[Freedombox-discuss] public certifications and petnames [was: Re: FreedomBox 'bump/hi-five' challenge]

[ian at churchkey.org]

On 06/24/2011 03:58 PM, Daniel Kahn Gillmor wrote:
> On 06/24/2011 04:25 AM, John Gilmore wrote:
>> Not automatically tying a key to a self-claimed identity, nor a
>> government-issued identity, nor even a photo, will help freedom
>> fighters stay free when the government grabs somebody and tries to
>> find all their collaborators.
> 
> People can do this with a pseudonym -- there are many pseudonymous
> OpenPGP user IDs in the existing WoT.  But not everyone will use a
> pseudonym.  If you're concerned that a pseudonym might be too
> identifiable, consider that the key's fingerprint itself is unique and
> identifiable.  Better to lay claim to a persistent identity that allows
> re-keying.  If you want to ditch your pseudonym, that's just as easy as
> ditching a key (easier, in fact)

We might also want to consider that people maintain different means of
contact for different social contexts, whether that is separate email
addresses or the social network segregation that currently exists
between Facebook, LinkedIn, and Online dating sites. Whatever app we
build for this phone handshake should have some mechanism for letting
people maintain different identities and specify which one they are
generating a QR code for at any given moment.

I would /strongly/ suggest that we use something like a color scheme
and/or displaying some distinctive information for that identity
onscreen with the QR code to prevent inappropriately giving out the
wrong identity information have having business contacts end up with
your family-only identity or worse. I propose email address at the top
of the screen as the default identifying information, with the ability
to swap that out for your own local pet name if you prefer or if you are
using a pure crypto hash identity with no ties to other forms of
distinctive information.

-Ian