Recently, @kaniini had a good thread about identity verification. Basically, they don’t like Keybase. I used to like Keybase and then I discovered that I wasn’t using them, ever. So now what?
What you want to prove is that the same person who controls these:
`https://kaniini.dereferenced.org/` `https://github.com/kaniini`
Also controls:
`https://pleroma.site/users/kaniini`
I think that is correct.
Links in that thread:
And Kaniini is right: “Keybase represents more of the centralization of the web that we must resist.”
I guess the use case for Keybase still exists. It’s just that baking the graph of identities into our web would work just as well.
As I was looking into issue #121 I realized that Mastodon already does this: all links from your profile already have `rel="me"` added. So if my profile links to this blog and this blog links to the profile, I’ve established that we’re the same person! Yay!
#Web #Keybase #Cryptography #Mastodon
(Please contact me if you want to remove your comment.)
⁂
I’m not entirely sure I see the harm in the amount of centralization keybase produces. Here’s my thought process:
If people have multiple identities (e.g., Mastodon, Reddit, HackerNews, Twitter, LinkedIn, etc…) then they have three options to verify those identities:
Of these three, I’d say that the hub-and-spoke model is the best. But that prompts the question: where should the hub be? If we lived in a world where everyone had a home page (I wish!), then our personal home pages would be the natural hub. But, since we don’t, keybase seems to be stepping in to provide that hub function.
A couple of further points: Because *all* keybase does is provide a hub, it would be fairly easy to replace. In fact, I already use my website as a hub, in that it links to all my other profiles—keybase is a secondary hub that increases discoverability/credibility (to people who don’t understand the tech enough to trust the other hub). And if someone else wanted to create a keybase alternative—which they probably shouldn’t call freebase—then it seems like they’d be able to pretty easily: Keybase doesn’t create/own the links in the chain, just one central hub.
So, bottom line, I’m agree that keybase is centralizing things to an extent. I think it’s not *that* useful for people who already maintain personal websites. But, despite that, I think it’s not (that) dangerous because it’s natural to have *some* hub, but hubs are also—by their nature—pretty replicable.
But I’d love to hear where I’m wrong about any of that!
– codesections 2018-09-03 13:34 UTC
---
I think it’s all about switching costs and capture: if we all use the same site, then suddenly the site is valuable: we’d never be able to switch everybody away, no matter how easy it is. If Microsoft buys the site, if finances fail, there are always risks and why but everybody on the same boat?
But Keybase also solves other problems, like maintaining a list of accounts you’re following. Also valuable information that is unrelated to the primary focus of this discussion: identity. So if we’re all in this one boat, the value of the boat is not only big because we’re all there, it’s even bigger because an entirely different class of attack can be fielded against us: a network analysis.
But all being on the same hub, we’re just making it easier for evil doers and we’re making ourselves more vulnerable for rare disasters (think The Black Swan: The Impact of the Highly Improbable).
The Black Swan: The Impact of the Highly Improbable
That’s the only argument I have. The fact that there are other ways to establish identity, and silly ways of setting it up, doesn’t affect the main point: this is not resilient.
– Alex Schroeder 2018-09-03 13:46 UTC