2C/ Rebase: Decentralized Keybase

From IIW

Rebase - Decentralized Keybase


Tuesday 2C

Convener: Wayne Chang <wayne@spruceid.com>

Notes-taker(s): Simon Bihel <simon.bihel@spruceid.com>

Tags for the session - technology discussed/ideas considered:

Keybase, Trust


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Web-of-Trust related problem, mappings to your identity (twitter, websites, etc)

Keybase was acquired by Zoom, which is problematic because of a lack of resources for innovation.

Decentralisation allows private attestations (equivalent of proof for Keybase).

Can you have crawlers who get information about those private attestations? No, because validators don’t advertise the attestations they have issued.

Should notaries (third parties validators) be used, for legal use-cases? Not for now, for simplicity.

Related document https://hackmd.io/IZgDPFy6QiaZXbUk7Ik87Q

Interoperability and standards are important so the network of trust isn’t only usable by a certain company’s products.

Can’t Rebase simply be the composition of some existing tools (e.g. DID methods)? Yes, the goal of the project is to abstract the technical layers.

One way of thinking about Rebase is that we would recreate the network that big companies and banks already have on us, without our consent.

Related to notaries, how can you integrate non-digital documents (e.g. paper)?

A validator could only limit itself to a certain set of validations.

Isn’t Rebase a new DID method? Rebase is less strict than a formal DID method, more suited to our messy world (as well as more human-readable).

Concerns about privacy, as you can go from the Rebase ID to the social media accounts (a global directory can be built from the data in Rebase).

But attestations don’t have to be only about identity, identity proofs could also be more private (e.g. private message in Twitter, instead of a public tweet).

Sybil resistance? BrightID was mentioned as one of the social media platforms.

The privacy implications can be ok if the user agrees with it, but can it impact other people/connections?

https://keys.pub/ is brought up. Rebase is focused on social attestations.

We’re monitored already as you’re going about your business. But keys are something you control.

The governance of the directory is very important to avoid companies like ClearView having access to such directory.

What’s the scope for KERI events. And isn’t opt-in too weak because non-linked accounts can still be found/crawled.

Project description: https://docs.google.com/document/d/1kJhRE0CQ8BI2cOihdRE9EH-4atgwFJTwyXlB9LcebhE/edit#heading=h.dhpooiemp4fs


Zoom Chat:


From Steven Wilkinson : The participants list, claim host

From By_Caballero : https://keybase.io/by_caballero

From By_Caballero : ^ Example "medium-strong" ID

From Tobias Looker : Big +1! Also have some thinking on how to do this, and how to integrated with verifiable credentials!

From Andrew Whitehead : Not to jump ahead (okay, jumping ahead) but I’m curious about key rotation and maybe tying things together in a DID doc (or with keri)

From Tobias Looker : https://hackmd.io/IZgDPFy6QiaZXbUk7Ik87Q

From Orie Steele : : / starting with a foundation

From Tobias Looker : Haha

From By_Caballero : q+

From By_Caballero : can't raise hand, am host

From Orie Steele : Yep, in a way, this is decentralized surveillance as a service :)

From Gabe Cohen : surveilMe

From Tobias Looker : DSAAS

From By_Caballero : lol I was multitasking; can someone else make the notes reflect that

From By_Caballero : https://docs.google.com/document/d/1kJhRE0CQ8BI2cOihdRE9EH-4atgwFJTwyXlB9LcebhE/edit

From By_Caballero : something about notaries and standards? :D

From Adrian Gropper  : Standardizing how people notaries keep logs

From By_Caballero : surveil.me ; notarize.me

From Adrian Gropper  : human notaries

From By_Caballero : i know, just teasing :D

From By_Caballero : Infominer is sitting right there; this is Infominer erasure

From Orie Steele : q+ to talk about architecture

From By_Caballero : q+ to speak to KERI analogy

From Eric Welton (Korsimoro) : q+ to speak re: KERI - KERI is about precision, this is about mapping imprecision

From By_Caballero : q- ; (i think eric might have a more eloquent version of what i was thinking)

From Orie Steele : did:github:OR13

From Gabe Cohen : did:twit!

From By_Caballero : don't you dare bring did web into this

From Orie Steele : https://github-did.com/resolver

From By_Caballero : q+ : (after Adrian)

From Orie Steele : q+ to ask about how to start with friendly names

From By_Caballero : "pet names" :D

From Orie Steele : Didn’t people give up their privacy when they agreed to Facebook ToS :)

From By_Caballero : as private and secure as the LEAST secure and LEAST consented of the linked profiles :D

From Charles Cunningham : q+ about does/could keybase have value for sybil resistance or is that not a goal

From By_Caballero : ^ move over Idena and BrightID ! : (I want to reiterate that this is literally how credit cards protect against sybils-- by paying data brokers to attest to the age and quality of the trackers you've consented to)

From Tobias Looker : But who controls that global directory namespace

From Tobias Looker : You’ve just created DNS essentially

From Eric Welton (Korsimoro) : you mean google?

From By_Caballero : ^ Palantir, more like; (sorry to be bleak); Bad news, eric

From Eric Welton (Korsimoro) : i'm an accelerationist in this area - at this point I think the only way to create action about the fact of Palantir, or DHS HITEC, is to open up the existing private maps to public so that they demand a social response in the face of all the other stuff we're dealing with.

From Orie Steele : Directory is inevitable; Just like thanos

From Kimberly Duffy : q+ re keybase/keys.pub replacement

From Charles Cunningham : many directories exist already, luckily we're solving portability to make it easy for them to join together 😆

From Orie Steele : bech32 ; pepelaugh https://didme.me/did:meme:1zgswzdje885tzr8408m37sjmaa0sthw265ty6hmwzmau48kd809zzrgra4w5w

From Orie Steele : ^ also uses bech32 ; Big +1 to Adrians point

From Gabe Cohen : face..index

From Orie Steele : Biometrics can be compelled : Best not to use them as the sole factor : I would be in favor of working on this more : I think its a cool idea

From Kimberly Duffy : Epic beard Adrian! I’d be remiss if I didn’t compliment you

From By_Caballero : It won't protect you from the cameras, tho : try insane clown posse paint

From Orie Steele : And infrared reflectors

From Gabe Cohen : https://didme.me/did:meme:1zgsyjd79ruhltsc6awvakj7ays7t7ngmn9z4znp4rjf4vm8t0sacvjqnlu3hf

From Orie Steele : lulz

From By_Caballero : https://nakedsecurity.sophos.com/2018/07/04/want-to-beat-facial-recognition-join-the-insane-clown-posse/

From Orie Steele : Lets be real, it only takes like 4 calls to uniquely identify you when you get a new burner…  ; The directory is inventitable

From John Hopkins : resistance is futile 😂

From By_Caballero : https://docs.google.com/document/d/1kJhRE0CQ8BI2cOihdRE9EH-4atgwFJTwyXlB9LcebhE/edit

Retrieved from "https://iiw.idcommons.net/index.php?title=2C/_Rebase:_Decentralized_Keybase&oldid=23239"