and revoked by me, I started contacting all my friends, telling them about the incident, and began sorting out all my files.

After discussing my OpenPGP compromise in an XMPP public channel about GNU/Linux and Unix, they pointed out that even free software cannot guarantee a high level of security, as security vulnerabilities are widely found in free software projects. I decided to try some security-hardened operating systems like QubesOS. However, due to its steep learning curve and the urgency of establishing my new identity, I temporarily gave up and returned to Debian GNU/Linux. Once I have completed everything, I will consider giving QubesOS a try.

When it rains, it pours. After sorting all my data onto an SSD, it was finally time to reinstall all of my operating systems. However, while making a new Ventoy disk, I chose the wrong drive and immediately wiped my SSD, which plunged me into a flood of despair. Thanks to PhotoRec, much valuable data was recovered, but unfortunately, many other things, including but not limited to my XMPP and Matrix chat history, my personal blog source, and my OTA packages for some discontinued operating systems like DivestOS, were lost.

But whatever happened, I had to continue my identity re-establishment and digital infrastructure rebuilding process. I reinstalled the operating systems on all of my devices, prepared my new identity, and rebuilt this website.

Many Things Still to Be Done

Now, both my new personal website and blog are up. However, much remains to be done. The personal website has been established but is not yet fully built; I still have unconfigured devices, accounts to register, and many other tasks to complete.

I will try to be quick and return to my regular life as soon as possible.

Thanks

After the incident, many of my friends expressed their care for me. Some even cried at the thought of losing touch with me.

Thank you, and all of you are a gift in my life. For those who have lost touch with me, I extend my wishes that, even in my absence, you can still embrace happiness every day.

Future Plans

Following this OpenPGP compromise, to prevent incidents like this from happening again, I have generated my OpenPGP private key on my hardware security key. This will ensure that no malware can steal my private key data.

Furthermore, I will have instant messaging accounts at three levels:

  1. Private: These accounts are used for direct messages. You can talk to me about almost anything via these accounts; however, you may not expect a quick response, as these accounts are only accessible to me when I am at home.
  2. Express: These accounts are also for direct messages, and are accessible on my devices that I take out of the house. However, due to widespread surveillance in public areas and my weakened security from an unlocked bootloader, please try to avoid discussing sensitive information when chatting.
  3. Public: These accounts are only for public chats and sometimes unencrypted direct messages. Avoid discussing sensitive information when chatting.

I will implement cryptographic trust management on the Private and Express accounts. Trust information is available on my homepage.

Thank you for reading. Love from China.