Back in June I wrote about an exciting confluence of digital auth tech:

(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .

In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.

https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream

#opensource #indieweb #identity

https://writing.exchange/@erlend/113091679196090320

  • demesisx@infosec.pub
    link
    fedilink
    English
    arrow-up
    11
    ·
    2 months ago

    Perhaps. I tend to listen to Snowden when it comes to tech. But I haven’t used it yet because all of the implementations I could use involved a bitcoin wallet. I’m a fan of crypto but that felt weird.

    Someone else reassured me that NOSTR is a very open platform and that requirement wasn’t true.

    From my research, I have found it to be far more decentralized than Lemmy’s (and the pub/sub) federated model, which would also, obviously have the same drawbacks that we see in other truly decentralized tech like crypto, torrents, and tor where you are on your own in the world, forced to literally keep the ocean of shit from infecting you! 😉

    So, I think of those things as necessary evils. For example, if I used NOSTR, I could have an address that follows me no matter what. That cryptographic hash is my NOSTR identity for better or worse. That’s pretty powerful and far more secure than a two step verification process in the long run.

    I don’t know enough about it yet. But I’d say it is a raw technology that I wouldn’t allow the criminals and trolls of the world define for me.

    • originalucifer@moist.catsweat.com
      link
      fedilink
      arrow-up
      4
      ·
      2 months ago

      yeah, ive read from some other corners nostr is really being abused by bad actors due to the same anonymity you seem to require of it.

      nostr is basically not moderate-able, which is a non-starter for the rest of us who dont really give a shit about 5 9s of anonymity and are attempting to maintain communities of decent humans.

      • demesisx@infosec.pub
        link
        fedilink
        English
        arrow-up
        10
        ·
        2 months ago

        “I” seem to require? No. I’m deferring to the cypherpunk manifesto which rings true over and over again.

        IMO, anonymity should be able to be switched on and off at will by the user. Selective disclosure using homomorphic encryption coupled with digital identity can achieve both, IMO.

        In particular, businesses require anonymity in much of their chain of custody…and I think that’s fair.