logen

joined 2 years ago
[–] logen@exploding-heads.com 1 points 2 years ago (6 children)

Well, you do all this on the client side. It's just that the nodes would manage your pubkeys. (Which the might already do?)

If your key gets hijacked by someone, it's nice to be able to push a revocation certificate, if nothing else.

[–] logen@exploding-heads.com 1 points 2 years ago (8 children)

As I recall back when I did gpg encrypted email.

You can create a master key. You use this master key to sign other keys.

Keep that master key super safe.

The subkey is what you use in general practice.

You upload your public keys to keyservers, which I believe is what happens with nostr nodes.

Your master key can revoke the subkeys at any time. This revocation is sent to keyservers and the public key is marked as invalid so other people don't trust it.

You then make a new subkey signed by your master key to prove it is still you, but with a new key, and upload that public key.

Now that's the key people use to encrypt data for you, as opposed to the old revoked one.

Now, I'm not sure exactly how it works either with the keyservers or nostr, but it seems like it should be doable. Have an air gaped master key that is only used to sign the keys you use day to day, and it's that master key's signature that is the verification of your identity.

Bonus points to this system, I can have five different nostr apps each create their own key. I could later verify all those keys with my master key to prove each of these different keys belong to the same identity. With that verification, if implemented of course, the noster nodes could link all the pub keys signed by the same master key to help people follow an identity across different types of content.

I know I'm somewhat confusing different points I was trying to make, but it should all be possible.

[–] logen@exploding-heads.com 2 points 2 years ago (10 children)

I was thinking like how with gpg you can sign a subkey, use that, if it is comprimised you can send something out saying that the key is compromise and painlessly switch over to a new subkey since the master is only used to confirm subkeys.

Like Keyserver notes that this pubkey is bad, in this case nodes, the keyserver also notes that there is a valid new pubkey and transfers it over.

[–] logen@exploding-heads.com 1 points 2 years ago

I take that back, nostrid is interesting too. It's running like shit, but it's interesting.

[–] logen@exploding-heads.com 1 points 2 years ago (1 children)

Went through most (all?) the android clients. They are all either pretty out of date (last commit months ago), very early dev, not released, or otherwise not so great. Amethys is the best so far, which is sad.

MeShell looks intersting, but was never released. The rest are varying bad implementations of twitter. I'll have to check out the linux clients.

[–] logen@exploding-heads.com 1 points 2 years ago (2 children)

Nice list. Thanks!

[–] logen@exploding-heads.com 2 points 2 years ago (12 children)

Yep, you've convinced me to give it another chance. I really should try out other clients, but android is what I usually use for reading, entertainment, etc.... I have plenty of other computers though, I have no excuse.

I wonder if there is a way to change a private key. Say, mine gets compromised, without creating a new account.

[–] logen@exploding-heads.com 2 points 2 years ago (4 children)

I was just using amathist on android. I'll have to try other apps.

[–] logen@exploding-heads.com 1 points 2 years ago* (last edited 2 years ago) (1 children)
  1. Oh, I'm in no way defending fediverse. It's neat, technically, but it's ripe for abuse from inside and out. As for DNS, I wonder if there's a reasonable way to get around that for ActivityPub.

  2. Okay, that's neat. I should look into this indepth. I'm currious how data is copied around without overloading nodes. It seems like it may also have the problem of some people don't see some comments on a specific post, which leads to confusing conversations, but I haven't run into that yet as I have on Mastodon. But with Mastondon is was a matter of instances being blocked, this just seems like we may be missing parts of the conversation, kinda like on SSB if there are two groups of people who only have some of the data.

EDIT: My post counts from 1. to 2., but I wrote 1. and then 3..... Whatever. The second part is ment to target the end of your reply.

[–] logen@exploding-heads.com 1 points 2 years ago

True, but often times, when we do something a lot of people enjoy, it's a chance happening. Unless we're hyperfocused on the point of making money in the first place, like designer bands and the like.

[–] logen@exploding-heads.com 1 points 2 years ago (14 children)

Well, the idea that I can create my own pleroma instance, create an identity, and then go check out noagenda or whoever else's mastondon's and the like.

Even peertube iirc. Possibly diaspora?

At that point, blocking me or the instance is the same thing since I'd be the only one on the instance. However, these instances are a bit of pain to setup for the average person, especially if the only point is to create an idenity since that thousands of other people are willing to do it for you.

But yea, that's why I want to like nostr, mehbe someday a different client will work out for me, but with the way this stuff work out...It's usually not what Iwant.

[–] logen@exploding-heads.com 1 points 2 years ago (2 children)

Yea, it's true that locals, rumble, and the one's you mention support content creators.

I was thinking on a smaller scale. Like, if I send you cash for a pleasant discussion rather than I send someone cash who is trying to appeal to be a content creator specifically for income.

view more: ‹ prev next ›