this post was submitted on 21 Jun 2023
10 points (77.8% liked)
Lemmy
2172 readers
2 users here now
Everything about Lemmy; bugs, gripes, praises, and advocacy.
For discussion about the lemmy.ml instance, go to [email protected].
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
My initial thoughts on lemmy where that it was so strange we where going BACK to the trust everyone's servers and separate accounts model like that of Email.
Given its distributed nature there is nothing to protect against just setting up random squatter instances to quickly phish users with similar domains.
It also means if you setup on a small instance that later goes away you sort of lose part of your identity.
Some form of block chain distributed ledger that runs on the instances seems like it would address "SOME" of the issues.
Any of the instances could add you to the account ledger you could have a singular unique name, and the ledger could record which instance created you and what verification has ever been done to your account. You could then directly sign in to ANY instance as that account provided you had the credentials that matched the chain entry.
Verification providers could exist that SIGN your block chain entry with some form of validation and users and instances could chose which ones are recognized. This would be a way to add verification for those what WANT to be public not anonymous. All of which is optional.
The ledger could also track if any instances are known to be untrustworthy maybe and other instances could vote not to trust accounts generated by them.
There is DID which tries to do some of that. Many methods of registering your identifier have been registered (blockchain, bitcoin, crypto keys, purpose-built software, etc). Linking identities to some entity like this would prove ownership, but getting it implemented in places, encouraging users to use/check it (e.g. almost nobody GPG signs email), not trust similar usernames/domains, etc are all hard problems that having a spec alone doesn't solve.
Is Keybase still popular (if it ever was) these days? I know at some point it was an alright way to verify a collection of your online identities with each other.
It looks like they had Mastodon integration however I can't seem to find anything about linking a keybase account with Mastodon anymore, and their integration guide looks to be a dead link now.