I've spoken before about some of the challenges I see regarding true decentralization for #Bluesky.
-
ルビーちゃんreplied to reverse colexicographic Nora last edited by
@noracodes [demonic thought] let the USPS (and other mail services in other countries) handle user credentials. They already handle my mail key being lost!
-
Semitonesreplied to reverse colexicographic Nora last edited by
@noracodes I thought I saw that Destin @ smarter every day was backing a startup that purported to facilitate user-managed keys, but I can't find the video now
-
reverse colexicographic Norareplied to Semitones last edited by
@semitones ah good, military contractor key management
-
James Brownreplied to reverse colexicographic Nora last edited by
@noracodes Idolizing self-managed cryptographic keys is basically the idea behind nostr, right? Which is exclusively used by cryptobros...
-
reverse colexicographic Norareplied to James Brown last edited by
@roguelazer Right, that's exactly my point. Most people aren't willing to deal with it.
Idolizing is a weird word to use here, imo. It's a technical solution to a technical problem.
-
James Brownreplied to reverse colexicographic Nora last edited by
@noracodes I originally wrote "fetishizing", actually, because I feel like nostr really loves to talk about cryptographic keys a lot and put them in the front of everything.
-
Raymond Neilsonreplied to reverse colexicographic Nora last edited by
@noracodes And for every p2p chat setup - especially the ones heavily reliant on IPFS - there's also the entire mechanism of moderation missing.
In Bluesky-land that's not only entirely performed by Bluesky PBC, architecturally that's all done in the appview and feed layers. I have absolutely no idea how to even approximate that with user-managed PKI
-
reverse colexicographic Norareplied to Raymond Neilson last edited by
@delta_vee True! I actually think Bluesky is doing super interesting stuff in that vein, really similar to some early Fedi moderation proposals that never went anywhere because people are irrationally scared of blocklist sharing
I think opt-in, transparent blocklist sharing is the only way to go.
-
Raymond Neilsonreplied to reverse colexicographic Nora last edited by
@noracodes The blocklist stuff is definitely interesting, modulo the normal maintenance/reputation/collateral-damage problems
I'm actually thinking more along the lines of e.g. CSAM reporting (well, really anything traditionally requiring some level of content removal), esp as that interacts with what you mentioned WRT paid IPFS hosting (and, as a corollary, the kind of people willing to risk hosting CSAM for a fee)
-
reverse colexicographic Norareplied to Raymond Neilson last edited by
@delta_vee I mean, this is just the same argument as govts asking for encryption backdoors, right?
If we can never risk hosting even part of even an encrypted illegal file, we can't do IPFS at all. If we are only interested in complete, unencrypted files, it's just the same as any other hosting provider; if something is detected to be illegal in your jurisdiction, you unpin and delete it and report the client, whose credit card number you have
-
reverse colexicographic Norareplied to reverse colexicographic Nora last edited by
@delta_vee It's certainly possible that the US government decides that hosting providers are culpable for unknowingly hosting encrypted parts of illegal content. It would have huge consequences across the entire Internet economy, and would absolutely sink this idea too. I don't think that would be a good policy decision, but nobody cares what I think.
-
reverse colexicographic Norareplied to James Brown last edited by
@roguelazer I have spent exactly zero time around Nostr, so you may be right about that community. I do think that, as of the current state of the art, the options we have for identity are "trusted central party" (which may or may not delegate power, like DNS) or "user controlled keys", and that's it.
-
James Brownreplied to reverse colexicographic Nora last edited by
@noracodes oh, I emphatically agree — I signed up for nostr because it seems like a super-technically cool idea, but I think there's 0% chance anyone ever uses it
I do think a potential in-between model is something like a "jurisdictionally federated" model where your local government issues you a smart card (see Belgium's eID), but especially in the current US political climate that seems terrifying
-
reverse colexicographic Norareplied to James Brown last edited by [email protected]
@roguelazer yeah I would absolutely not use that lol
and anyway that's "trusted central party"
-
Raymond Neilsonreplied to reverse colexicographic Nora last edited by
@noracodes I'm actually halfway expecting one of the govs trying to subvert encryption to try exactly that - threaten liability for unknowingly hosting
-
reverse colexicographic Norareplied to Raymond Neilson last edited by
@delta_vee horrifying, but it's definitely a possibility