I’ve been looking a lot at the GPG/PGP web of trust today and wanted to look into what you guys thought about it.
For those of you who don’t know what the web of trust is, here’s a video for you to take a look at it https://www.youtube.com/watch?v=H5-lipH1KwQ
Basically I want to see about implementing a strong encrypted web of trust for verifying accounts on Diaspora* and other decentralized social media platforms such as Mastodon and the like.
To start this, I’d like to look into using KeyBase. As you’ll see in my profile, I use keybase for encrypted communication. This platform allows you to strongly verify that your online identities (twitter, facebook, github, dns websites and hardware devices) all belong to the same person. What it doesn’t do is validate that you actually are who you say you are, for that, you need to implement a third party Web of Trust system and if you can reach lvl 5, then you can 100% without doubt validate that you are absolutely who you say you are, and because you’d use your keybase pgp key to do this signing, you also verify each of their identities are who you say you are.
This helps prevent online accounts from pretending to be someone else, as the key essentially validates your exact identity. The only danger then is if someone somehow obtains your private key (so therefore protect that son of a gun as well as you can).
I like the idea of creating a web of trust in general, but outside of businesses and organizations, there’s really no need for a web of trust because you pretty much trust most people you know personally anyway, at least, you trust they are who they claim to be. Since the other social media platforms are extremely liberal and hold control over their verification systems for advertisement and promotional purposes. Here, we have the ability to make such a system much more open and secure, but it requires a bit of actual work. Getting a lvl 5 pgp web of trust keysigning can be a royal pain in the ass, but in the end I think it’s worth it, and, the bigger and wider this web of trust goes, the easier it is on everyone to join into it.
I’d like to get this ball rolling, I need to learn more about the whole process myself, but if I can, would anyone want to join me in this project? And on that note, I’d like to make a feature request of allowing pod owners to verify someone’s web of trust and therefore give them a ‘Verified’ symbol on their account.