this post was submitted on 15 Jun 2023
75 points (100.0% liked)
FediLore + Fedidrama
2177 readers
30 users here now
Chronicle the life and tale of the fediverse (+ matrix)
Largely a sublemmy about capturing drama, from fediverse spanning drama to just lemmy drama.
Includes lore like how a instance got it's name, how an instance got defederated, how an admin got doxxed, fedihistory etc
(New) This sub's intentions is to an archive/newspaper, as in preferably don't get into fights with each other or the ppl featured in the drama
Tags: fediverse news, lemmy news, lemmyverse
Partners:
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
We almost had decentralized logins with OpenID. I remember the push. It started seeing more widespread usage in the spaces I visited at the time, and even Google is/was an OpenID provider. Facebook and their "Login with Facebook" nonsense took things backwards when other vendors wanted to be a ~~data tracker~~ login provider, also.
With the ban evasion scenario you mentioned, having something like OpenID would give you an immutable ID number that can be used anywhere. Bans and blocks would go according to that ID, and evasion would require a new account. I think that would be a good middle ground for data privacy. It does make law enforcement's job harder, though. Which does take us back to square one when it comes to removal of content, especially illegal content.
I am actually reaching the end of my knowledge on the subject in the following, so if anything after this is flat-out wrong with the technologies listed, I'd love some corrections.
If we go purely theoretical with existing tools, a blockchain would ideally assign those unique IDs. That's a username and account creation date. GPG to sign each request (the second factor), and the entered password with the signature would decrypt an encrypted blob on IPFS with the requested information, similar to how Storj DCS stores data in encrypted buckets. Enter the wrong password, you get an empty bucket. Password recovery becomes an issue at that point, but one really should be using a password manager, passphrase, or hardware key these days, anyway.
Or use it as a feature and increase overall privacy by using a different password for each unique data blob shared with a service you're authenticating with. It won't matter, because your ID won't change. For law enforcement, that does make things exponentially more difficult, maybe if you store the successful login attempts on the blockchain with the metadata that they claim to obtain from companies, it might work? There does have to be a balance between transparency and privacy.
A blockchain does seem like overkill for that, though. Having a unique Username might be good enough, since you don't really want to have multiple users with the same display name anyway. Otherwise, things might start getting a bit confusing, especially if they're both in the same instance.
Feels like a simple method would be a login provider that is related to the government. The gov have the best way to identify you and prove that you are who you are. That's how you would get one unique ID that cannot be evaded by simply creating a new account.
Although, if you get banned from a community, there would be no way to get back in it because your gov id would be banned. Maybe the ban appeal could be more official instead of a letter to a random mod and hope you get an answer, hell, why not judiciarice the whole ban appeal thing so that you do have real recourse if you ever get banned for no good reason, a bit like when you get fired from a job.
Food for thought..