1. 27
  1. 14

    Why would someone go to the trouble of using a decentralized, federated, open source service to hand over control of their identity to a centralized, irreproducable service? (AFAIK I can’t spin up my own keybase instance)

    I can understand doing this on something centralized, like say, twitter. But it seems… weird.

    1. 3

      I’m thinking, maybe this could be seen as something similar to the “verified” accounts on twitter?

      1. 6

        I might not be clear on this, so let me try again.

        Mastodon is a decentralized, federated, open source service that people can self-host. It’s not a central gatekeeper. It’s part of the fediverse, a federated, decentralized social media network with many different tools available from pleroma to honk to pixelfed. The whole point of these networks is that they’re (due to their decentralized nature) censorship resistant, not focused on engagement and have no real single point of failure.

        Keybase is a company that maintains a single instance of their service. If your identity is hooked into their service, you are handing control of your identity verification to them. The fediverse is the free and open web. Keybase is a proprietary walled garden. To keybase’s credit, the garden walls are fairly low, but they control their height. They do not belong in a position of control within the fediverse, and adding a single point of failure to it seems counterproductive.

        Handing identity verification for members of decentralized services to a centralized one reduces or removes elements of that decentralization and concentrates power in the hands of a corporate entity instead of the commons.

        I could be missing something here. I could be completely wrong about this, I often am.

        1. 4

          I might not understand Mastodon well enough (not really using it), it’s just that it’s not clear to me how is anything “handed over” here. Was there some other identity verification feature in Mastodon before, that is now removed? Are the non-keybase-verified users of Mastodon now more limited in what they can do in some way? Is the Mastodon client now unable to add any other identity verification features in future?

          Or is your claim a social one, that after the keybase integration, people will not want to use non-verified accounts anymore? or talk to non-verified accounts?

          Or is it kinda that it’s “not really adding value”, because if keybase servers break/become evil, the keybase identity verification can’t be trusted anymore from that point on? If yes, then does it hurt something? I don’t understand.

          Please note I sincerely mean I don’t understand in those points. I get that keybase is centralized, and Mastodon is not. I just don’t see how the integration could in any way hurt the fediverse, and am curious to understand.

          1. 7

            Sure, and thanks for bringing this up as it causes me to question my own motivations and thoughts around this.

            The fediverse is a refuge from toxic corproate social media. There’s a huge representation of marginalized and otherwise persecuted groups on there, because it’s been seeded mainly by subcultures that aren’t as welcome on the major platforms.

            The integration of a closed-source centralized service that openly talks about limiting it’s integration (see “Are there sites you won’t link to?”) is a concern because it’s a corporation coming into a public space, but attempting to restrict use (as corporations are often legally or commercially required to do).

            For example, many sex workers on switter.at are being targeted through FOSTA/SESTA. If Keybase verification on Mastodon takes off, would this mean sex workers on switter could be further marginalized in the way other fediverse users are not? Maybe, maybe not, I don’t know. These are questions that centralized services don’t generally consider, but should be considered within the context of the fediverse.

            When corporations interact with the commons, things tend to favour the corporations over the commons. Good examples of this are Couchsurfing/AirBNB, Google’s embrace, extend and extinguish approach to Jabber and (again) Google’s screwing over of Firefox. When that happens it’s the marginalized that suffer the most. I think that’s where my resistance to corporate closed services integrating with the fediverse comes from.

            1. 5

              If Keybase verification on Mastodon takes off, would this mean sex workers on switter could be further marginalized in the way other fediverse users are not?

              It’s interesting that you bring this matter as it was suggested on HN that “pr0n sites or ad sites” would not be welcome.

              1. 3

                This definitely gave me pause when I was originally reading this article. If having keybase verification becomes something that fediverse-users actually expect, then that is bad for anyone who is socially or politically unacceptable in ways Keybase cares (or can be made to care) about.

          2. 2

            You already can “verify” yourself if you have a Web site by linking to your Mastodon profile with a rel="me" attribute in the hyperlink. No Keybase required.

          3. 1

            Just because there is nothing like that (identity service that connects social accounts) that is decentralized. I guess people like having a profile page with all their social accounts listed.

          4. 7

            For everyone (as long as keybase accepts you, which they won’t do for small instances and anything sexual).

            Mastodon (and Pleroma) already supports the rel=me mechanism, which can be used for similar identity proofs.

            1. 2

              as long as keybase accepts you, which they won’t do for small instances and anything sexual

              I don’t see “anything sexual” mentioned anywhere in that post?

              1. 4

                I think they mean the response given on HN that’d suggest sites related to sex won’t be accepted.

                1. 2

                  “pr0n” is not the same as “anything sexual”, and “we don’t want 10k pr0n sites” is not the same as “we won’t accept anything sexual”.

                  1. 1

                    Well, I don’t know what they think are ‘pr0n’ sites or not, so maybe they’ll be lenient, but I don’t know why they restrict it at all except for brand purposes.

                    1. 1

                      My impression is – which could of course be wrong – that they would rather have 300 useful/common sites, than have 10 000 small/uncommon sites.

                      1. 3

                        Yeah, I can see why they would want that, but it’s not something I want or see as a feature.

              2. 2

                rel=me was discussed in the PR adding Keybase support. I’m not entirely convinced by Keybase people’s reasoning but that’s the context.

                Some more context - Keybase started donating to Mastodon project before the integration was merged. Source

                (By the way are you the same lain of Pleroma? I like the project, so thank you for your hard work in it 👍).

                1. 2
              3. 4

                Would be cool to add a lobste.rs integration: https://keybase.io/docs/proof_integration_guide

                1. 3

                  I kind of like the old post-based method. I understand it’s not perfect, but it’s simple/KISS, and requires no special effort to make it work on the part of the site (i.e. Facebook, GitHub, etc.)