Why can’t we have federated identity to login into fediverse instead of creating login for each instance?

  • DanTilDawn@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    This would require either a central authority for registering and managing the identities, or the path of distributed ledger, where identity is confirmed with digital signatures when transacting - the second option is what crypto is. Some type of Blockchain tech could service it but all crypto related technology is buried in bad optics right now due to the current state of it being a big mouse trap setup by venture capital to squeeze money out of people without the protections of regulation afforded by their centralized identity management (which is run by the native government that the users are a citizen of.)

      • ttmrichter@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Once someone had a technical problem. “I know,” they said. “I’ll put it on the blockchain.” Now they have a million technical problems.

    • thekinghaslost@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      1 year ago

      For identity verification, you can just do a simple key signing, just like how Nostr does it.

      Each user will generate a public-private key pair on their own device and has all their posts (and edit/delete requests) signed using their key.

      If someone wants to delete or edit their post, the site can just verify that the request is signed with the same key.

      There’s still issue of who’s going to store the user’s follows, etc. but I think we can find a way to workaround it.

      • GoodPointSir@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        That then introduces ease of use problems. You won’t be able to log in to another device without copying your key over from an already logged in device for example.

        Web browsers don’t usually allow access to local files made outside the browser, so even logging in between browsers would require having your key on hand.

        Not to mention if you lose the file containing your key (hard drive craps out, etc), you’ll lose access to your account entirely. So users would be forced to backup their keys.

        Not issues that would make the product unusable, but enough of a hindrence that 90% of users would just go find something else (like threads) to use instead.

        • iopq@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I can’t use my account on another device until I input my password, so either way I need to use a password manager. If you reuse the same password (so you can remember it for hundreds of sites instead of using a password manager), being forced into using a key instead would actually be an improvement for your security.