orthecreedence
commented
3 years ago This is a great concern. Identity systems could effectively a godsend to people trying to track you online. I do have some thoughts about it.
With Stamp, your identity is under your control. You can effectively decide who you share your identity with and whether you do at all. Any content you publish that you sign with your identity should be assumed that it can be tied back to you.
So really it's up to you to use platforms that you trust won't leak information, OR to use throwaway identities (you can have as many identities as you like) for platforms that are shady. In other words, your identity is only tied to your content if you wish it to be, and you'll have the ultimate deciding power: should this email be signed with my identity? Should this forum post be signed by my identity? Do I sign into this website with my normal identity, or an alternative one?
Think about who has your email address, and if they were to search that email address on Google, what kind of content would come up. It's a similar idea.
I use my keys to sign an agreement with Party A (e.g. an online store, or maybe an unscrupulous porn site). Party A shares my public key to a 3rd party advertising database that says "Hey, Duane signed up for our service." Then, I visit Party B and sign an agreement (e.g. another online store). Party B does a lookup on my public key and notes what I'm interested in and sells my data to an ad network.
Yeah, entirely possible. Just like some people put on a hoodie before they walk into a porn shop on the street, you could "wear" another identity for the porn site so that Party B (and the ad company) can't tie your porn persona and your non-porn persona into the same user.
I think ultimately it's in your hands to decide who can tie your online presence to your identity(s).
As I understand it now, the Stamp Protocol has one keypair (master public key / master private key) for an identity. It seems to me that this is kind of like a supercookie, or tracker where advertisers (or worse) can associate data with me and then deduce things about me that I don't want them to. Am I thinking about this correctly?
Here is an example case: