> Just using a GPG key to represent your identity or something along those lines would be a much better way to handle it.
This is something the web3 world is moving towards a user-friendly solution for[1]. A web3 wallet (something like metamask which is a browser extension) actually holds a public/private key pair. Websites can authenticate by asking the user to "connect their wallet"[2] which actually means signing a message which the site can validate. To do this, the browser extension shows a popup showing the relevant bits of the request with "Approve" and "Reject" buttons. Once signed you are able to use the facilities of whatever website even though you don't have any sort of account. If at a later stage I want to revoke my approval I can just do that in my wallet - I don't even need to go to the site and there is of course no account to delete there. You can easily maintain multiple distinct personas because a wallet can contain multiple "accounts".[3]
Something similar might presumably work for the fediverse. No accounts just an identity service/API that allows sites to get your public key and ask you to verify things by signing with the private key.
[1] I say moving towards because there are plenty of rough edges, but the basic idea is pretty good and the UX is already streets ahead of the normal GPG verification/signing type workflows
[2] There is an API called "walletConnect" and as long as wallets and sites implement that, they are able to interoperate fairly seamlessly (in theory). In practise it doesn't always work that great. https://docs.walletconnect.com/
[3] These are actually an address and a keypair. The address is used to perform transactions on the blockchain so wouldn't be relevant to the fediverse I wouldn't think.
I see this a lot as a justification for crypto and tbh I don’t buy it.
Why can’t we just use key pairs without all the commodity token nonsense? Blockchains are a hyper redundant global network of adversarial servers. This is the silliest way possible to implement a key based id system.
You absolutely can, and if you read what I wrote above I'm not shilling for any token or pushing any kind of blockchain.
I'm saying the user experience of having your keypair in a browser extension with an API that lots of sites agree to use is significantly superior to the old gpg way of doing signatures and verification and means that you can do what the GP wanted (having a key that you control representing your identity which is strongly authenticated with zero knowledge and not an account on each server). You can do all of that without any sort of blockchain and it's something fediverse sites could adopt.
That’s fair I just assumed you were shilling because you mentioned web3 and metamask.
I totally agree and hope the web moves in that direction. Unfortunately I think the tech giants will fight tooth and nail to retain their sso products. People also generally do not want to perform key management :(
This is something the web3 world is moving towards a user-friendly solution for[1]. A web3 wallet (something like metamask which is a browser extension) actually holds a public/private key pair. Websites can authenticate by asking the user to "connect their wallet"[2] which actually means signing a message which the site can validate. To do this, the browser extension shows a popup showing the relevant bits of the request with "Approve" and "Reject" buttons. Once signed you are able to use the facilities of whatever website even though you don't have any sort of account. If at a later stage I want to revoke my approval I can just do that in my wallet - I don't even need to go to the site and there is of course no account to delete there. You can easily maintain multiple distinct personas because a wallet can contain multiple "accounts".[3]
Something similar might presumably work for the fediverse. No accounts just an identity service/API that allows sites to get your public key and ask you to verify things by signing with the private key.
[1] I say moving towards because there are plenty of rough edges, but the basic idea is pretty good and the UX is already streets ahead of the normal GPG verification/signing type workflows
[2] There is an API called "walletConnect" and as long as wallets and sites implement that, they are able to interoperate fairly seamlessly (in theory). In practise it doesn't always work that great. https://docs.walletconnect.com/
[3] These are actually an address and a keypair. The address is used to perform transactions on the blockchain so wouldn't be relevant to the fediverse I wouldn't think.