Replying to Avatar Crusty 👨‍💻

I have a simple stupid idea

Problem description:

Paying services in order to only make their service available for their paying customers, force you to create an account. Then they can track your movements under your account.

Solution:

Service company generates a 1 private-public keypair. It gives the public key to only those who pay. Then paying users can send a signed packet to the service to authenticate without blowing their privacy.

All paying users use the same public key.

Service can verify with private key.

At each month, they regenerate, and give it to paying customers.

What do you think?

#asknostr #nostr #grownostr #dev #code #privacy
Avatar
Richard Carback 1y ago

This is how public channels work in xx, and the main issue in your scenario is you need to trust your users not to share this key… instead you could blindly sign a cred that allows them in via a valid signature, but you could still track the now pseudonymous cred. That should fine as you have all the connection metadata which allows you to do that already.

Reply to this note

Please Login to reply.

Discussion

Avatar
Crusty 👨‍💻 1y ago

Thanks!

What I was trying to achieve is to not even have pseudonymous creds, because if it gets tainted, all actions can be related to that user.

But why couldn't they share the blindly signed cred either?

Avatar
Richard Carback 1y ago

I think 2 options, one is sharing that cred means they will lose access to it and maybe any funds or other access protected by it. The latter is to ban when you see access from the same pseudonym from different places at once.