Signing data does not mean that you authored the data \ stacker news ~nostr

Signing data does not mean that you authored the data

3561 sats \ 25 comments \ @k00b 8 Sep nostr

I hear people imply that signing data is equivalent to proving they authored the data they're signing (ie "I own the data"). This is subtly wrong. Signing data proves:

you had the private key that signed the data in your possession
you had the data that you signed in your possession

It doesn't prove:

you authored the data
you "own" the data

Ownership of data is a weird concept to begin with. At most data ownership means you possess the data and maybe in some ethical or legal sense means you have a right to possess it. Digital signatures don't enhance the meaning of data ownership. I think when people say "I own the data" when they've signed the data but it's not in their physical possession, they mostly mean "I can prove I authored this data," but a digital signature only affords "I own the means of authenticating that I once possessed this data."

Proving authorship of data requires more than signing it. The way we prove we authored something is by demonstrating it was in our possession before anyone else. So if we wish to prove our authorship of data, not merely prove that we once possessed it, we need to both sign the data and timestamp the signature in an unforgeable way.

view all related items

2020 sats \ 1 reply \ @pillar 8 Sep

Opentimestamps could be a complementary tool to achieve this.

Pattern would be:

You author the "work", whatever that is.
You sign it.
You use opentimestamps to prove the existence of the signature at some point in time.
You release the "work" out there.

Since you have that proof, and nobody else can provide one earlier than yours, you kind of have a case for having laid your eyes on the "work" before anyone else, which is a strong argument in demonstrating authoring.

From what I've read, intellectual property protection is one of the strong use cases in trad-legal areas for Opentimestamps.

401 sats \ 0 replies \ @k00b OP 8 Sep

Yep 100%.

141 sats \ 0 replies \ @jgbtc 9 Sep

I think of it more like "I approve this message" than authorship. So if you know a particular public key belongs to someone, and they sign some data with the corresponding private key, they are basically saying "I attest this data is authentic/true/accurate/etc". It's highly contextual really. But you're right, nothing to do with authorship or ownership.

100 sats \ 0 replies \ @DiedOnTitan 9 Sep

I would add to this that signing data on the blockchain also time stamps the data. This is the crucial aspect because if there is a dispute about ownership or authorship, the time stamp provides objective evidence as to first objectively verifiable usage of the data.

On a second read, I think I am repeating your last sentence...

84 sats \ 6 replies \ @Coinsreporter 8 Sep

197 sats \ 3 replies \ @TheMorningStar 8 Sep

I think copyright means to have the right to distribute copies but the ownership remains with the producer.

34 sats \ 2 replies \ @Coinsreporter 8 Sep

I'm sorry that's not correct. You actually gotta read this -

Copyright is a type of intellectual property that protects original works of authorship as soon as an author fixes the work in a tangible form of expression. In copyright law, there are a lot of different types of works, including paintings, photographs, illustrations, musical compositions, sound recordings, computer programs, books, poems, blog posts, movies, architectural works, plays, and so much more! https://www.copyright.gov/what-is-copyright/

60 sats \ 1 reply \ @TheMorningStar 8 Sep

Thank you so much sir! I was wrong and accept I didn't bother to look for the meaning of it. I just guessed for the word ad copy + right.

24 sats \ 0 replies \ @Coinsreporter 8 Sep

It's alright. It happens with everyone.

41 sats \ 1 reply \ @k00b OP 8 Sep

I'm not too familiar with copyright, but most ownership schemes depend on being able to demonstrate you possessed it first.

0 sats \ 0 replies \ @Coinsreporter 8 Sep

Computer programmes are also included in copyright. Copyright does mean authorship as soon as an author fixes the work in a tangible form of expression.

221 sats \ 0 replies \ @TheMorningStar 9 Sep

Dear @k00b, I just napped reading your post and comments and this happened.😇

30 sats \ 1 reply \ @ek 8 Sep

Maybe people got confused because of ScriptSig in bitcoin

38 sats \ 0 replies \ @k00b OP 8 Sep

I think this does confuse bitcoiners a lot because we take bitcoin's timestamps for granted and assume signatures alone are what's proving our ownership.

41 sats \ 0 replies \ @Golu 9 Sep

The only authorship of data means that you hold it before anyone else does and you need to prove it.

120 sats \ 1 reply \ @k00b OP 8 Sep

Another thing I think people might mean when they say "I own the data" when they've only signed the data is that others can't "own" the data. But, they can.

The singular important thing that digital signatures provide wrt to data ownership is the ability to say "I own the means of authenticating my possession and intent to sign this data."

100 sats \ 0 replies \ @Scoresby 9 Sep

In my mind signing is identity.

if you sign a post you are saying the person who knows the secret to this public key posted this.

If we think about a repost or a retweet, signing it would by a way of endorsing it or proving that a certain person wanted to spread the info contained in the post.

When it comes to self referential data (like a will or a contract) signing makes a lot of sense and almost matches up with what seems to be the normie understanding of it.

With creative data (writing, thoughts, art) it probably isn't as useful. But then, the idea of needing to sign art has always been a little funny anyway.

0 sats \ 3 replies \ @sebastix 9 Sep

Is https://github.com/nostr-protocol/nips/blob/master/03.md a possible for this?

0 sats \ 2 replies \ @k00b OP 9 Sep

For nostr? Yep!

0 sats \ 1 reply \ @sebastix 9 Sep

Yes a possible solution (is missed typing that word) As this topic was posted in the Nostr territory I assumed your concern was applied to signed events with Nostr

0 sats \ 0 replies \ @k00b OP 9 Sep

It was, sort of. I knew about that nip. This was more philosophical.

0 sats \ 1 reply \ @Satoshi__Nakamoto 8 Sep

That's a dark truth that we don't own our private data

0 sats \ 0 replies \ @k00b OP 8 Sep

I don’t know what that means and to the extent that it means anything it’s a non sequitur.

0 sats \ 1 reply \ @Thereal 8 Sep

Is this how NFTs operate?

0 sats \ 0 replies \ @roadrunnah 9 Sep

NFT's does not work that way. Most of the media associated with NFT's (images, texts) are in Web 2.0 although the token is in Web 3.0. NFTs is technically just a variable in a smart contract. Yes it may require your wallet signature but most of NFT's are components that can only be reconstituted from different modes of the web.