#16 Ideas for additional proofs

Open
opened 2 months ago by Supernova · 14 comments

I am really liking this project. Some additional proofs that would be nice to have:

Codeberg!!
Matrix
Keybase (possibly using your username.keybase.pub web space)
Telegram
Threema ID
LinkedIn

I am really liking this project. Some additional proofs that would be nice to have: Codeberg!! Matrix Keybase (possibly using your username.keybase.pub web space) Telegram Threema ID LinkedIn
yarmo added the
enhancement
label 2 months ago

Is it possible to add proofs of Pixelfed accounts?

Pixelfed uses a API similar to Mastodon: https://docs.pixelfed.org/technical-documentation/api-v1.html

Using the API to retrieve my profile as example:

curl -H "Accept:application/json" https://pixelfed.social/emanuel | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1793    0  1793    0     0   6543      0 --:--:-- --:--:-- --:--:--  6543
{
  "@context": [
    "https://www.w3.org/ns/activitystreams",
    "https://w3id.org/security/v1",
    {
      "manuallyApprovesFollowers": "as:manuallyApprovesFollowers",
      "PropertyValue": "schema:PropertyValue",
      "schema": "http://schema.org#",
      "value": "schema:value"
    }
  ],
  "id": "https://pixelfed.social/users/emanuel",
  "type": "Person",
  "following": "https://pixelfed.social/users/emanuel/following",
  "followers": "https://pixelfed.social/users/emanuel/followers",
  "inbox": "https://pixelfed.social/users/emanuel/inbox",
  "outbox": "https://pixelfed.social/users/emanuel/outbox",
  "preferredUsername": "emanuel",
  "name": "Emanuel Pina",
  "summary": "I'm a pediatric nurse by ☀️ and 🌙, ☕ lover and a 🐕 owner for life.\n\nI'm a motorsport fan (#f1, #wec, #imsa...) and I do some #simracing on #iracing 🏁\n\nThere're days (less than it should) when I take some time to #cycling 🚴‍♂️",
  "url": "https://pixelfed.social/emanuel",
  "manuallyApprovesFollowers": false,
  "publicKey": {
    "id": "https://pixelfed.social/users/emanuel#main-key",
    "owner": "https://pixelfed.social/users/emanuel",
    "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJnHiJw4+Wr/ehVTHFk9\nNX6PbXjEKaoqBKbJRZrnyzEwwlXiCJ992kJ8RrpTJyKWF/y723Yu0J13FwWOy30n\nrP+FGEjYQ+timXSOrBSwILyV/ApychA5W5N5FMt6wNyfuqceWlOsnn3cuS/mZsWD\njydX+gsYy9XEuEu+fn4no5+f55jYn2tVxMLMbODxUn9XMIQB0z3RuC+n34CSCt3Z\nhWz5k89iJ1Apq210Wgayig0Xh6OZLsAJ9VxGtHHLgoBre/EM/vF3dSgaJvw9ys0Z\nVBLj4vNiRTRoz1sDK0kWeBIoZcf7bPEnC6hzyJkrv8LcdAV5jo4wWfnTKlWTtOKi\nHQIDAQAB\n-----END PUBLIC KEY-----\n"
  },
  "icon": {
    "type": "Image",
    "mediaType": "image/jpeg",
    "url": "https://pixelfed.social/storage/avatars/007/587/328/082/484/019/2/hTjaFNVMsSIFk7OyMBd6_avatar.jpeg?v=2"
  }
}
Is it possible to add proofs of Pixelfed accounts? Pixelfed uses a API similar to Mastodon: https://docs.pixelfed.org/technical-documentation/api-v1.html Using the API to retrieve my profile as example: ``` curl -H "Accept:application/json" https://pixelfed.social/emanuel | jq % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1793 0 1793 0 0 6543 0 --:--:-- --:--:-- --:--:-- 6543 { "@context": [ "https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1", { "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", "PropertyValue": "schema:PropertyValue", "schema": "http://schema.org#", "value": "schema:value" } ], "id": "https://pixelfed.social/users/emanuel", "type": "Person", "following": "https://pixelfed.social/users/emanuel/following", "followers": "https://pixelfed.social/users/emanuel/followers", "inbox": "https://pixelfed.social/users/emanuel/inbox", "outbox": "https://pixelfed.social/users/emanuel/outbox", "preferredUsername": "emanuel", "name": "Emanuel Pina", "summary": "I'm a pediatric nurse by ☀️ and 🌙, ☕ lover and a 🐕 owner for life.\n\nI'm a motorsport fan (#f1, #wec, #imsa...) and I do some #simracing on #iracing 🏁\n\nThere're days (less than it should) when I take some time to #cycling 🚴‍♂️", "url": "https://pixelfed.social/emanuel", "manuallyApprovesFollowers": false, "publicKey": { "id": "https://pixelfed.social/users/emanuel#main-key", "owner": "https://pixelfed.social/users/emanuel", "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJnHiJw4+Wr/ehVTHFk9\nNX6PbXjEKaoqBKbJRZrnyzEwwlXiCJ992kJ8RrpTJyKWF/y723Yu0J13FwWOy30n\nrP+FGEjYQ+timXSOrBSwILyV/ApychA5W5N5FMt6wNyfuqceWlOsnn3cuS/mZsWD\njydX+gsYy9XEuEu+fn4no5+f55jYn2tVxMLMbODxUn9XMIQB0z3RuC+n34CSCt3Z\nhWz5k89iJ1Apq210Wgayig0Xh6OZLsAJ9VxGtHHLgoBre/EM/vF3dSgaJvw9ys0Z\nVBLj4vNiRTRoz1sDK0kWeBIoZcf7bPEnC6hzyJkrv8LcdAV5jo4wWfnTKlWTtOKi\nHQIDAQAB\n-----END PUBLIC KEY-----\n" }, "icon": { "type": "Image", "mediaType": "image/jpeg", "url": "https://pixelfed.social/storage/avatars/007/587/328/082/484/019/2/hTjaFNVMsSIFk7OyMBd6_avatar.jpeg?v=2" } } ```

Is it possible to add proofs of Pixelfed accounts?

@emanuelpina Pixelfed is a bit tricky since Mastodon has a an array called attachments which stores some values you want to share with other people. That is how Mastodon account’s are verified (you sat and OpenPGP attachment with the fingerprint). Pixelfed doesn’t have that feature, only summary which has limited number of bytes that can be stored. We could reach out to Pixelfed maintainer to add this feature.

> Is it possible to add proofs of Pixelfed accounts? @emanuelpina Pixelfed is a bit tricky since Mastodon has a an array called `attachments` which stores some values you want to share with other people. That is how Mastodon account's are verified (you sat and OpenPGP attachment with the fingerprint). Pixelfed doesn't have that feature, only summary which has limited number of bytes that can be stored. We could reach out to Pixelfed maintainer to add this feature.
avalos commented 1 month ago

Codeberg is basically Gitea, right?

Codeberg is basically Gitea, right?

@avalos correct. Gitea and also GitLab have been added already. You can check out the guides on the website.

@avalos correct. Gitea and also GitLab have been added already. You can check out the guides on the website.

@dusansimic You should beable to do a search on pixel feed for a post with a specific content, something like how keybase validates mastodon.

@dusansimic You should beable to do a search on pixel feed for a post with a specific content, something like how keybase validates mastodon.

Is it possible as with Keybase, that with Mastodon the field OpenPGP is confirmed with a green check mark or is this rather a point that I should add to the Mastodon project?

Is it possible as with Keybase, that with Mastodon the field OpenPGP is confirmed with a green check mark or is this rather a point that I should add to the Mastodon project?

You should beable to do a search on pixel feed for a post with a specific content, something like how keybase validates mastodon.

@yisraeldov While that is a perfectly valid solution I personally don’t like that I would have to post a photo with a description that contains the fingerprint. That could be implemented but since Pixelfed is part of fediverse and it could be validated the same way mastodon is verified, I belive this feature should be handled on Pixelfed side if the maintainer is okay with that. Just a simple textbox where user can set the fingerprint will be great.

> You should beable to do a search on pixel feed for a post with a specific content, something like how keybase validates mastodon. @yisraeldov While that is a perfectly valid solution I personally don't like that I would have to post a photo with a description that contains the fingerprint. That could be implemented but since Pixelfed is part of fediverse and it could be validated the same way mastodon is verified, I belive this feature should be handled on Pixelfed side if the maintainer is okay with that. Just a simple textbox where user can set the fingerprint will be great.

Is it possible as with Keybase, that with Mastodon the field OpenPGP is confirmed with a green check mark or is this rather a point that I should add to the Mastodon project?

@KubikPixel right now, I think that feature is not supported but it could be easily done since we already have access to the instace url and username if user want’s to verify mastodon account. That being said, you wont be able to use fingerprint as an OpenPGP attribute, rather the keyoxide url to your profile because mastodon required a url so an attribute can be verified. See my profile as an example.

@yarmo this is a feature that could be implemented if you’re interested.

> Is it possible as with Keybase, that with Mastodon the field OpenPGP is confirmed with a green check mark or is this rather a point that I should add to the Mastodon project? @KubikPixel right now, I think that feature is not supported but it could be easily done since we already have access to the instace url and username if user want's to verify mastodon account. That being said, you wont be able to use fingerprint as an OpenPGP attribute, rather the keyoxide url to your profile because mastodon required a url so an attribute can be verified. See [my profile](https://mastodon.technology/@dusansimic) as an example. @yarmo this is a feature that could be implemented if you're interested.

Is it possible as with Keybase, that with Mastodon the field OpenPGP is confirmed with a green check mark or is this rather a point that I should add to the Mastodon project?

I mren this with Keyoxide the same way as Keybase on Mastadon (not Pixafeed).

>Is it possible as with Keybase, that with Mastodon the field OpenPGP is confirmed with a green check mark or is this rather a point that I should add to the Mastodon project? I mren this with [Keyoxide](https://keyoxide.org) the same way as Keybase on Mastadon (not Pixafeed).

@KubikPixel that is exactly what I’m talking about. The feature you’re talking about is not implemented yet but it could be. However, you wont set the fingerprint as an attribute rather the url to your keyoxide profile.

Meaning, you wont set OpenPGP to be ae8e46cd64ec9d68382bf21ebb1768f4534593c0. You’ll set it to be https://keyoxide.org/ae8e46cd64ec9d68382bf21ebb1768f4534593c0.

I’ll open a separate issue for this feature since it a fair idea that could be implemeneted.

@KubikPixel that is exactly what I'm talking about. The feature you're talking about is not implemented yet but it could be. However, you wont set the fingerprint as an attribute rather the url to your keyoxide profile. Meaning, you wont set OpenPGP to be `ae8e46cd64ec9d68382bf21ebb1768f4534593c0`. You'll set it to be https://keyoxide.org/ae8e46cd64ec9d68382bf21ebb1768f4534593c0. I'll open a separate issue for this feature since it a fair idea that could be implemeneted.

@dusansimic I see we talk in a circle but yes why not a Link to Keyoxide as a verification. I think this is fine and peoples see on the Keyoxide site the OpenPGP key and its proov but the atzribute name must in my opinion Keyoxide.

@dusansimic I see we talk in a circle but yes why not a Link to Keyoxide as a verification. I think this is fine and peoples see on the Keyoxide site the OpenPGP key and its proov but the `atzribute` name must in my opinion Keyoxide.
yarmo commented 1 month ago
Owner

It is now possible to verify a Mastodon proof using only the URL to a Mastodon account. See yarmo@fosstodon.org.

As for getting that link in my Mastodon account green and verified, what we need is to render the Keyoxide profile page on the server instead of in the browser. The proof verification can still happen in the browser! It’s just the initial rendering of all proofs (with a “waiting for verification...” message) needs to happen on the server.

I’m already working on this.

It is now possible to verify a Mastodon proof using only the URL to a Mastodon account. See [yarmo@fosstodon.org](https://fosstodon.org/@yarmo). As for getting that link in my Mastodon account green and verified, what we need is to render the Keyoxide profile page on the server instead of in the browser. The proof verification can still happen in the browser! It's just the initial rendering of all proofs (with a "waiting for verification..." message) needs to happen on the server. I'm already working on this.
wiktor commented 3 weeks ago

Actually Keybase verification is quite straightforward as they have an API (that is even CORS-ready!): https://keybase.io/_/api/1.0/user/lookup.json?usernames=chris

Just check out them[0].public_keys.primary.key_fingerprint if it matches then it’s the same user :)

Actually Keybase verification is quite straightforward as they have an API (that is even CORS-ready!): https://keybase.io/_/api/1.0/user/lookup.json?usernames=chris Just check out `them[0].public_keys.primary.key_fingerprint` if it matches then it's the same user :)
wiktor commented 3 weeks ago

@KubikPixel, @dusansimic, do note that Keybase has special treatment in Mastodon as it prints just username (not full link) and the verification is special cased in Mastodon.

I think it would be a good idea if Mastodon supported Keyoxide natively too - it’s more decentralized and true to the open nature. If you think it’s a good idea too you could vote / comment in here: https://github.com/tootsuite/mastodon/issues/14770 (haha, just noted that it’s you @KubikPixel that created the issue :D )

@KubikPixel, @dusansimic, do note that Keybase has special treatment in Mastodon as it prints just username (not full link) and the verification is special cased in Mastodon. I think it would be a good idea if Mastodon supported Keyoxide natively too - it's more decentralized and true to the open nature. If you think it's a good idea too you could vote / comment in here: https://github.com/tootsuite/mastodon/issues/14770 (haha, just noted that it's you @KubikPixel that created the issue :D )
Sign in to join this conversation.
No Milestone
No Assignees
8 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.