My Quick Attempt at Bluesky's Satellite Challenge
Twitter’s Bluesky initiative created a little challenge where the goal was to verifiably link different digital identities together. This is my attempt at this.
I’ve create an Ed25519 public key (which can be used with my little tool eddo):
I’ve signed the following document, verbatim:
This is Cronokirby. My twitter is https://twitter.com/cronokirby. My website is https://cronokirby.com.
resulting in the following signature:
I assume that they’re two potential anchor points upon which people might base my “online identity”. The first is this website, and the second is my Twitter. With my website, I assume that people will trust that the content published on this domain was actually written by me. Thus, my endorsement of a public key presumably means that I have ownership of it, and that they can associate it with this website. By linking my Twitter, and signing it, I also prove that I have the associated private key, and that this key has been used to attest to my Twitter.
For those who base themselves of off Twitter, I posted a tweet with the same message and signature. Once again, by posting the public key on Twitter, my followers there will associate that public key with me, and will also be satisfied that I have the private key, because of the signed message.
The linkage is further reinforced by the message being signed, which links the key to the two other identities.
One major shortcoming is that nothing ties this to my offline identity. For this, I could also include a dated picture, which combines some personal object with the text of the public key. For example, I could take a picture of this week’s “The Economist”, alongside one of my notebooks, wherein I’ve written down the public key I want to associate myself with. People that know me may recognize my hand-writing, or that I’ve used a particular notebook before. You could further reinforce this by including something like a signed book someone gave me, which would convince them in particular, or a government ID, which would convince even more people.
Another shortcoming is that I could very-well have been coerced into doing all of this, or perhaps both my website and my Twitter were hacked at the same time. For this to happen, both my Github account and my Twitter would need to be compromised at the same time. This would also involve compromising my phone, which acts as a second factor for both of these.