💾 Archived View for bbs.geminispace.org › u › norayr › 16411 captured on 2024-05-12 at 19:34:27. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2024-05-10)

➡️ Next capture (2024-05-26)

🚧 View Differences

-=-=-=-=-=-=-

Comment by 🐙 norayr

Re: "openid for gemini"

In: u/norayr

what i am saying is that decentralization as i understand it makes it less possible/convenient to track user's behaviour and activity.

that's why we need it.

now i'll say 'bbs', but that's just an example. i have only warm feelings for bbs and its developer. what i am saying are theoretical speculations.

bbs knows lots of things about me. bbs would have known less if i was using it via my server. if my server would fetch the feeds i am subscribed to, if my server wouldn't let the bbs know when i am reading, and which posts interest me.

it is still possible to do, because bbs offers feeds - one way of decentralization.

it would be consistent if i was able to comment as my server's user

🐙 norayr [OP]

Apr 26 · 2 weeks ago

6 Later Comments ↓

💎 istvan · Apr 26 at 22:56:

@norayr Can’t respond to that whole chain atm, but I can’t think of a time in the old internet that there wasn’t masquerading. Literally as soon as it left the universities you had servers making accounts for unverified users. Who the heck was verified on Geocities or Angelfire? And once anyone could get an email address you had random people on Usenet. IRC was always the Wild West. That was the culture at the time for everyone who wasn’t an academic.

☕️ Morgan · Apr 27 at 04:33:

I still quite like my suggestion of a convention for a per-user opt-in way for servers to show client certificate fingerprint <hashes> as identity verification--check my capsule and Skyjake's reply linked above--as an <idea>.

But it's not a fit for Gemini, there isn't a strong need and people simply don't want it. That's pretty conclusive ;)

🚀 blah_blah_blah · Apr 27 at 15:33:

A gemini-friendly solution to ID masquarading:

It's opt-in, doesn't follow you around, isn't a login-scheme, but addresses some of the security concerns we might have about verifying identities, and also serves, like linktree or finger, as a convenient place to present one's public-facing identity. Some care would be required by the owner so that skyjake@randopage.com didn't takeover the real @skyjake.

☕️ Morgan · Apr 27 at 20:00:

I experimented with something like that, id.gemlog.org, but people didn't want a service that stores data. Which is perfectly reasonable.

So now it doesn't store any data, but it does show a text representation of your client certificate hash.

Which is good for nothing as nobody else uses the same hash+rendering :)

🚀 stack · Apr 30 at 02:09:

@Morgan, am I missing something, or does your idea require that I must trust servers to create and not fake hashes?

☕️ Morgan · Apr 30 at 05:41:

@stack that's right, with that idea every "social" or "id" server owner would run the same algorithm to display the same hash, (opt in per user), so as to not leak the underlying certificate fingerprint.

A malicious or hacked server could lie, so it's not e2e identification proof, but "if you trust the server". I think a malicious or hacked server gets you enough other problems that them forging ids is not super important by itself.

Original Post

🐙 norayr

openid for gemini — i believe that activity pub is an overkill for the problem it is trying to solve. we have rss/atom/yyyy-mm-dd for fetching news. rss solves the problem of fetching new content, following someone. openid solves the problem of replying/commenting/reacting as someoe. in a sense, we don't need a social network because internet is already one. internet with rss and openid covers essential features of what we call a social network. so let's adapt or design something like...

💬 22 comments · Apr 25 · 3 weeks ago