Bitcoin Forum
March 28, 2024, 03:29:16 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Building our decentralized web identity  (Read 1675 times)
ploum (OP)
Sr. Member
****
Offline Offline

Activity: 428
Merit: 253



View Profile WWW
February 02, 2011, 03:09:23 PM
 #1

Hello,

I've written a (not short enough) article about the future of a decentralized web identity. This includes some bitcoin bits.

I compare bitcoin to GPG as a perfect decentralized solution that needs some way to be linked to our email address. This doesn't mean that bitcoin should not be anonymous anymore. It means that it should be possible to not be anonymous if we want. If you want to gives me some money, you should only have to know my mail address, nothing more. I plan to write another post where I investigate this a bit further.

Enjoy the read:

http://ploum.net/post/building-your-web-identity

1711639756
Hero Member
*
Offline Offline

Posts: 1711639756

View Profile Personal Message (Offline)

Ignore
1711639756
Reply with quote  #2

1711639756
Report to moderator
1711639756
Hero Member
*
Offline Offline

Posts: 1711639756

View Profile Personal Message (Offline)

Ignore
1711639756
Reply with quote  #2

1711639756
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711639756
Hero Member
*
Offline Offline

Posts: 1711639756

View Profile Personal Message (Offline)

Ignore
1711639756
Reply with quote  #2

1711639756
Report to moderator
kwukduck
Legendary
*
Offline Offline

Activity: 1937
Merit: 1001


View Profile
February 02, 2011, 04:18:42 PM
 #2

There i was, trying to get more people to DEconstruct their web-identity for privacy sake XD

14b8PdeWLqK3yi3PrNHMmCvSmvDEKEBh3E
ribuck
Donator
Hero Member
*
Offline Offline

Activity: 826
Merit: 1039


View Profile
February 02, 2011, 04:54:18 PM
 #3

If you want to gives me some money, you should only have to know my mail address, nothing more.

How about I should only have to know your Bitcoin receiving address, nothing more.
Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652
Merit: 2164


Chief Scientist


View Profile WWW
February 02, 2011, 04:55:18 PM
 #4

Good idea.

I think the first spot for plugins in bitcoin should be "send address resolver" services-- If I tell bitcoin "send 100 bitcoins to obama@whitehouse.gov" it could ask the plug-in resolvers (in some user-defined order) "do you have a bitcoin address for obama@whitehouse.gov" ?

If I tell bitcoin "send 100 bitcoins to eff.org" maybe a different resolver is used (DNSSec query to eff.org to get a bitcoin donation address, perhaps).  Or "send 11 bitcoins to +01-1-805-253-2751" ...

There are lots of potential problems, of course, ranging from what if the resolver software service/author starts redirecting bitcoins to them to what if the user misspells the destination.  That's why I think starting with a way of pluggin-in different solutions to try is the right way to start.

How often do you get the chance to work on a potentially world-changing project?
markm
Legendary
*
Offline Offline

Activity: 2940
Merit: 1090



View Profile WWW
February 02, 2011, 04:55:48 PM
 #5

Re original post

Yeah, re-inventing finger and talk and ~username seems dubious given that those very functionalities were already rejected from the get-go by the gatesian masses.

We still have the code, so hmm what exactly were the problems with random spammers being able to "talk" at you or deduce your email from your webpage, again?

A lot of the stuff pointed to in original post and by what it points to etc seems to fail to say straight out from the get-go that history seemed to show that "faces" shouldn't be findable from email addresses and email addresses shouldn't be deduce-able from URLs. Oh I seem to recall too some history about email addresses not even appearing on pages that robots who ignore robots.txt might scrape.

I also see a whole lot of wanting to put random newfangled files in specific places then go auto-looking for them without so much as a tip of the hat to robots.txt.

Huh? What for are you digging around automatically on my site for random files other than robots.txt when my log shows you failed to first consult robots.txt to find out whether I wanted you to go looking for such a file and if so where I'd like you to please go look for it and where to please not look for it thank you.

Then some bitcoiners wonder why the paypal address I wave around cannot be spammed? Oh come to think it cannot be "talk"ed at either.

Is there any known way to teach yahoo chat about chatbots? A way to attempt it without going through a huge filling out of form (like, say, a this is a spambot button) would be nice, once you're on someone's CD of 10 million (or is it dvd of 10 billion now?) chat addresses you get a lot of bots constantly using exact same please add me and why spiel... Getting annoying to use yahoo mail via web. too bad they don't offer IMAP (yet?)

<rant>oops too late. oh well, </rant> then, my bad.

-MarkM- (archive.org / wayback machine / knotwork dot com squiggle guesswho)

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
ribuck
Donator
Hero Member
*
Offline Offline

Activity: 826
Merit: 1039


View Profile
February 02, 2011, 05:11:40 PM
 #6

...re-inventing finger...

The "finger" protocol has already been reinvented as "web finger", which seems to be pretty much what the original poster is proposing.
ploum (OP)
Sr. Member
****
Offline Offline

Activity: 428
Merit: 253



View Profile WWW
February 02, 2011, 05:14:00 PM
 #7

markm > I do not agree with you because there's no need to link a virtual web identity with one real identity. Your avatar? Put any picture you want. It wouldn't be a problem to have multiple web identity (just like having multiple email address).

Everything is already there. For most internet user, given his name and/or his email address, it tooks only a couple of minutes to find his blog, his facebook/twitter account, pictures of him.

In the current situation, that web identity is spread around multiple services and that makes you lost control. For most user, they are not even aware how much of their life is public!

By making it clear, standardized, it would greatly improve the way we control our web identity. It is also easier to communicate. When you meet a new friend, you now have to ask for email/XMPP/facebook/twitter account and, at each step, wondering if you should add him or not, what he would think if you don't add him, etc.

ploum (OP)
Sr. Member
****
Offline Offline

Activity: 428
Merit: 253



View Profile WWW
February 02, 2011, 05:15:35 PM
 #8

The "finger" protocol has already been reinvented as "web finger", which seems to be pretty much what the original poster is proposing.

I'm linking to it at the end of my post. I do not pretend I'm inventing anything. I'm just trying to discuss the idea. And yes, web finger might be part of the solution, it looks nice.

grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1076


View Profile
February 02, 2011, 05:43:34 PM
 #9

In your article, you write:

"It is not possible anymore to be active on the web without an email address. Most services require that you provide a valid email address."

Don't you know about the excellent www.mailinator.com ?

ploum (OP)
Sr. Member
****
Offline Offline

Activity: 428
Merit: 253



View Profile WWW
February 02, 2011, 06:07:13 PM
 #10

I didn't know that specific one but I know that such service exist. I don't see why it makes my point invalid.

1) They provide an email because email is mandatory everywhere (which is what I'm trying to say there)
2) They are not useful if you want to use a service in the long term. Say that you want to use Last.fm (or create an account on this forum). Most of the time, you just want to add that service to your existing web identity. Look at me: same avatar, same nickname. Sometimes, you want to hide. Let's take the stereotypical example: I want to register on a gay forum but don't want my girlfriend to know about it. I want to receive mails from that forum. What am I doing then? Creating a new web identity.

I think that I should have insisted on the fact that a web identity is *not* linked to any real identity (unless you want it, for example with GPG). You can have 100 web identity, some identity might be bots and you could even share a common web identity with a group of person.

This web identity is *already* existing. What you are pointing is a service that provides you with a false identity.

What I'm discussing is to organize/add features to that identity. It doesn't change anything.

grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1076


View Profile
February 02, 2011, 06:55:52 PM
 #11

Ok, I think I'm beginning to see where you getting at, although it's still not quite clear since in your article you actually mention several solutions that are quite close to what you're advocating (such as Diaspora).

I guess I just have to re-read your article.

markm
Legendary
*
Offline Offline

Activity: 2940
Merit: 1090



View Profile WWW
February 02, 2011, 07:14:02 PM
 #12

For those who do wish to fabricate web-identities fast and easy (identity spammers might love that idea, no proof of work, awesome) a service that will create for you an account on each of the biggies like ... well, more than I am likely to be able to type offhand, gmail, yahoo, hotmail, myspace, facebook, sourceforge, twitter (yeah, knotwork caved, it's on there but not used), heck I am not even in digg and slashdot yet, darn that proof of work requirement, do I want to spend more time creating this identity or backtrack and start establishing my notgaymarkm identity first on all the places I already am on? Hmm. An identity-spamming tool, eh? Interesting, tell more...

So thanks for the clarification.

We did all this work, archive.org even did some for us wow how altruistic of them to save all our info for us without even spamming us with "can we do this" requests, now you propose to consolidate all the work we did to make it clear it is a large body of work that possibly the identity-spamming tools of the time weren't up to doing for us. Maybe even if notgaymarkm is dubious this markm sure is a long term scam with a lot of work put into it!

I am mildly surprised no-one jumped on archive.org with like hey I never told them they could publish *this* and *that* and omg they have *that too*!?!?! Smiley

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
Fractality
Newbie
*
Offline Offline

Activity: 47
Merit: 0



View Profile WWW
February 02, 2011, 07:33:46 PM
 #13

I still don't know the details of how BitCoins work, but here is a thought: couldn't you send BitCoins to somebody's email address by creating both the private and public key and sending them both to the email address?

Or in fact even easier, just send a whole wallet as an attachment?

Maybe the current client is not yet multi-wallet enabled, but that should be easy enough to fix. Then you could just say "create new wallet", send money to that wallet, then mail it off
markm
Legendary
*
Offline Offline

Activity: 2940
Merit: 1090



View Profile WWW
February 02, 2011, 07:47:05 PM
 #14

But that puts all these rocket surgery fingering systems out of work! Wink

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5152
Merit: 12580


View Profile
February 02, 2011, 08:10:55 PM
 #15

I still don't know the details of how BitCoins work, but here is a thought: couldn't you send BitCoins to somebody's email address by creating both the private and public key and sending them both to the email address?

You can, but it allows the sender to double-spend, so you wouldn't want to accept the transaction until it appears in the block chain. That's not a big deal in this case, though.

The email would also need to be encrypted.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
markm
Legendary
*
Offline Offline

Activity: 2940
Merit: 1090



View Profile WWW
February 02, 2011, 10:01:56 PM
 #16

So maybe a high tech or newfangled or bloated transaction system would have a signal it sends out saying watch out I am duplicating keys to this wallet, watch closely to make sure its contents only get spent once.

But wait, isn't it true of any wallet that whoever has the key(s) can try to double-spend? Run a client on the other side of the moon or mars or other world (earth even maybe, who knows) and synchronise spending from two far apart wallets?

What for is a second party needed to make danger of double spend?

All that said though you could still put it into a state of "needs to be emptied into another wallet using another key".

Actually, in transit that starts to seem reminiscent in some way maybe only semantic/wordplay to Open Transaction's term "purse". It's not but still we could call it that, to distinguish it from a wallet. Purses are issued by wallets and unspendable until assimilated into a wallet via a changing of keys process. (We could say. These purses are mere stealing and subverting of a word used in Open Transactions and bear less and less resemblance likely even starting from zero resemblance in the first place to Open Transactions usage of the word. But the idea of using both words (wallet and purse) I stole from there.)

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!