Tim Bouma's avatar
Tim Bouma trbouma@safebox.dev 3 months ago
We haven’t figured out yet the basics of a generic trustworthy protocol. I believe #nostr is the best chance to be this protocol. Meanwhile everyone else is jumping the gun on personhood credentials, KYC, biometrics, digital ID, etc., without having these protocol basics figured out.
JeffG 's avatar JeffG
GM 🌞 https://www.therage.co/ai-passport-kyc-digital-id/ The thing that everyone who pushes for digital ID and "proof of personhood" fails to understand is that IT DOESN'T MATTER if you're a person or an AI agent. What matters is whether or not we can trust you. Humans have built up very complex internal heuristics for dealing with strangers but we've, so far, done a terrible job of modeling and enabling those mechanisms in a digital world. Identity and content linked by cryptography can help fix this. Giving the state unchecked surveillance powers does not fix anything.
View quoted note →

Replies (3)

Repeatedly nuked profile's avatar
Repeatedly nuked profile 3 months ago
Nostr cannot be that protocol without a hard fork. I've long thought the best way to mitigate the damage from losing an nsec, be it losing in the sense of exposing or just plain old losing the thing, is to make that loss less of a big deal. Because if normies ever adopt nostr they will lose their nsecs right and left. This means pushing nostr to more disposable use cases. Going down this trust route does the opposite. It increases the price for losing your nsec, and it increases it by an astronomical amount. If after months or years of trust-building you lose your nsec you’ll be forced to realise that all that trust was never in you: it was always in your nsec. You the human being have accumulated nothing. Now you have to start from zero, an incredibly demotivating proposition. Would you have the energy? Worse still, if your nsec was exposed then whoever has access to it can abuse all that trust for as long as there is still juice in the orange. So from disposable nsecs we move to priceless nsecs or even sacred nsecs. It’s just not viable. If nostr has any hope of expanding outside this small and nerdy group the protocol will have to account for mass loss of nsecs. Also few here can imagine what nostr would be like if there was a black market for stolen nsecs. But if nostr ever does get bigger and become the protocol of trust in the way you describe then there would emerge such a market, including for nsecs that are exposed but that the original nsec holder has no idea are exposed. For a sufficiently motivated and malicious group, this would be fish in a barrel. The common response to this is “we’ll just fix signers” (and then nobody will ever lose their nsec ever so problem solved?) but the truth is that key management on nostr is a deeply fundamental problem that cannot be fixed for normies with a dash of Amber or a pinch of Frost. Or heaven forbid NIP46. There are many reasons why I think so, and don't get me started on iOS, but I’ll leave those for now, sufficed to say that I’m in the signers ain't gonna fix this camp. Nostr has the basics, but if it’s to be what you say then it'll need a hard fork, to incorporate Farcaster-like “vouched re-spawning”, though without a blockchain. Without a hard fork, though, there is just no way.
2 replies ↓
Tim Bouma's avatar
Tim Bouma trbouma@safebox.dev 3 months ago
The approach I’ve taken is that every component has its own nsec. If it gets compromised, it can be thrown away. I don’t want to touch anyone’s social nsec.