Pubky allows you to prove "what's yours" based on the homeserver you control (tied to your ID). This gets around the problem of events forever out there that are signed by you but that didn't in fact come from you, which can happen on nostr if you expose your nsec, leave your laptop around, etc.
Discussion
I kind of like how I can just delete or edit any post of mine in Pubky anytime. It makes me the real authority on my data.
People have been arguing about IP law lately, and I think this is a good primitive to discuss any remotely rational alternative to the current system.
If I am the authority on my data, it means that any version of it that is copied can be strictly identified as such. You could even establish provenance in deep ways with tagging, social graph, and some sort of signing/stamping or structured data trie or such.
We can add versioning, tree-based data structures, and even per-event signing like Nostr if we want, but for now, it feels nice being in control, even when I am trusting a homeserver.
I wonder if per-event signing like Nostr might even be a net negative? Homeserver as source of truth sounds balanced for meāevents flying around the indexer or however that works I think maybe I'd rather not be signed, that gives plausible deniability when needed and plausible deniability can be very useful. On the flip slide, if someone is suspicious and does want to verify an indexed event of mine then just have a look at my homeserver, not so hard.
We did not include signing all data for a reason. It doesn't actually fix anything.
Some of the problems people quote to justify signing everything are only theoretical problems (you never hear about trusted servers mutating data really,, despite it being possible). And all of the problems signing introduces are ignored.
If you want attestation or proofs there are better ways to do it either incidentally or inherently with tree structures.
I'd rather have a mirror/watchtower than a bunch of floating signed messages inconsistently available across relays.
Yeah I'm open to that argument. Confidence is a lowest common denominator; if you're confident data is being signed but not not confident it's being made locatable and available then stands to reason you're not confident overall and would still need some fallback anyway.
That's a soft definition of "proof", and it makes censoring one person as easy as pwning their home server or messing with their ISP
I dunno what to tell you, that's just flat-out factually wrong. Read all the articles in this blog, you'll soon figure out why what you said results from a fundamental misunderstanding of how things *actually* work.
I'm happy to engage with arguments, but "go read all these things" is some else's homework.
If the definition of "what you have said" is the contents of a computer, then:
- Your ISP can remove you from the network
- Anyone else's ISP can remove you from their network
- Your server dying will remove you from the network
- Malware or a hack can arbitrarily change what you have "said"
There is no censorship resistance in this