Preventing hostile labelling in PKI-backed Identity schemes

[b5]

A discussion on bluesky pointed out a very real concern of being able to construct hostile denoymimizing lists from any service built from public key infrastructure (PKI)

@cdata had a nice response on discord:

On the one hand, you cannot stop a bad actor from compiling a list of humans and categorizing them in a way that is slanderous or otherwise intended with ill will. On the other hand, this kind of list becomes a problem as it achieves a critical mass of distributed copies and coordinated groups of humans start to make important decisions based on the contents. There is a balancing act here. You want to enable and encourage users to rely on their own labels, or the labels of their close social group. And, you want to discourage the use of these labels in ways that cut across the network and are dissociated from specific users' moderation goals. In the end, we will face this same challenge in deciding how moderation ought to work. There are aspects of our design that give us an advantage on the margins, but we will have to tread carefully if we want to avoid the worst outcomes that seem likely with Bluesky's suggested approach.

So, this isn't a thing to tackle any time soon, but a thing to think about.

But maybe we need to think about salting identity hashes with shared forward-secrecy? I'm imagining something like the WNFS skip ratchet or a BEP32 Hierarchical deterministic wallet. I could share that with friends so they'd know the next form of my identity. This might be far too complicated to be practical. Not sure.

Either way, it would be great to keep an eye on this issue moving forward, and try to identify a practical solution if it becomes too big

[cdata]

This is a really interesting idea. Just to link in some background context: we intend to implement two layers of privacy. One is totally public, and the other is private-but-shared with up to N>=0 peers. Some additional notes here: https://github.com/subconsciousnetwork/noosphere/issues/13

We're actually planning to implement private WNFS as an experiment after we cross the Subconscious closed beta milestone. And with that in mind, the properties we seek may be conceived as a layer above WNFS.

Regardless, it's really interesting to think of labels as public-among-my-peers but private to everyone else. It is resonant with how we have conceived of the social graph side of Noosphere, which we hope will privilege close proximity / high value social edges (e.g., mutuals) over distant, dissociated identities.