Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
ninjagoo 4 hours ago

I think maybe because the contents of the URL archived locally aren't legally certifiable as genuine - the URL is the canonical source.

That's actually a potentially good business idea - a legally certifiable archiving software that captures the content at a URL and signs it digitally at the moment of capture. Such a service may become a business requirement as Internet archivability continues to decline.

leni536 2 hours ago | parent | next [-]

Apparently perma.cc is officially used by some courts in the US. I did use it in addition to the wayback machine when I collected paper trail for a minor retail dispute, but I did not have to use it.

I don't know how exactly it achieves being "legally certifiable", at least to the point that courts are trusting it. Signing and timestamping with independent transparency logs would be reasonable.

https://perma.cc/sign-up/courts

ninjagoo an hour ago | parent [-]

This is an interesting service, but at $10 for 10 links per month, or $100 for 500 links per month, it might be a tad bit too expensive for individuals.

staticassertion 2 hours ago | parent | prev | next [-]

The first thing you do when you're getting this information is get PDFs from these vendors like their SOC2 attestation etc. You wouldn't just screenshot the page, that would be nuts.

Any vendor who you work with should make it trivial to access these docs, even little baby startups usually make it quite accessible - although often under NDA or contract, but once that's over with you just download a zip and everything is there.

thayne 22 minutes ago | parent [-]

> You wouldn't just screenshot the page, that would be nuts.

That's what I thought the first time I was involved in a SOC2 audit. But a lot of the "evidence" I sent was just screenshots. Granted, the stuff I did wasn't legal documents, it was things like the output of commands, pages from cloud consoles, etc.

staticassertion 19 minutes ago | parent [-]

To be clear, lots of evidence will be screenshots. I sent screenshots to auditors constantly. For example, "I ran this splunk search, here's a screenshot". No biggie.

What I would not do is take a screenshot of a vendor website and say "look, they have a SOC2". At every company, even tiny little startup land, vendors go through a vendor assessment that involves collecting the documents from them. Most vendors don't even publicly share docs like that on a site so there'd be nothing to screenshot / link to.

inetknght 2 hours ago | parent | prev [-]

Is it digitally certifiable if it's not accessible by everyone?

That is: if it's not accessible by a human who was blocked?

macintux 2 hours ago | parent [-]

Or if it potentially gives different (but still positive) results to different parties?