search

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
900 stars 37 forks source link

Twitter integration, using a QR code on an image for proof #485

Open smarkwell opened 10 years ago

smarkwell commented 10 years ago

Instead of storing a hash of the proof on twitter, it should be possible to upload a qr photo to a tweet as a way to make the proof entirely self contained. Large size qr can hold up to around 2900 bytes of data, enough for the pgp proof blob.

smarkwell commented 10 years ago

https://dev.twitter.com/docs/api/1.1/post/statuses/update_with_media

zQueal commented 10 years ago

Looks to be entirely possible. Not very useful, though.

Example

Generated by Google Chart API using my twitter proving hash.

It would seem that the plain text would have to be generated by the keybase command line client (or can be automatically generated using the website), the user will then have to paste the URL into a browser, go to twitter, and tweet the image. After that, it's a crap shoot--there really isn't a very intelligent way to scan a twitter feed for a specific image; and uploading an image with twitter returns a random pic.twitter.com URL.

I'd say it's be insanely difficult and convoluted to implement and would definitely not be worth the trouble.

smarkwell commented 10 years ago

The text of the tweet could contain the meta data to search upon to find the proof, with just the proof contained in the QR code. That at least covers the regex process that currently happens.

For the initial creation of the tweet, keybase could authorize itself as a twitter application in the user's context and then post the tweet and proof on their behalf. This would solve the user experience issue, while giving other implementations a clear pattern to follow.

Of course this approach requires significant development effort with the primary gain being allowing other implementations to create similar proofs without involving the keybase system.

zQueal commented 10 years ago 
For the initial creation of the tweet, keybase could authorize itself as a twitter application in the user's context and then post the tweet and proof on their behalf.

That'd be sweeeet!

I'm sure the devs wouldn't mind the effort as long as it streamlined the process and made things easier for the users in the long run, so I wouldn't worry too much about that.

bgpugh commented 10 years ago

One downside(/upside) is that signing in using OAuth gives access to posting/reading private posts. While this is a blessing for those with the private accounts not needing to go public to use keybase, it means that their verification is no longer publicly verifiable…

Neither is right or wrong, but it'd be a tradeoff