[urbit]

I'd say this problem is best solved not by having no cryptographic identities, but by using disposable identities.

If you bound an identity cryptographically to your real name, that's permanent -- no getting around it. We all make mistakes. However, one of the benefits of Urbit is that you can build a reputation around a pseudonym that isn't linked to your real-life identity.

There's a place for the 4chans of the world, with totally disposable one-time identities. You can do this with Urbit as well -- use a 128-bit self-signing identity (comet). But most people tend to want a little more stability and permanence.

[tzs]

> I'd say this problem is best solved not by having no cryptographic identities, but by using disposable identities.

A problem with disposable identities as usually implemented is that they are too cheap and easy to make. This makes it easy to make a new identity every place you want to be an asshole. The end result is that places get tired of this, and ban such identities from their spaces.

I think what we might need are semi-disposable identities. You can make a new one whenever you want, but it costs something to make a new one, and that cost goes up with each new semi-disposable identity you make.

[urbit]

This is exactly the way Urbit works. (It's sincerely hard to tell from your post whether you've read the documentation, or you just had the same simple idea yourself.)

Anyone can create a 128-bit comet. But once the comet system starts being abused by assholes and bots, signs will go up all over Urbit. These signs will say "humans only" and deny admission to comets -- essentially blocking anyone who has not invested any real stake in their identity.

The normal quantum of reputation and of human identity is the planet (32 bits, like an IPv4 address). Ideally a virgin planet would cost about $10.

Basically, if this cost is far above the amount of money that a spammer can make before a reputation system catches up with the swine, there will be no commercial abuse. This leaves reputation systems to deal with the much easier job of wrangling random creeps and weirdos.

So if you invented this design yourself, yes, it's a very good one...

[Gaelan]

There are eight billion people in the world. There are 4 billion possible planets. What is your plan for when urbit takes off and reaches internet-scale?

BTW, ~bitret-worwyd here. ;)

[yarvin9]

~bitret, I remember you from a while back!

A planet is like a car -- it's not a toy, it's a tool for a responsible grownup. There are about 4 billion adults in the world. And not all of them are even Internet users.

Of course, the population keeps growing. Eventually either people have to learn to share, or the price will go up, or humanity will learn how to stop expanding exponentially.

Think of a planet as a unit of autonomy and reputation, not of personality. The global supply of autonomy is 2^32 units. That's not perfect in any sense, but if the supply is infinite the network is ungovernable, and the value of each unit is zero.

It's also an improvement on a world in which there's one unit of autonomy, and its name is Mark Zuckerberg. Urbit does a lot for digital freedom, but we're not in the miracle business here. No one can do infinity for digital freedom.

[kefka]

> A planet is like a car -- it's not a toy, it's a tool for a responsible grownup. There are about 4 billion adults in the world. And not all of them are even Internet users.

There's a reason why the IETF decided to switch to 2^128 for IP6. Mainly, because there are more computers and devices that need addressing than IP4 can handle.

I have to question the design of Urbit why you chose to go with 2^32 addressing space?

> Of course, the population keeps growing. Eventually either people have to learn to share, or the price will go up, or humanity will learn how to stop expanding exponentially.

Again, the future is "Pay to Play", just like Ethereum? And, is that a population control argument? How would you propose to "stop expanding exponentially"? Chinese method? Ender's Game method, or something else unsavory?

> Think of a planet as a unit of autonomy and reputation, not of personality. The global supply of autonomy is 2^32 units. That's not perfect in any sense, but if the supply is infinite the network is ungovernable, and the value of each unit is zero.

Ah, so you are the "governor", hence why it must be governed? This is literally artificial scarcity on something that could easily have been near infinite

> It's also an improvement on a world in which there's one unit of autonomy, and its name is Mark Zuckerberg. Urbit does a lot for digital freedom, but we're not in the miracle business here. No one can do infinity for digital freedom.

So switching from one master to another makes better "freedom"? I get being against walled gardens. I'm against them as well. But you make no point why Urbit isn't just another walled garden (using funny language to hide behind it no less) with you at the helm.

[yebyen]

> I have to question the design of Urbit why you chose to go with 2^32 addressing space?

They haven't. They went with base 256, for easier recognition of 32-bit (and 16-bit, and 8-bit) numbers. You can get a 2^128 identity or a 2^32 identity (or others.)

The fact that 64-bit numbers (like ~novfes-lodzod-sibfes-talzod) in Urbit's base 256 are twice as long as 32-bit numbers (~sibfes-talzod) which are twice as long as 16-bit numbers (~dalryp) and down to 8-bit numbers, which are the most memorable and highly coveted (disclosure: you're looking at a comment written by ~del, aka Hex number 0x25) is something between a feature of Urbit's networking stack, and an unavoidable consequence of doing math and dividing things up between persons that are remote from each other, therefore each needing addresses to be identifiable.

Identities that are made of 128-bit numbers are free, and essentially unlimited. They are basically public key hashes and the risk of a collision is sufficiently low that there is no need for them to be generated by a single authority and centrally assigned. (Note that this does not necessarily scale to the population of the earth and beyond as a solution to addressing graph nodes and efficiently routing traffic between them.) Identities that are made of shorter numbers are limited in number and assigned hierarchically; even if there are a boat-load of 64-bit numbers, it's not half as many, it's ½^64 times as many. Certainly there are more 64-bit numbers than humans on Earth today, or for the foreseeable future.

Whether you consider this to be more problem or solution will probably depend a lot on which side of the spam-wars you find yourself on. Currently there is no Urbit software or infrastructure that I am aware of that algorithmically discriminates against one kind of numbers or another.

You won't expect one authority to differentiate each of 8-billion humans and make sure that each one is granted a separate identity (but not more than one), will you? How about 256 such leaders? Still seems far-fetched, doesn't it... especially given the difficulty of coordinating 256 separate leaders. 65536 very smart individuals probably also cannot be expected to coordinate the identities of the rest of the humans in the world. It would be gargantuan undertaking just handling it when some of these leader-folks have forgotten or lost their passwords (and potentially disastrous for the 0.0015% of the world's population under their charge.)

64 bits of hierarchical ID space is enough for every 32-bit identity (planet) to individually dole out as many 64-bit numbers (moons) as there were 32-bit numbers to begin with. Urbit takes advantage of this roughly to make scaling the network's identity framework to rather immense proportions, happen at least a bit more naturally.

If your 32-bit leader gives a lot of 64-bit IDs to people that turn out to be spammers, you run the risk of being lumped in with those spammers by algorithmic processes. Imagine such a process that tries to discriminate against spammers and keep them from spamming everyone who is known on the whole network, at any scale. It's not a simple proposition, at all!

[tripzilch]

Do these things also get released if the person holding them dies?

(the reasonable assumption being that only a tiny fraction people will bother or care to actually make arrangements for this)

Or even without death, the idea being urbit "property" is all cryptographically locked tight, correct? So can a planet get lost? If someone loses all their keys or a server park gets droned and the dog ate their backups or something?

[brogrammer6431]

Planets can also issue moons. I believe somewhere down the line when the number of planets becomes an issue (a good problem to have, it must be said), it would be technically possible for moons to be given similar functionality to a planet. One could imagine a future in which a household, or even a group of close friends who share a planet that issues each of them a moon to hold their primary identity.

[tripzilch]

> There are eight billion people in the world. There are 4 billion possible planets. What is your plan for when urbit takes off and reaches internet-scale?

Don't worry! There aren't 4 billion people on this world that can spare $10 on a piece of virtual property. Just don't accidentally solve world poverty and it'll be fine.

[kazinator]

The obvious plan is that most of them can't scrape together ten dollars for a planet.

[captainmuon]

That's a good point! One favorite idea of mine is that you have a trusted identity provider, that knows you, and hands out pseudo-anonymous identities. E.g. Facebook vouches User123 is female, 20-25 years old, has been active for 2 years, and is likely not a spammer. This gives you disposable identities and the benefits of proven identity.

The problem with any kind of long-lived pseudonymous identity though is that it is really hard to do proper opsec and keep it distinct from your real identity, but I'm not sure there is a technological solution for that. I mean even your grammar can give you away (stylometry).