On Fri, 17 Mar 2023 19:16:56 -0400, Tim Boudreau via Hidden-discuss <hidden-discuss at lists.hidden-tech.net> wrote: > That's not to say it's the apocalypse - just a logical consequence. In the > long run, what *would* work is a web where every piece of content is > cryptographically signed, and attributable to an actual human, and handled > by browsers and similar the same way the "green bar" for https is. But > anything like that is years away. I actually put a lot of thought into this a few years back, thinking it might be fun to start working on such a system. It turns out it is a Hard Problem, both because cryptographically signed content is not easy to retrofit into browsers securely, but also because it is impossible to know for certain where the content actually originated. In your example, even if you've found a way to link the key to a verified human, how do you prove the human with the private key actually generated their own content? So what you end up needing is a *reputation* system. Basically you need a truly *distributed* reputation algorithm, and you probably end up with various levels: reputation brokers that have their own reputation, friend networks where you've actually met the person with the key, etc. Analogous to the GPG key signing model, but with a more sophisticated reputation algorithm derived from a continuous stream of ratings made by key holders interacting with other key holders. Those ratings are analogous to client/vendor ratings on amazon and other such marketplaces, but applied to all interactions, not just purchase and sale activity. I contemplated what it would take to build a phone ap for this, but the problem with that is that making a peer to peer connection between phones is hard (no public address), which means you are depending on servers. So, someone could take this on as a business and build the servers, but then you lose the decentralization that is critical to being able to build a trust network instead of having to trust a single business entity (and we all know how well that turns out in the long run). Might have still worked if done as open source. But, it was while going down that trust rabbit hole that I gave up, because I'm lazy and it looked like a *lot* of work and, at least at the time, very little likelihood of any uptake ;) I think the latter is still true...for now. I think if someone actually wants to work on this it would probably be best done as an extension of B2B blockchain technology. I went down *that* rabbit hole for a while, but at the time the software in that space wasn't mature enough to serve as a practical platform for this. I wonder if that has changed... --David