Yes, technically you can forge them just like you can launder any other block quote. We're looking for the right decentralized storage solution so we can have verified provenance though. Any ideas that are easy-ish to implement for someone who's not a pro web developer?
Given that we're just talking HTML, I don't see how you could meaningfully prevent bad actors, absent storing screenshots of the original text -- and even then (see any number of fake tweets that circulate). Hypothetically, instead of linking to the original source, I suppose it could link to the Wayback Machine version of the text, but I don't think that's a helpful default way to link to people's work. As a fallback when sites disappear, sure, but otherwise...
Here's one possibility.
Creating a quoteback could:
1. tell archive.org to create a snapshot of the page
2. store a link both to the human-friendly version of the page and the archive snapshot
3. then the reader's browser (rather than the webpage hosting the quoteback) could verify that the quote is present either at the linked source or at the snapshot of the linked source.
In the happy path (where the quoteback is genuine) the browser could indicate to the user that the quoteback is genuine and the link would take the user to the normal website if it still has the quote, otherwise to the archive snapshot.
In the unhappy path (where the quoteback is disingenuous) the browser could notify the user that the quoteback is disingenuous.
There could be an extension to the model, where a quoter can provide a snippet to the author's website and request a signature (perhaps from a common path like /.well-known/quotesign.)
If the snippet does indeed come from the website in question, the website will return a signature which the quoter can embed along with the snippet on their own website.
The signature would prove that the content came from the same person who controls domain X (as attested by the CA fo your choice). The user agent can display all this information where the content is quoted.
Even the Wayback Machine will not exist and there will probably be a reincarnation of it with archived copies of Wayback URLs. This is why blockchain tech is so exciting. Very soon everything can be cryptographically proven to have existed, stopping people from rewriting history and denying things like The Holocaust etc
> Very soon everything can be cryptographically proven to have existed, stopping people from rewriting history and denying things like The Holocaust etc
Sounds nice, but my gut feeling is that you wildly underestimate how far people will go to work around anything that could change their beliefs.
This seems to hold true on all sides of the political spectrum, in art as as well as in science and the only difference is what beliefs people stick to.
As a deeply religious person this might come of as really ironic and the irony is not lost on me: quite the contrary and for that reason I've thought about it multiple times.
Did you hear about the man who believed he was dead? His doctor tried everything but couldn't convince him he wasn't a corpse. Finally, in exasperation, the doctor says, "Look, corpses don't bleed right?"
The man agrees, "Yeah, corpses don't bleed."
The doctor pokes him in the arm with a needle and blood wells up.
The man looks at his bleeding arm in astonishment and says, "I'll be damned! Corpses do bleed!"
(This is a true story. I think it's in "The Man Who Mistook His Wife for a Hat" IIRC.)
Today: Maybe subresource integrity? That would let you advertise the exact state of the webpage, but you'd need to save it somewhere for verification.
Alternative: Isn't there some way to save an HTTPS request in a way that others can verify that the webpage was signed with an authorized certificate?
Future: I wish authors would sign their content directly rather than depend on TLS and certificate authorities. P2P networks do this well (because they have to) but it hasn't caught on in the rest of the web.
> Isn't there some way to save an HTTPS request in a way that others can verify that the webpage was signed with an authorized certificate?
That sounds a lot like "Signed HTTP Exchanges"[0], which has some support in Chrome but doesn't automatically provide a way of checking quotes in web pages.
There was TLS-N[0][1], which did something like this and emerged for blockchain use cases and worked with only minor tweaks for the website provider IIRC. Sadly that looks pretty much defunct now.
I'm sorry about your bones, but you can already lie and misquote on the Internet!
Although I suppose the frame around the quotes that this service provides does give the text an air of authority.