pull down to refresh

NOSTR for verifying authenticity
1270 sats \ 2 comments \ @phaedrus 7h nostr
I hear more and more people talking about detecting fake content, which makes sense given what can be generated with AI. I'm convinced that detecting fakes is fundamentally impossible to solve and instead cryptographic signatures of authentic content is the solution. Of course, some fake content can be detected but let's ignore that for now.
It seems that NOSTR could be the solution, since user is identified with a pub key and every message/event is already signed. So it's guaranteed that given pub key signed the content and nobody tampered with it.
I believe what's missing is distributing the pub keys safely. Here are just some ideas but I'm not an expert (this is far from new problem) so I'm sure there are better ideas out there:
  • when possible, you can scan someone's pub key in person (eg. Signal has nice UI support for this)
  • you can get someone's pub key from 3rd party (eg. someone's github/reddit/twitter) which assumes trusting that 3rd party (in NOSTR, people using domains like phaedrus@stacker.news means you need to trust stacker.news maintainers)
  • maybe you could follow people (get their pub key) through another person that you trust (eg. I scanned Bob's pub key in person and then I get Alice's pub key from Bob over NOSTR, ie. it's a key Bob follows)
My question for everyone out here who knows NOSTR better than me: Are those mechanisms implemented in any existing apps? Are there any other ideas how to distribute pub keys securely? Are there any relevant NIPS? Are there any people/projects looking into this problem?
write
preview
related posts
2 sats \ 1 reply \ @k00b 3h
*verifying authenticity of information the signer would want someone to be able to verify the authenticity of
Most things that people use as examples of problematic fakes are likely to be things no one would willingly authenticate anyway. ie absence of (cryptographic) evidence is not evidence of absence. eg a senator isn't going to help us prove the video of them doing cocaine is real by signing it. Signatures really only help us prove whether someone wanted us to know that they meant to communicate something (and only to the extent that we can be confident they weren't compromised). I'm sure you're in touch with this fact already, but I try to remind myself that this kind of thing has a narrower utility band than it's made out to have.
Anyway, decentralized public key infrastructure (PKI) has a lot of prior art out there. This is where web-of-trust as a concept first appeared afaik. (It's where I started looking when I was researching WoT for our ranking.) Much of the progress in this area was made with PGP afaik.
Nostr's current solution seems to primarily be nip-05, which you cite, but there's also a lot folks talking about WoT depending on the season.
reply
0 sats \ 0 replies \ @hasherstacker 1h
There's a lot of much sense. Well explained.
reply