[kubb]

I want cool cryptography where I can, e.g. verify where I'm writing from and what my age is without giving away any other information.

Or if I want, I can verify that I'm myself, and eschew anonymity, and certain platforms should only accept contributions from people who don't hide their identity.

Everyone knows who you are in the town square.

[mfru]

People in the town square only see my face, they do not automatically have my name, birth date and ID available unless I give it to them or they go to lengths obtaining those (il)legally.

[rchaud]

The smart glasses industry is working hard to change that.

[littlestymaar]

Anonymity is important for many things. But on the flip side it's responsible of many issues with the internet today, because it makes moderation pretty much impossible (anyone can always just create a new account).

What we're missing is a way to have cryptographically secure pseudonymity: you log in to a website, you don't give any information whatsoever, but you cannot make two different accounts.

[pixl97]

Most likely because your second sentence is impossible in one way or another.

Even if it's some kind of government encoded key, governments cannot be trusted to create imaginary people and hand them out to companies like palantir for large scale population manipulation.

[littlestymaar]

I can imagine a government creating a moderate number of fake profiles for use by police and intelligence services, and honestly I'm fine with it, but creating a ghost population for propaganda purpose is entirely different and if you live in a country where you cannot trust your government not to do something that bad, you're already screwd.

In any case, it is still better than the status quo where even foreign authoritarian states can do that in countries where the local government wouldn't.

[lII1lIlI11ll]

Do you propose to only let people from a whitelist of countries use internet? Because many countries would have no qualms giving their troll farms bunch of fake electronic ids.

[littlestymaar]

It wouldn't be the internet as a whole, and instead be done at the individual service level (potentially with big plateforms being regulated in what they accept)

And indeed, it is to be expected that some countries be banned from most of the internet, or at least get a read-only version of it, because their digital credentials aren't deemed trustworthy enough. Not unlike how the travel visa system works nowadays.

[orbital-decay]

>Everyone knows who you are in the town square.

Many years ago I left a small town and moved to a big city for this exact reason.

[ekropotin]

What stops someone from handing over their idendity’s private keys to an agent?

[spwa4]

Same thing that stops you from duplicating your ID card.

[wizzwizz4]

I don't hide my identity, but I've yet to find a "non-anonymous" platform that actually accepts my identity.

[meowkit]

Zero Knowledge Proof schemes

Applied ZKPs are being actively worked on in the blockchain sphere.

[DANmode]

“A zero-knowledge rollup (zk-rollup) is a layer-2 scaling solution that moves computation and state off-chain into off-chain networks while storing transaction data on-chain on a layer-1 network (for example, Ethereum). State changes are computed off-chain and are then proven as valid on-chain using zero-knowledge proofs.”

[nathancahill]

I think this was the premise of Keybase?

[youainti]

Still jaded that went nowhere...

[wizzwizz4]

Keyoxide still exists: https://keyoxide.org/.

[klntsky]

It was too early. It even executed its crypto airdrop YEARS before it became a common form of distribution in web3

[jsheard]

It's kind of bizarre that Zoom is still bothering to keep the lights on at Keybase when it's been completely fossilized for six years now. The writing is so obviously on the wall that nobody should be relying on it for anything, and yet they just won't let it die.

[midtake]

It's not fossilized, it's just that no one uses it. Put hot chicks on there or make it mandatory for logging into Slack and suddenly everyone will be using keybase.io, and honestly I think web of trust is a good idea and if a webapp can make it seem easy or intuitive then I'm all for it.

We're scratching our heads wondering why there's no forward motion when it's simply that no one is pushing it.

[jsheard]

Looks pretty fossilized to me: https://keybase.io/blog

They haven't added or really changed anything since the acquisition AFAICT, it's just trucking along exactly as it was the day Zoom bought them out. Twitter account proofs were broken by the API changes years ago and nobody is at the wheel to fix or even just deprecate them.

https://github.com/keybase/keybase-issues/issues/4200

[DANmode]

> We're scratching our heads wondering why there's no forward motion

Did you miss “Zoom”?

[retrocog]

IMHO, this is the exact instinct and there's a way to verify identity, location, and age without even having to share those directly.

[soco]

Switzerland just voted recently to officially implement Selective Disclosure JWT, which does exactly all that. Social network registration can ask "are you 18?" and run with that - and only that. Or the club entrance. Or whatever, because it's all controlled by yourself in your app.

[retrocog]

That seems like a good idea. The question is how the JWT is generated. A standard one would be more akin to a traditional crypto keypair. That is a "signal" key insomuch as it tells us who controls an account. It can't tell us the owner is the controller and that is the current weakness of crypto right now. To know the owner, we need another type of keypair to go alongside the traditional kind. That would be a "tone key" and is generated by a refreshing seed derived from the entropy of long-running, unfakeable conversations. The same way a friend might recognize us as being ourselves.

[soco]

But you don't need to prove to all others that you are yourself, do you? You are only asked whether you're 18, the bouncer doesn't care about your name. So you can still hold the phone (like last summer the ID) of someone else and fake their answer.