|
|
|
|
|
|
by tialaramex
2126 days ago
|
|
|
Somebody needs to expend a bunch of effort to provide identity. It doesn't have to be you (in a PKI the effort is expended by the Certificate Authorities and those overseeing them, not by Relying Parties) but it does have to be somebody you trust. For personal identity the most plausible outside authority is government, and it's unlikely that people protesting a government would trust it to identify them - after all government counter-protest forces would presumably be able to make use of that against them. So you're probably screwed in the larger sense. Is this tip that "There is a team with food and water on the North side of the bridge" from "Kirsty" real? Well you haven't the faintest idea who "Kirsty" is so even if you could magically be entirely confident the message is really from "Kirsty" that doesn't help you decide. Signal does the absolute most it's practical to attempt here, you can choose to check that your friend Kirsty is actually your friend Kirsty by some trustworthy means (e.g. meeting up physically) and then Signal promises you'll know that future messages are really from Kirsty. But trust isn't transitive so PGP's apparently more powerful offering doesn't actually do anything except maybe give you a false sense of security. Bridgefy doesn't offer even that very limited capability from Signal, but I'm dubious about the practical import for a live protest. I can buy that BLM or Extinction Rebellion which are long-term organisations with sustained buy-in from local organisers benefit from something like that (and indeed ER uses Signal) but individual protests or protesters I don't think so. |
|
|
Leaving off the question of how useful the transitive stuff is, PGP has a reasonable and simple framework. The terminology of key trust is terrible though. Few people know what it means to trust a key (my house key is OK but I think my shed key might be up to no good).
Messaging identity reputation is all about what you think of the other people's identities. Do you know them? What context do you know them from (e.g. a particular protest)? Why you think this messaging identity relates to a person somehow? How is this entity allowed to interact with you? This stuff can't be automated away.
I think the ultimate answer would have to involve generating a simple conceptual model of a messaging identity and then teaching people about it. If you solve identity then everything else is easy.