nips icon indicating copy to clipboard operation
nips copied to clipboard

Published 20 hours ago verified publisher icon nostr-protocol

NIP-39: Explicitly state NO identity on specified platform

Open Khazbs opened this issue 1 year ago • 3 comments
trafficstars

NIP-39: Explicitly state NO identity on specified platform

NIP-39 allows a user to state their identity on another platform in their profile, which gives users of that platform a way to protect their identity on that platform.

Problem

Users who wish to disclaim any identity on another platform should also be able to protect their NON-identity on that platform by explicitly stating that any account on that platform belongs to another owner.

Example Cases

  • Somebody Else: John Smith doesn't use Twitter and wants everyone on Nostr to know that any Twitter account called John Smith is definitely somebody else;

  • Compromised Identity: Eve found and kept Alice's lost phone with her SIM in it, so Alice no longer has control over her only Telegram account;

  • Shameless Imposter: Arnold Schwarzenegger only uses Nostr, but someone claiming to be Arnold Schwarzenegger somewhere on Mastodon offers a set of very interesting photos in exchange for a measly payment of 100 Monero.

Current solutions

Two current solutions come to mind, both flawed in some way:

  • Radio Silence: To not state anything related to identity on that platform in the profile, leaving users to guess if the tag was left out intentionally or if it was just overlooked;

  • Written Notice: To publish an event explaining that you don't have an identity on that platform for everyone interested to read, leaving users who missed that event uninformed.

Proposed solution

Allow to state NO identity the same way you can already state some identity. For example, include the "platform" part of the tag, but leave the "identity" and the "proof" parts blank, like so:

{
  "tags": [
    ["i", "github:", ""],
    ["i", "twitter:", ""],
    ["i", "mastodon:", ""],
    ["i", "telegram:", ""]
  ]
}

Khazbs avatar May 31 '24 14:05 Khazbs

Interesting, have we seen this attack in the wild?

staab avatar May 31 '24 15:05 staab

@staab here's an example from another platform: https://www.washingtonpost.com/technology/2022/11/14/twitter-fake-eli-lilly/

caesar avatar Jun 28 '24 15:06 caesar

Solving that problem would involve a lot of different parts. In order for this to matter at all, I think platforms mentioned in this event would have to actively pull this event in order to invalidate impersonators on their platforms. Which they should be doing anyway by default. I have nothing against the proposal in particular, but I don't think it's the most strategic first step in preventing impersonation.

staab avatar Jun 28 '24 16:06 staab