• Jayjader
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    6 months ago

    It weirds me out that most of the arguments for nostr I come across are around how “you can’t loose your identity, it’s just a private/public keypair!”. Maybe I just don’t get banned enough to understand the perspective, but to me the real problem is the content/discussions being lost, not usernames for some corner of the web.

    I really don’t care about loosing my identity on a social media website; I’ve found it healthier to view social media accounts on the same level as my customer account at my isp and power utility. When I change ISPs, the old account is closed down and I start up a new one at the other ISP. What’s important to me is the service getting delivered, not that it remembers that I’m the same person from however many years ago. It’s still the same me here in my body, interacting with the web. I know what I need from it, it doesn’t always need to remember who I am (and sometimes I’d rather it forgot or never knew in the first place).

    My final point is a bit of a troll, but also kinda serious: how decentralized is it when your identity is “centralized” in your key pair? Loose your keys or loose your password to the key, and your identity is similarly effectively gone. Even worse in this case, no-one can restore it for you. Which is why I don’t tie my identity that much to any online service, especially ones I don’t host. The only thing that truly preserves my identity is the flesh-and-blood body that I inhabit (and even that isn’t fail-proof).

    I’ve interacted with GPG signing circles before. So many people are losing access to their keys. So many more are considering some of their keys as compromised. In either case they’re regularly generating wholly new keys, essentially rebooting their “identity” from scratch. When they do so, they always rely on flesh-and-blood interactions to have their new identity verified and trusted by others.

    Maybe it’s a question of which circles we’re involved in; mine are already regularly hopping accounts, without being forced to by bans or server outages. I’m used to interpreting the tone & content to recognize “people”, and ignoring usernames. On top of that so many people regularly change their display names on social media for vanity and expression purposes that I can’t reliably use them anyways for recognizing accounts.

      • Jayjader
        link
        fedilink
        English
        arrow-up
        4
        ·
        6 months ago

        You may also interact with countless bots without ever knowing, because creating fake identities is free.

        Maybe. Bots don’t seem currently capable of holding a conversation beyond surface level remarks. I think I tend to engage with thought-provoking stuff.

        On the off chance that I reply to a bot, it is as much for my reply to be read by other humans viewing the conversation. So I don’t understand how interacting with countless bots is supposed to be such a big downside.

        Plus, I don’t see how public/private key pairs prevents endless “fake” identity creation/proliferation. It’s not like you need a government-issued ID to generate them (which, to be clear, still wouldn’t be great -just got other reasons).

        Fair, some people value their identity.

        To be clear, I’m talking about online identities. In which case, I would argue that if you value it so much you should not delegate it to some third party network. My IRL identity is incredibly valuable to me, which is why I don’t tie it up with any online communications services, especially ones I have no control over.

        For average people nothing changes, the app can hold their key for them and even offer email recovery.

        …so then the app can post on my behalf without me knowing? And it’ll be signed as if I had done it myself. I don’t understand preferring this if you’re not also self hosting.

        That’s something having signatures and a web of trust solves.

        But as I wrote in my previous message regarding gpg signing circles (a web of trust), that doesn’t “solve” things. It just introduces more layers and steps to try and compensate for an inherently impossible ideal. Unless I’m misunderstanding your point here?

        Besides, you fail to see another problem: Whichever centralized, federated site you use can manipulate anything you read and publish.

        I just take that for granted on the internet. It’s true that key-signing messages should make that effectively impossible for all but the largest third parties (FAANG & nation-states). But you still need to verify keys/identities through some out-of-band mechanism, otherwise aren’t you blindly trusting the decentralized network to be providing you with the “true” keys and post, as made by the human author?

        Anyway, if you don’t see a need for tools like nostr you don’t need them.

        Maybe I’m not expressing myself properly; I don’t see how nostr (and tools like it) effectively address that/those needs.

        Sort of like how there was (arguably still is) a need for cash that governments can’t just annul or reverse transactions of, yet bitcoin and all cryptocurrencies I’m aware of fail on that front by effectively allowing state actors (who have state resources) to participate in the mining network and execute 51% attacks.