This is a Hacker project to explore improved ways of doing things with the new primitives of our collective technology base. In this case, owning your own identity with a decentralized identity system.
I think marketing posts are better suited for another forum, no?
I agree that the intentions were pure. That said, this isn't a product, but instead, a project with a specific goal of improving internet security by showcasing concepts to the HN community. The discussion within the thread, I think, is indication that it is helping to inch closer to that goal as more users on HN are made aware of the beneficial tools cryptography with Handshake provides.
I apologize for that. There was an assumption that most people were aware of the Handshake Naming system [1]. Handshake is a naming blockchain that's recently been gaining adoption quickly (Namecheap [2]) (Opera Browser [3]). Using this, you can control your name, which is your identity, on the internet. There's a lot of other cool benefits, but as it pertains to this project, it's the names, cryptographic proof of ownership of said names, and the cryptographic provability that the messages were written by the owners of said name.
There are many ways to get Handshake names, but the easiest ways are to use Bob (non custodial) [4] or Namebase (custodial) [5].
So handshake.org seems to be the authoritative source on everything handshake, and it has several lengthy posts describing how using anything but it and things it vouches for to interact with handshake is about the absolute dumbest thing a person could possibly do [1]. And while namebase.io looks like it might provide an incredibly intuitive "getting started with handshake" experience, it's not vouched for by handshake.org. Can you explain why using namebase.io to mint a handshake name isn't the dumbest thing I could possibly do?
The instructions you pasted are for claiming a name that was pre-reserved when Handshake launched [1]. This is different from creating and obtaining a new name on the blockchain.
Are you implying people should feel free to create and obtain a new name on the blockchain using any random website? Also I do not see the list of popular GH names in the link you provided.
> Are you implying people should feel free to create and obtain a new name on the blockchain using any random website? Also I do not see the list of popular GH names in the link you provided.
The popular names are in the names folder.
I wouldn't recommend obtaining a new name from any random website. I don't think I did so. I'm going to avoid continuing this thread as gaslighting isn't usually something one would wish to engage in, obviously on the receiving end, but on the creator's end too.
I hope you are able to find peace in the next year.
You hit the nail pretty much on the head. While you're correct that a 4chan-like mechanism would provide a means of authentication, the hash would not be human-recognizable easily (basically, not meaningful). Using a naming block chain like Handshake, you essentially solve Zooko's Trilemma [1].
> While you're correct that a 4chan-like mechanism would provide a means of authentication, the hash would not be human-recognizable easily (basically, not meaningful)
This part can be addressed easily with avatars such as those Gravatar makes. Using a blockchain instead seems like a huge overkill, and also brings 'login' back into the equation, albeit with a different connotation than traditional login.
> This part can be addressed easily with avatars such as those Gravatar makes. Using a blockchain instead seems like a huge overkill, and also brings 'login' back into the equation because most websites will use something like Metamask, which you have to log into.
A gravatar is great for a profile photo, but in the end, there's no guarantee that the message viewed by a user was actually written by the poster. A site admin could simply inject posts as that user.
With signed messages, only those who possess the key could have created the signature for the signed message. Even a site admin cannot edit the message and get away with it (since the signature wouldn't validate).
> If you think about it, this is also true for web3 — true enough that it's broken.
You absolutely cannot fake a message being cryptographically signed without providing a broken verification function.
> We don't live in a world where you can't take things from people, etc.
The half glass empty approach is one method. The other method is to review the primitives we have in place today and explore different permutations that allow us to route around our adversities. That's the Hacker way. Of course, we do it with code.
> Ultimately, society works because we don't really need ironclad guarantees like that.
The society you live in is very different from mine. Fraud and impersonation are real. [1]
Pretty much all of security relies on the user not giving out their passwords or secret keys. Imho it's an implicit assumption when talking about identity and security. If we break that assumption, nothing in the world is secure, and any discussion about security becomes pointless.
Between "there's no guarantee that the message viewed by a user was actually written by the poster" and "You absolutely cannot fake a message being cryptographically signed without providing a broken verification function" you moved the goalposts so hard it gave me whiplash and I'm afraid I can't continue this discussion due to my concussion.
> Between "there's no guarantee that the message viewed by a user was actually written by the poster" and "You absolutely cannot fake a message being cryptographically signed without providing a broken verification function" you moved the goalposts so hard it gave me whiplash and I'm afraid I can't continue this discussion due to my concussion.
I think it might be wise to review what signing means to understand that I didn't "move the goalposts" at all [1], but thanks for the discussion, as I merit it will help a lot of people to better understand the power of cryptography as I'm guessing it's a new field here as of yet.
No, they're absolutely right. You can steal a person's computer. You can get them drunk and ask them to hand over their keys. There are a dozen ways off the top of my head that you can have a message that's not written by the supposed poster without a broken cryptographic function.
This is solved with key management and security as opposed to with the fact on whether or not the technology has merit. Now, we're really moving goalposts. ;)
Sure, but you're ignoring flaws in the security to make a stronger marketing message for your site. Yes, there is nothing you can do about this, it's not under your purview. But nevertheless you can't make so strong a claim as to say that a message can't be faked without a broken verification function. It simply can't be faked in one particular way.
If Person B published a message under Person A's name, that is, to the non-crypto world, a faked post. They're not going to be impressed by your argument that actually it isn't faked, it's real, Person B just had access to Person A's computer.
Again, this is a security issue and doesn't in any way reduce the proven efficacy of cryptography. It's pedantic at best, and I am going to stop replying to your comments.
That's fine, I'm not looking to debate, I'm trying to help. You're here presumably looking for input on your new project, but you're not taking any of it, and getting very defensive whenever anyone offers anything other than praise.
I'm not making a comment out of pedantry, I'm telling you how I expect this is going to be seen by regular users. People on the whole are not interested in whether or not some particular security system is theoretically perfect, they're interested in whether or not it actually provides the security that they interpret it to promise. And they will interpret your claims as meaning that messages cannot come from anyone other than the signed user, which is going to be a problem the first time that assumption fails. And it will fail, because people aren't good at keeping secrets secret.
I don't see goalposts being moved. It seems like your base assumptions are just different from most people. Most discussions about security assume that users are taking care of their passwords and private keys, and talk about how secure a system is _given_ that assumption. If start assuming that stealing computers and getting people drunk to steal passwords is reasonable, then there would be no point to any of the security measures on the web
I'm not too familiar with 4chan and handshake, but my current understanding of this is that it's like using public-private key cryptography for creating user identities, and then using blockchain to map public keys to usernames?
So if I wanted to make a post, I first generate a public-private key pair, and then sign posts using my public key?
You can either use Bob Wallet [1] or hsd RPC. You'll need a Handshake [2] name as well. There's a PR on the Bob Extension that streamlines this process (think metamask) [3].
I think where we're headed is a blend of Web 2 and Web 3 (Web 666). In this, Web 2 continues to live on in its current form, because it works quite well. However, there are some issues with Web 2 that Web 2 can't easily solve that are solved by Web 3. One of the biggest ones is decentralized identity which Handshake solves beautifully.
With signed strings tied to the keys associated with the handshake name, every action taken on a Web 2 website can now benefit from being verifiable [1]. You don't need the blockchain outside of the identity.
Secondly, the more I've been working with this technology, the more I've truly begun to understand how important it is to own one's name. There shouldn't be two afro88s. Imagine if there is an afro88 on reddit and this person starts acting a certain way -- and then someone comes here and they see your username and apply bias due to actions that were not your own?
Web 666 is a silly name for blending the "stacks" if you can call them that, together, but then again... [2]
[1] A reddit admin edited a user's comments. Imagine if that user was suddenly prosecuted on said "evidence?" What a shame, and cryptographic signatures really empower people on the internet, especially in a Web 2 world.
It's more of using specialized, purpose driven applications vs using a generalized swiss army knife of epic proportions.
Handshake was purpose built to work with traditional DNS while ENS is something entirely different. I think that's why Handshake is gaining more adoption in the traditional DNS sector as well, but whatever the case, I've opted to work with this technology based on a number of factors:
1. The ENS project is great for creating human readable Ethereum wallets. However, it doesn't seem that it was initially suited to be used for DNS and that this was later patched on.
2. ENS is centrally controlled by a federation of key holders [1] while Handshake is decentralzed.
3. In Handshake, you truly own the name.
4. With blockchain already inheriting many inefficiencies when compared to more traditional systems, ethereum, while very cool, tries to be too much and the bloat has led to extreme fees for interacting with the blockchain.
That being said, I'm keeping my eye out on all of the naming projects. It's something I'm very interested in.
This is different from a website like Hacker News or Reddit which aim to be social media websites and avenues to engage in discourse.
Applause, instead, is as you might say, a tech demo, but also aims to, through UX and feature, create a different kind of environment than general social media networks. Instead, when a user engages in the act of 'signing' something, people can either agree in whole or not. If they agree in whole, they actually sign the original message itself. It's closer to a "shouting out to the void in a certified manner, and others can join in the shout" versus "shouting out to the void and debating."
I was browsing Handshake repos on github and noticed a pull request that added sign/verify [1] on the Bob Extension [2] on Github. This piqued my interested, and of course, it was time to hack away again.
The result is applause [3] which lets you post and applaud (sign) your and other people's messages. This website does not require a login or signup because it uses the decentralized Handshake [4] blockchain.
It's open source on github [5] and mixes Web 2 and Web 3 together causing some interesting benefits.
Submission Statement: I was browsing Handshake repos on github and noticed a pull request that added sign/verify [1] on the Bob Extension [2] on Github. This piqued my interested, and of course, it was time to hack away again.
The result is applause [3] which lets you post and applaud (sign) your and other people's messages. This website does not require a login or signup because it uses the decentralized Handshake [4] blockchain.
It's open source on github [5] and mixes Web 2 and Web 3 together causing some interesting benefits.
Web 3.0 utilizes crypto in order to build something more than just the cryptocurrencies built in the past. A blockchain is useful in a decentralized system where a shared ledger is required. There are several different types of projects that are branding themselves Web3 -- and I think they are all correct; Web3 is a totally new web built by the people and controlled by the people.
> encompensate technologies like edge computing which are decentralising ownership of compute and data back to devices.
I've been working on just that [1], and I think many other projects are as well. If you stop focusing on the 'value' of 'coins' in the market and, instead, narrow in on the merits of the underlying technology, I think you'll quickly find that all the building blocks are there to get to this decentralized ownership model we are all seeking so eagerly.
The decentralized nature is immaterial if actual useful data/computations can't be performed by the network.
Ethereum's chain is about a terabyte and the total compute power is less than a single raspberry pi. So you can't store a meaningful amount of data on it without insane fees nor can you do much in the way of processing. This means anything interesting exists off-chain.
If interesting things exist off-chain...there's not much utility in having a blockchain at all. It's just a slow expensive ledger with no off-chain authority. Even if a transaction points to some content addressing P2P resource (IPFS etc), that content only exists while someone is hosting it from some machine(s) somewhere. When it stops being pinned (or conceptual equivalent) the record on the blockchain is worthless.
Seeding focuses on recent or popular content with a particular preference for popular recent content. Seeding is a LRU model so does not reliably serve long tail content. The age or popularity of content is not necessarily a measure of its value.
Not to suggest blockchains don't have a role in a decentralized internet, but on the other hand aren't there a lot of decentralized resources, made or to be made, that don't require crypto or blockchain at all?
I think this is where some of the confusion and skepticism comes from. Often in W3 discussions there seems to be a push to find a way to use crypto rather than an explanation of a resource, period. If a decentralized product includes blockchain or crypto, I'm immediately skeptical and expect a good explanation for why the product can't exist without it. Usually it seems like the product doesn't need it or could be built on some other option.
I'm all for decentralized and federated solutions, but they do tend to be slower and more resource-intensive. Blockchain most of all.
> but on the other hand aren't there a lot of decentralized resources, made or to be made, that don't require crypto or blockchain at all?
Absolutely. In the project I linked to, I'm using DHT and torrent protocols to deliver decentralization.
That said, we run into an issue in a decentralized system called Zooko's trilemma [1] when it comes to naming. Names need to be human readable, secure and decentralized. Using public keys, this isn't made possible.
> Often in W3 discussions there seems to be a push to find a way to use crypto rather than an explanation of a resource, period. If a decentralized product includes blockchain or crypto, I'm immediately skeptical and expect a good explanation for why the product can't exist without it. Usually it seems like the product doesn't need it or could be built on some other option.
In the case here, I opted to use the handshake naming protocol. Handshake's use case makes sense as decentralized networks are subject to sybil attack [1], so a free for all naming system doesn't make sense. Handshake is one of the blockchain projects I admire specifically because the blockchain project solves a problem that has limited the success of decentralized systems until now, and the purpose of the coin is to limit the ability for an attacker to take over all the names.
> I'm all for decentralized and federated solutions, but they do tend to be slower and more resource-intensive. Blockchain most of all.
I think this depends on the functionality. In the case of the handshake blockchain, lookups are faster since data is local. On the other hand, you're absolutely right as DHT is very laggy.
[2] "A Sybil attack is defined as a small number of entities counterfeiting multiple peer identities so as to compromise a disproportionate share of the system."
Just that one part? Or everything? I’m not quite sure how Handshake is generating balance in the first place, beyond a lot of mentions of coins and exchange tickers.
I know I'm a few days late to this reply, but Handshake is a Proof of Work system like Bitcoin. You generate balances by mining it using a powerful computing device.
You can pay seedbox services for hosting as well, but information the swarm cares about will continue to exist in the swarm. That being said, I think Sia/Skynet is a beautiful project and recommend everyone to check it out as well. I also saw a few other great projects listed in this thread which all sound fascinating.
This is a Hacker project to explore improved ways of doing things with the new primitives of our collective technology base. In this case, owning your own identity with a decentralized identity system.
I think marketing posts are better suited for another forum, no?