Oddbean new post about | logout
Vitor Pamplona | 5 months ago (raw) | export | reply | flag +13 
 What's better to detect impersonators? 

Private names: you can change everybody's name to something only you know. You will need to remember the name you like to use. (Like using "Mom" instead of your mom's first name)

Minidenticons: an additional icon that is assembled from the user's pubkey. A different pubkey will be a different icon. You will need to remember the icon associated with each key.

https://private-user-images.githubusercontent.com/33088785/335626312-a6b10871-3c28-4e23-b3a4-f95274d87b77.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTcxODAxMTIsIm5iZiI6MTcxNzE3OTgxMiwicGF0aCI6Ii8zMzA4ODc4NS8zMzU2MjYzMTItYTZiMTA4NzEtM2MyOC00ZTIzLWIzYTQtZjk1Mjc0ZDg3Yjc3LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MzElMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTMxVDE4MjMzMlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWQ3MWJkYTk5NzY5NDA3YzhjMzg2NTgzMDVmYTBjMzQ2ZjE4ZmZhNWEwOWYwY2JhZTE3YWMwMzRiYTc5ZDk5ZGEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.ewNo3cfDzNhuzzGNVXEdJfFERGkrMZMR0ntvPmRTq7w
Uno | 5 months ago (raw) | root | parent | reply | flag 
 Second
7fqx | 5 months ago (raw) | root | parent | reply | flag 
 Nostrudel uses colour coded outline thing generated from a hex within the npub. I think that is sorta a good system, if you began to associate an account with their colour outline on the avatar 🤔
7fqx | 5 months ago (raw) | root | parent | reply | flag 
 But yeah the minithingum is similar to this.


Also what's with this huge private image URL??
Vitor Pamplona | 5 months ago (raw) | root | parent | reply | flag 
 > Also what's with this huge private image URL??

Some servers require to paste the secret together with the URL. Large URLs are super common in many media servers.
7fqx | 5 months ago (raw) | root | parent | reply | flag 
 Ah got it got it🫡, I thought it was meant to be an image or something and I missed an amethyst update
Vitor Pamplona | 5 months ago (raw) | root | parent | reply | flag 
 Ahh fuck. It is an image, but the server crashed :(
Vitor Pamplona | 5 months ago (raw) | root | parent | reply | flag 
 So much for decentralized stack..
Vitor Pamplona | 5 months ago (raw) | root | parent | reply | flag 
 hum.. I don't see the outline overthere...
7fqx | 5 months ago (raw) | root | parent | reply | flag 
 You're right I don't see it now either. Maybe it was an experimental thing or removed for some reason? 🤔 @hzrd149

Don't think I dreamt it lol
sefiro | 5 months ago (raw) | root | parent | reply | flag 
 The colour outlines are only in the "next"-version of nostrudel
https://next.nostrudel.ninja
Vitor Pamplona | 5 months ago (raw) | root | parent | reply | flag 
 ohh I see, but in theory the imperonator could just add the color around their picture, right? There should be a difference in size, but I think most people won't notice it.

We had a similar issue when we did circular borders last year :(
IT | 5 months ago (raw) | root | parent | reply | flag 
 Private names because only half the people can remember more than a dozen icons... eventually it'll get too confusing.  It's easier to treat it like phone contacts.
nostr:nevent1qqsyayndkd8x2zmltfxm8up5dlce63ucg47grsskwz9cax86zae5whspr3mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmqzyprqcf0xst760qet2tglytfay2e3wmvh9asdehpjztkceyh0s5r9cqcyqqqqqqgwygfn9
sparky | 5 months ago (raw) | root | parent | reply | flag 
 minidenticons 🍻
VampireMJ | 5 months ago (raw) | root | parent | reply | flag 
 Nice!

Proof of work in social media could help too. If it's like 21 sats for each post/reply, it will become uneconomical to do so at scale.🤔
Vitor Pamplona | 5 months ago (raw) | root | parent | reply | flag 
 Nah... impersonators can easily pay to get much more proof of work done than any user would ever do.
VampireMJ | 5 months ago (raw) | root | parent | reply | flag 
 Not at scale and it would be on top of the other tools that you mentioned.
IngwiePhoenix | 5 months ago (raw) | root | parent | reply | flag 
 Primal doesn't want to show the image for whatever reason x.x
Anyway, I like the latter idea. Visual cues are good.
someone | 5 months ago (raw) | root | parent | reply | flag 
 a zero wot with same name can be turned to a warning sign.
Stirling Forge | 5 months ago (raw) | root | parent | reply | flag 
 Private names, with the hug shield icon for following that we have rn.

I just think the biggest thing is to have some sort of onboarding flow that tells users what little things like that actually mean
plor | 5 months ago (raw) | root | parent | reply | flag 
 The minidenticons are an interesting idea, but in practice I've not seen them used where I actually remember what someone's image is, so they just clutter up the profile. Perhaps this time will be different?
hodlbod | 5 months ago (raw) | root | parent | reply | flag 
 Yeah, identicons are a dead end
mleku | 5 months ago (raw) | root | parent | reply | flag 
 Pubkey colours are the way
hodlbod | 5 months ago (raw) | root | parent | reply | flag 
 Those are poor man's identicons
mleku | 5 months ago (raw) | root | parent | reply | flag 
 Simple and hard to fake. I know it takes ~5 days to spoof them
Dawn | 5 months ago (raw) | root | parent | reply | flag 
 I'm a fan of #1 because it offers extended utility aside from impersonator detection.
Scott | 5 months ago (raw) | root | parent | reply | flag 
 The latter.
Brisket | 5 months ago (raw) | root | parent | reply | flag 
 I like & don't like the nickname approach. It leads to unintentional doxing if an nsec/phone is compromised. It's also very convenient.

I'd prefer to be able to pull previous profile changes/updates. I know old notes get pruned/deleted but that can be mitigated by running your own relay.
dtonon | 5 months ago (raw) | root | parent | reply | flag 
 Minidenticons are complex to manage at UI level, they clutter up the profile, imo.

WoT (first) + pet names are a good enough solution.

Another quite easy solution is to add an index (it could also be a component of the WoT, @hodlbod?) that counts previous interactions (replies , reactions, zap) that you actively had with an user. This prove immediately that you are facing the real one.
hodlbod | 5 months ago (raw) | root | parent | reply | flag 
 Yeah, follows are just scratching the surface of emergent WoT
atyh | 5 months ago (raw) | root | parent | reply | flag +1 
 emergent WoT.
it sounds like a creature with 74 arms coming out of a swamp
hodlbod | 5 months ago (raw) | root | parent | reply | flag 
 But nice
atyh | 5 months ago (raw) | root | parent | reply | flag 
 “hero, I am WoT”
frphank | 5 months ago (raw) | root | parent | reply | flag 
 We've already discussed pet names no need to confuse things by calling it yet something different.

Also: "Minidenticons". Lol wtf.
JohnyDoor | 5 months ago (raw) | root | parent | reply | flag 
 I always have profile images disabled in Amethyst. It helped me a lot to detect impersonators.
Diacone Frost | 5 months ago (raw) | root | parent | reply | flag 
 I don't care much about npubs I don't already follow. So the "following" icon is good enough. First thing I do before I follow someone is searching for the name. Scammers usually have multiple same npubs.

May be something like a fingerprint of profile data anybody can have the same and show a warning that multiple npubs try to look the same?