things user/profile systems fuck up, bad assumptions
- the user will never delete their account
- the user should be expected to individually delete their posts
- the user will never change their legal name
- the user will never change their email address
- the user will never change their phone number
- if they do change those things, surely they will think to use our change info ui before getting rid of their old name/phone number/email address
- the same as above, but with SSO linkages

- the user will never die
- the user will never be arrested
- the user will never be subject to search and seizure

- the user will never want or need a copy of their data
- the user doesn’t need or want their data in any standard easily readable formats,
- some json or xml blob should be good enough right? that’s standard and readable, right?

- the user wishes to have their identity be immutable and persistent - that is to say, continue to be associated with old posts , analytics data and content regardless of the number of name and identifying info changes, thanks to “helpful” permafingerprint algorithms tracking the user across identity changes.

- the user will never have a stalker, an abusive ex, or angry internet mob
- the user probably doesn’t mind having their full legal name and list of postal addresses listed on the public web a google searcg away. i mean, it’s public data right? information wants to be free dude. you can just unregister to vote if you don’t like it.

- the user database will never be hacked or leaked

this one is interesting from the perspective of: if you start from the assumption your user database definitely will be leaked: what design decisions do you make differently

These 6 things are different things, not the same thing. they do not require each other nor are they required by each other.

@zens At some point an account either has to be unrecoverable or open to social engineering to steal right?

@LovesTha we either need a horse and carriage, or we walk right? no other options

@zens Proof of identity is a tough problem.

There definitely isn't any perfect solutions. Are there any good solutions?

@LovesTha does a document editor need proof of identity? nope, but google docs does. you might argue its collaborative features require it but… do they? really?

@LovesTha i have made the point before but we mustn’t confuse the problem of proof of identity, for needing proof of identity for all the current things we think we currently need it for. maybe we only need the cart and not the horse

@LovesTha especially when we hear how much we need proof of identity from entities whose business model is in proof of identity and advertising profiles

@zens By proof of identity I only mean proof of being the same identity as earlier. Not of being a distinct, identifiable human.

I'd rather be the only person editing my documents (unless I want to let specific or all others do it)

@LovesTha i am not sure there is such a thing. i am kind of a different human from moment to moment. add enough moments and what do 10 year old me and 60 year old me really have in common?

@zens Most people seem to enjoy some amount of continuity of possessions, so I doubt we are going to do away completely with the concept of self.

@LovesTha as long as that is by consent and not by invasive surveillance. i left my life and most of my stuff behind in another country, i don’t want everything i ever did to follow me around

@zens Which is very different to being forced to leave everything behind continually.

@LovesTha @zens yeah, for example me, I tend to be a sentimental person who loves keeping things forever.
@zens @LovesTha i think for the vast majority of use cases all we need is to show whether any two inputs were from the same account

maybe not even that (cf. old forums where you can type in any name you want and ppl just learned to recognize ppl by tone and content)

anything beyond that is just to stop spammers

@apophis @LovesTha we can stop spammers by ending the incentive to spam.

that is to say, capitalism

@zens @apophis To stop spammers you need to go full extreme communist where no one owns anything, not just replacing capitalism with business aren't run for personal profit.

@LovesTha @zens @apophis
Reputation systems and invite based services are pretty effective and don't require "full extreme communism".
They are antithetical to unlimited growth but they are not exactly rooted in the abolition of private property.

@csepp @zens @apophis yes but they aren't doing it by removing the incentive. They are technical solutions.

@LovesTha @zens @apophis Social credit systems *are* incentive systems. Whether you keep track of trust in your head or on computers makes some difference, but when we are talking about a global network, you can't really rely on wetware methods, because you have zero power over someone on the other side of the globe. You gotta use some cryptography and databases to weed out the spam and defeat MITM and other attacks.

@zens @LovesTha This is very true. There is a vast difference between Authentication and Authorisation, and when either is needed.

I run a feed aggregator in geminispace which allows for personalised filters. No authentication, just a capability URL to each filter. The security of sharing or losing the link is left to the user, because it doesn't matter to my service at all. And maybe people want to share a filter and editing capabilities to it.

@tinyrabbit @LovesTha maybe a filter can be stored entirely in a url. like how i designed

@zens @LovesTha I thought about it, but there's a pretty strict length limit to URLs in gemini, which would limit the number of filters one can have. And if the user is on different devices it's simple to copy one URL once instead of a changing URL when new filters are added or removed

@tinyrabbit @LovesTha the length limit can be defeated by using hashes of the longer url (or string representing filter content), i am back seat designing here but that would eliminate issues with editing an existing filter- instead of rug pulling someone else they just get a new hash. how i would do it anyway: cool urls don’t change

@LovesTha I actually *just* thought the same :D it would have to be a number of hashes for each filtered URL though, since a hash isn't reversible.

I might try implementing this...

@zens What would you consider a good readable export format?

@Anke @zens also interested in this question. We (colleagues & me) are considering what an acceptable/good format we should use for data-export.

As a technically inclined customer, I'm fine with json or something like that. It gives me the ability&freedom to manipulate that data.

But then I think of my mother.. in electronic form, I think she would appreciate a pdf (feels to me like the most universally accessible).

Is there a way to easily reconcile those two? Provide both?

@woozong @Anke svg is pretty nice for being a format that is
1. graphical
2. opens in any browser
3. can be loaded with structured machine readable data

but json isn’t bad so long as it’s packed with a reader app. pdf isn’t too bad a fail safe.

what i really want kinda doesn’t exist because incentives are against e.g. making twitter exports compatible with facebook imports. i want more standard formats. if you follow me, look for my grand unified message format document

@woozong @Anke csv is also despite its flaws, openable in excel and most people kinda get excel

@zens YES

every data retention policy is bullshit in the end

even if and when the entity holding the data is willing and able to abide by the law at all times

the law changes

@zens Hmmm, didn't I just yesterday tooted about wanting to implement a cryptographic authentication/registration system in my browser engine? So I can use it to make reporting issues to me trivial...

In my issue tracker I am thinking about deploying this such that you can register multiple personas & allow changing your username upon submitting any of the forms. No contact info required.

Quite lightweight, specifically designed to be trivial to use. Meets many of your demands.

@zens (well, sans the part that high privacy does seem to imply data ownership by concept)

@xerz what if you’re a pirate with stolen booty and you are highly private about its location and yet do not own it?

@zens you own the data about the location ofc :blobcatuwu:

@zens the user database well never be hacked or leaked is there is no user database.

@lig my partner has dyslexia. i have learned not to be snippy about minor mistakes, i got what you meant :)

@zens see, that's why I LIKE having different accounts everywhere. Each fedi instance, even. I don't want them all linked, as then I might as well be on a centralised service.

Well, for some aspects.

@zens - The user who posts media will never want a copy of that though, since they had to upload it from somewhere they should still have that file right?

(Wrong. Yes, social media services should never be used as a backup, but if someone wants their posts, surely they would also want any media attached to a post for context.)

@dartigen the thing is when i post media it’s not just an image or video file copy; i add a caption and put context around it- that doesn’t patch back to the original file. that context and connection is worth something to me

@dartigen so what goes in the svg , if you wanted to be frugal, can be a thumbnail + a link to original

@zens Oh yes, definitely capturing the caption/image description if there is one.

Thumbnail and link, at minimum; maybe an option to download recent media separately to make it less complicated and keep it manageable.

- the user will never change their username/handle

@zens i'll add on another one
- no support for systems (systems here meaning plural systems), i know this is (relatively) harder to get right than what you've listed, but being able to have multiple profiles per account and being able to switch profiles per post, basically what the discord bot pluralkit ( does, just integrated in the platform.

@EmberDev well, even just a non plural person doing a set of fictional characters could use this stuff. e.g. I have accounts for each of my bigger software projects and I give them each little personalities.

@zens @EmberDev Even if you're an activist or journalist or something and want to not get doxed, you need multiple profiles.

@zens The user can see those "choose your avatar" pictures or icons. The user can see a capcha, and the capcha is clear enough to be easily solved without the user giving up and going somewhere else. The user knows that that <p> styled to look like a button *is* a button and is clickable.

Sign in to participate in the conversation

Revel in the marvels of the universe. We are a collective of forward-thinking individuals who strive to better ourselves and our surroundings through constant creation. We express ourselves through music, art, games, and writing. We also put great value in play. A warm welcome to any like-minded people who feel these ideals resonate with them.