Comment by endisneigh

4 years ago

What you’re saying is also true with web3. A bad actor’s key could be banned and a list of bad actors could be shared among sites resulting in the same thing.

In fact, if you believe in privacy at all you’d want to reject this idea for that alone.

17 comments

endisneigh

Reply
thebean11  4 years ago

Sure, multiple independent sites could individually ban you. That's a fundamentally different problem, and much much less likely.

An antidote to that would be using a different key on each site you authenticate to. You still only need to store a single key, all other keys are derived from that yet cannot be associated with their sibling keys.

> What you’re saying is also trust with web3.

Not quite sure what you mean here, web3 is a pretty overloaded term. If you mean the very concept of web3..that's pretty fundamentally different from trusting a company that can unilaterally ban you, alter your data etc. There is no such parallel in web3. If you mean the JS library, that's also fundamentally different, and it's not the only game in town.

  • endisneigh  4 years ago

    I’m not sure what your point is here - you could also create a new Google account per website or simply use an email address.

    The author advocates using third party services such as meta mask, who would need to be trusted.

    How do you implement it without any third party site.

    If we are talking about likelihood it’s unlike you’d be banned from Microsoft/Facebook/Google for no reason too.

    Furthermore as the administrator how you stop bad actors?

    • thebean11  4 years ago

      You have to trust MetaMask to some extent, like any software you run locally, but MetaMask never gains control of your keys or identities, it's just a tool for using them (obviously 99.9% of users aren't auditing the code or building from source, but that's a totally different threat model). If MetaMask stops working for you, you can use a different tool with the same keys. If Google stops working for you you cannot transfer your account to Microsoft or Facebook.

      > If we are talking about likelihood it’s unlike you’d be banned from Microsoft/Facebook/Google for no reason too.

      I've seen posts on this forum about it. It happens and there's not much you can do if it does.

      > you could also create a new Google account per website or simply use an email address.

      > Furthermore as the administrator how you stop bad actors?

      Apologies if I'm missing something, if it's easy to spin up unique identities on both what's the difference here? It seems like it would be one or the other.

      And yes you can create a new Google account per website, but you are still at Google's mercy to authenticate. My 1Password has ~250 logins, I'd be seriously worried about a ban from Google if I made 250 accounts.

      12 replies →

  • rchaud  4 years ago

    > Sure, multiple independent sites could individually ban you. That's a fundamentally different problem, and much much less likely.

    Wouldn't there be a common, shared list of malicious wallets that can be automatically blocked?

    Ublock Origin doesn't update its ad domains list itself, it relies on a number of lists that other people have created. I've never had to lift a finger ever since I installed UBO.

    • thebean11  4 years ago

      There could be, but nobody is forced to follow it. If you use my website with Google SSO and Google deletes your account, you cannot sign into my site even if I do not want to follow the banlist.