Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
TulliusCicero 2 hours ago

> I think it's going to effectively kill public chat communities without either proof of identity or attestation through a web of trust.

I'm happy to verify my identity as an honest-to-god sack of meat if it's done in a privacy-protecting way.

That probably is where things are gonna go, in the long run. Too hard to stop bots otherwise.

jredwards an hour ago | parent | next [-]

In order to make this viable, wouldn't you have to verify identity repeatedly? What's to stop me from providing a valid identity and then handing my account over to an agent after I'm verified?

Bjartr an hour ago | parent [-]

That's why a web of trust was suggested. You keep track of who vouched for who and down weight those who vouch for users that prove to be bots. In theory at least. It's certainly more complicated than only that in practice.

ssl-3 2 minutes ago | parent [-]

If the web of trust only extends to the people who I actually know to be real, then that works -- but it's a very small web.

And by small, I mean: This whole trusted group could fit into one quiet discord channel. This doesn't seem to be big enough to be useful.

If it extends beyond that, then things get dicier: Suppose Bill trusts me, as well as those that I myself trust. Bill does this in order to make his web-of-trust something big enough to be useful.

Now, suppose I start trusting bots -- maybe incidentally, or maybe maliciously. However I do that, this means that Bill now has bots in his web of trust as well.

And remember: The whole premise here is that bots can be indistinguishable from people, so Bill has no idea that this has happened and that I have infected his web with bots.

---

It all seems kind of self-defeating, to me.

janalsncm 2 hours ago | parent | prev | next [-]

I guess it would have to be something like a service which confirms whether a person already has an account on the site but doesn’t have to track which particular account it is.

I’m not sure if that would work for account deletions though.

XorNot 2 hours ago | parent | prev | next [-]

That is effectively impossible though. There's data centers of stripped down phones, so "it's actually a phone" doesn't do it.

Citizen_Lame an hour ago | parent | prev [-]

What's stoping bots to verify identity? This will not work, especially with frequent data breaches.