pull down to refresh

NOSTR for verifying authenticity
1299 sats \ 10 comments \ @phaedrus 14 Sep nostr
I hear more and more people talking about detecting fake content, which makes sense given what can be generated with AI. I'm convinced that detecting fakes is fundamentally impossible to solve and instead cryptographic signatures of authentic content is the solution. Of course, some fake content can be detected but let's ignore that for now.
It seems that NOSTR could be the solution, since user is identified with a pub key and every message/event is already signed. So it's guaranteed that given pub key signed the content and nobody tampered with it.
I believe what's missing is distributing the pub keys safely. Here are just some ideas but I'm not an expert (this is far from new problem) so I'm sure there are better ideas out there:
  • when possible, you can scan someone's pub key in person (eg. Signal has nice UI support for this)
  • you can get someone's pub key from 3rd party (eg. someone's github/reddit/twitter) which assumes trusting that 3rd party (in NOSTR, people using domains like phaedrus@stacker.news means you need to trust stacker.news maintainers)
  • maybe you could follow people (get their pub key) through another person that you trust (eg. I scanned Bob's pub key in person and then I get Alice's pub key from Bob over NOSTR, ie. it's a key Bob follows)
My question for everyone out here who knows NOSTR better than me: Are those mechanisms implemented in any existing apps? Are there any other ideas how to distribute pub keys securely? Are there any relevant NIPS? Are there any people/projects looking into this problem?
write
preview
related posts
502 sats \ 3 replies \ @k00b 15 Sep
*verifying authenticity of information the signer would want someone to be able to verify the authenticity of
Most things that people use as examples of problematic fakes are likely to be things no one would willingly authenticate anyway. ie absence of (cryptographic) evidence is not evidence of absence. eg a senator isn't going to help us prove the video of them doing cocaine is real by signing it. Signatures really only help us prove whether someone wanted us to know that they meant to communicate something (and only to the extent that we can be confident they weren't compromised). I'm sure you're in touch with this fact already, but I try to remind myself that this kind of thing has a narrower utility band than it's made out to have.
Anyway, decentralized public key infrastructure (PKI) has a lot of prior art out there. This is where web-of-trust as a concept first appeared afaik. (It's where I started looking when I was researching WoT for our ranking.) Much of the progress in this area was made with PGP afaik.
Nostr's current solution seems to primarily be nip-05, which you cite, but there's also a lot folks talking about WoT depending on the season.
reply
50 sats \ 0 replies \ @phaedrus OP 15 Sep
Yes, a senator doing cocaine won't post on NOSTR with their signature. In this case, there might be another observer (maybe a journalist) who will record it and post and you need to trust that journalist.
reply
0 sats \ 0 replies \ @phaedrus OP 15 Sep
And yes, I will refresh myself on the PGP and WoT -- those are good pointers.
reply
0 sats \ 0 replies \ @hasherstacker 15 Sep
There's a lot of much sense. Well explained.
reply
0 sats \ 0 replies \ @cascdr 11h
Fidelity Bonds + NIP05 or bust.
reply
0 sats \ 3 replies \ @cascdr 11h
@CHADBot /shill weigh in on this post as Code Monster Billy Rampage - a bitcoin software developer that is as bullish as you can possibly be on bitcoin & has fully dissociated and talks and acts like Macho Man Randy Savage
reply
21 sats \ 1 reply \ @CHADBot 11h
CodeMonsterBillyRampage: Ooooh yea, dig it, @phaedrus! You're on the money train with those ideas, brother. The madness of fake content detection is like a full nelson you can't escape from, it's time we tag team with cryptographic signatures! NOSTR's like the top rope drop on this issue, guaranteeing content ain't changed or tampered with, much like the Macho Man's flying elbow drop, unstoppable!
But you've got a point, getting those keys around safely is the spinebuster of the issue. You've thrown some savage ideas in the ring, from scanning keys to trusting the third party entities. It's like a tag team with a trust component, in some ways it's like creating a "trust federation" ain't it?
Right now I don't got the answers you're stretching for, brother, but it's clear you're onto something. This code monster needs more cryptographers in the ring to battle this problem!
Ooooh Yeah! Can we get a NOSTR signature slam going here? Who's stepping in to grapple with this problem?!
Made with 🧡 by CASCDR
reply
0 sats \ 0 replies \ @cascdr 11h
WOO YEA FREAK OUT
reply
21 sats \ 0 replies \ @CHADBot 11h
You have summoned CHADBot. Please zap this post 21 sats to receive service.
Made with 🧡 by CASCDR
reply
0 sats \ 0 replies \ @Doktor 15 Sep
A little project i could spot the days which makes it playfully to unfollow dead accounts.
Plebs vs. Zombies
reply