Oddbean new post about | logout
 We need some form of private badges with selective disclosure. Badges should be issued privately and the receiver gets to decide if, when and how to show it around.

Think employee access cards as badges with a selective disclosure option: show or not to show my employee number. 
 💯💯💯👍👍👍

i dont even know how to show badges or not on my profile.  i tihnk i have one but i can't see it on my profile.  no idea if anyone else can. 
 Check badges.page its the best way to do it currently.  
 Yeah, great idea! When you say selective disclosure, do you mean selectively disclosing the badge to a specific party? 
 Verifiable parts of the badge to specific parties. We can't do this on the current version of Nostr, but BBS+ signatures allow you to remove data from a signed payload and adjust the signature before sending that information forward. You could change the event to show only the bits you want to show while keeping completely verifiable with the original signer's keys. 
 Nice. 

As for publicly available verifiable information, I’ve been thinking that the kind 0 event could contain any verifiable information that needs to be public. Right now it is being used for a nostr profile but it can be easily extend to include additional metadata. Similar in nature to the DNS SOA (start of authority) record. 
 Kind 0 is hard, because its a replaceable event. Every single client has to implement Kind 0 correctly, otherwise data is lost when a client publishes the event with only the data it cares about. I think badges are better, and the data is seperated into different events signed by the issuer who is "attesting" the information is true. 
 AKAProfiles extends NIP58 events  to support adding data to badge awards. (see https://www.akaprofiles.com/docs/reference/nostr-events) To support private data, I would add "private" as an option on the "field" tag added to the Badge Definition Event. On the badge award event, for private fields,  instead of returning the private value using the "data" tag, I'd return a URL/URI which can fetch the data, being agnostic in how URL authorization is performed.

I believe that any data a user isn't comfortable with being widely published should never be published to relays, unless decryption requires their own private key, as the risk of accidental disclosure due to a key comprise is too high. 
 Hi, an option to generally show or hide badges would be great for the Amethyst settings. Some badges are no longer "maintained" and only appear as robots. Such badges can then no longer be removed via badges.page.

For example: show badges in the profile on/off 
(don't know if that's possible)

For someone who has a lot of badges, it takes ages to load the profile. I had more than 40 myself. Then I reduced it to 10. The profile loads much faster. But because of the problem described above, I would like to be able to simply hide them all if I want, without the "robots" preventing this.

Just an idea. What do you think? 
 Hi Vitor, is there any chance this could be added to the profile settings please 🙏😊? 
 Yeah, we need to do the editing of that event so that people can remove and rebroadcast their badges. 

Maybe we should also remove the badges from the Simplified view.  
 Yes, that would be great!
I think in the future the number of badges that are no longer "maintained" will increase. It would be really nice if they could be removed. 
 Do you mean something like just encrypting the badge with the receivers public key so only they can see it? 

For example, if A wants to give a badge to B who wants to show it to C, A broadcasts a badge note that is encrypted to B's pub key. B can then unencrypt it and re-encrypt it to C's pub key and broadcast that so only C can read that note.  
 something like that. I don't think the B->C needs to be over Nostr, but that is a plus.  
 Kinda just reminds me of "DIDs" where you can prove that you are a "man" using zero knowledge proofs and third party signed proofs.

So I could have 100 badges publicly known and issued and you can prove to anyone that you have that badge but you can selectively choose who to share it with.

Another thought is something I saw a glimpse of when private chats were being discussed, what if you can prove that you wrote a message in a group, but if someone were to attempt to re-share this, there is no signature to verify it. I don't know how that would work, I just saw something a long time ago that makes me think it should be possible. 
 Does the first part have to be on nostr? It's a single recipient, same as the second.