But how would a user see that this poat was made with the right crypto key. Maybe some check mark on the Post or some sign.
Comment on Angry, disappointed users react to Bluesky's upcoming blue check mark verification system
sugar_in_your_tea@sh.itjust.works 4 days agoIt’s easy: cryptographic signatures. If you want to prove your identify, post a public key on something that you need to prove identity for (personal website or something) and sign your posts with the same key. That way everyone can tell the that the same key listed on the website is used for SM posts. Clients can check this automatically and flag anything on your “official” account that’s signed with a different key.
This is much better than a checkmark system, because accounts get hacked and whatnot. It’s really easy to check a cryptographic signature, and it’s really hard to fake. If the website gets hacked, the signature won’t match previous posts.
The main concern here is losing the key. If someone steals your key, generate a new one, and sign it with the old key and the new one. Boom, now everyone can tell you control both keys, while the attacker only controls the old one.
joel_feila@lemmy.world 4 days ago
sugar_in_your_tea@sh.itjust.works 4 days ago
Ideally, they wouldn’t see anything if everything is good. If there’s an anomaly, flag it with a warning.
But yeah, you could put a checkmark on it, but then it actually means something more than “this person spent money.” Ideally, the checkmark would only show if it’s a publicly verifiable key outside the platform.
joel_feila@lemmy.world 3 days ago
Yeah that’s a better system then. We need something that shows the user then post or user is verified. How it works doesn’t matrer to them. Amd the key system would be betterment
FourWaveforms@lemm.ee 4 days ago
That’s only easy for nerds, and it doesn’t help if the private key is on a device that gets compromised.
sugar_in_your_tea@sh.itjust.works 4 days ago
Regular people wouldn’t need identity verification, and the keys can be something the user never sees, just like with Signal. The UX can be pretty good here.