[HN Gopher] Keyoxide: A privacy-friendly platform to establish y...
___________________________________________________________________
Keyoxide: A privacy-friendly platform to establish your
decentralized identity
Author : decrypt
Score : 76 points
Date : 2021-11-06 17:22 UTC (5 hours ago)
(HTM) web link (codeberg.org)
(TXT) w3m dump (codeberg.org)
| karmanyaahm wrote:
| An example user page is my page here:
|
| https://keyoxide.org/4af679d0aba0ed4b07bf7b6932ca3267c8d187d...
|
| Keyoxide is a really nice, but difficult to set up, tool
| kingcharles wrote:
| Why do some of your "profiles" have Xs?
| greenail wrote:
| I really like the general idea of decentralized identity.
| Personally I'd prefer to keep my identities on different
| apps/platforms mostly (99%) separate. It seems to me that giving
| an adversary a map (especially usernames and email identities) of
| your online presence is a bad idea especially if they get access
| to one account and get some private details they may be able to
| use to socially engineer their way into other accounts.
| dane-pgp wrote:
| I'm not sure what the best implementation of decentralized
| identity is (although proof-of-personhood systems like BrightID
| seem interesting[0]), but ideally the different platforms would
| cryptographically sign statements for you like "This user has a
| positive reputation on our platform" which you can disclose to
| other platforms without them being able to learn your username
| on the original platform.
|
| [0] https://www.brightid.org/
| kingcharles wrote:
| I'm guessing most people try to obtain the same username on
| every service, so generally it's not hard to trace people's
| other identities. And some people, including myself, are happy
| to have all their identities out there.
| crosser wrote:
| Would the following be functionally equivalent?:
|
| - on each platform, include your pgp key id in the "bio"/"about"
| of your profile
|
| - in your pgp key, include your profile URLs on each platform as
| an identity.
|
| (In DNS, CERT RR exists for this purpose already.)
| 1MachineElf wrote:
| Sounds like what I hoped would become of Keybase.
| kkjjkgjjgg wrote:
| What has become of Keybase instead?
| lutoma wrote:
| I'm not OP, but feel similarly about Keybase.
|
| When it originally launched, it marketed itself as directory
| where you could link your social accounts using cryptographic
| proofs, so that anyone who was wondering if "@lutoma" on
| twitter and "lutoma" on Hacker News are the same person could
| easily check. I.e. pretty much what Keyoxide now seems to aim
| to do. Simple enough and reasonably useful.
|
| But then at some point they tacked on some sort of Dropbox-y
| encrypted file system that also kind of but not really
| includes web hosting if you set your files to public.
|
| And if you visit their website now all their landing page
| talks about is their Slack clone with end to end encryption
| without mentioning any of the other stuff.
|
| And I just checked out their docs and there's a section on
| wallets for the Stellar crypto currency so apparently they
| also baked that in recently.
|
| idk it just seems like a company with absolutely zero
| direction that just builds whatever the product managers find
| interesting at any given time and I gave up trying to
| understand what it is they do.
|
| But since they sold to Zoom, it seems to have been
| financially successful so fair play to them.
| woah wrote:
| Seems like the problem is that their core service simply
| did not make any money
| Jtsummers wrote:
| They never charged. People were willing to pay, but they
| never offered a for fee service.
| djbusby wrote:
| I don't want a little money every month, I want a lot of
| money all at once! -- Russ Hannaman (from Silicon Valley)
| infinitezest wrote:
| Assume that OP is referring to the fact that they were
| purchased by Zoom recently.
| gnufx wrote:
| There's also https://keys.pub/ (from someone ex-Keybase, if I
| remember correctly). I haven't looked at either closely. Can
| anyone compare and contrast?
| egberts1 wrote:
| It is only a matter of time before such a website would offer an
| NFC-credit card to direct you to your account on their website.
| aborsy wrote:
| PGP is a battle tested tool, widely available and straightforward
| to use vis Linux command line. It's also well supported, eg, by
| Yubikeys etc.
| na85 wrote:
| It'd be cool to see this without PGP. Signatures via
| signify/minisign are superior in every way.
| georgyo wrote:
| > are superior in every way.
|
| Besides the fact that a signify/minisign are a raw key instead
| of being padded with identity information, in what way are they
| actually better?
|
| Similarly, minisign makes no claims at identity at all. You get
| a random string, and the user is responsible for knowing which
| key is for what user. The minisign public key contains nothing
| but the key.
|
| To me, that is a horrible user experience.
|
| A PGP public key contains many bits of information besides just
| the key, and that is how this is even possible.
|
| PGP tools are install nearly everywhere (except windows) by
| default, while minisign is an extra install.
|
| PGP's web-key-directory is making knowing the right for a user
| trivial and tamper resistant. IE:
| https://keyoxide.org/wkd/george%40shamm.as
|
| It's hard for me to see any benefits of minisign really besides
| key size. Calling it "superior in every way." is straight troll
| bait.
| robinhoodsghost wrote:
| Nah troll baiting is saying "PGP tools are installed nearly
| everywhere (except windows) by default" when windows still
| has almost 80% market share on PCs. Most of the rest are on
| macos. If you want something to be useful that relies on
| network effects then they, and mobile users are who you need
| to accommodate. Linux on the desktop users are a rounding
| error.
| djbusby wrote:
| Is 2% a rounding error?
|
| https://gs.statcounter.com/os-market-
| share/desktop/worldwide
| forgotmypw17 wrote:
| Excuse me, but does your alternative provide toolchains and
| user interfaces for every major platform in existence today,
| including Mac, *nix, iOS, Android, Windows, a library for every
| major language in existence, and 25 years of attempts to break
| it?
|
| If not, I don't see how you can claim it is superior in every
| way, because here are at least two ways in which PGP/GPG are by
| far superior.
| na85 wrote:
| I dunno about windows but minisign is on Mac and Linux, yes.
|
| As for 25 years to break it, well, go look at CVEs for GnuPG.
| There have been many.
| forgotmypw17 wrote:
| The algorithms still stand 25 years later.
|
| Is it also available for iOS and Android? FreeBSD?
|
| Are there libraries for Perl and PHP?
| selfhoster11 wrote:
| PGP/GPG has much broader adoption, and is not fundamentally
| broken as a standard. It's also what people are used to. I
| don't know what to do with a minisign key.
___________________________________________________________________
(page generated 2021-11-06 23:00 UTC)