I was surprised I haven’t seen this mentioned or discussed much before.
This is the Keybase alternative. Open source and decentralized. It also hosts no data and is basically just a frontend that pulls and presents your information hosted elsewhere (i.e. key servers) in one identity/profile page.
Here is the link and it’s very interesting, including all of the documentation: https://keyoxide.org
All code is hosted on Codeberg and it has an official app on F-Droid.
I hardly understand what it is about. Is it something you use to prove that you are the owner of account x or y on the net. Or some sort of an SSO ?
The former. It’s like a digital passport. You use your GPG key to verify and show that you’re the owner of the linked accounts.
Even though it is Open source, yet very hard to set it up. I prefer something simpler.
Way too hard to set up
GPG is a static system on not the best cryptographic solution, I would definitely not make a passport solution on this.
I wouldn’t say it’s difficult at all if you follow the guides and have some technical or GPG knowledge (I’m no GPG expert and setting up was smooth by following the guides), although the non-straightforward setup is something the project and author acknowledges and aims to simplify.
Here’s a recent blog on setting up an OpenPGP profile: Blog — How to create an online identity, part 1: using OpenPGP
Keybase uses PGP as well and this is simply for evaluation as an alternative.
‘Passport’ is only a fancy term. Essentially it’s just an effective digital proof system which can even be as simple as proven.lol rather than using any cryptography, and Keyoxide uses GPG well to achieve this purpose.
It was mentioned in our discussion forum Keyoxide PGP · privacyguides · Discussion #164 · GitHub and I was thinking about doing some more research on it in Keyoxide PGP · Issue #2010 · privacyguides/privacyguides.org · GitHub
I am thinking we could write something about it, as perhaps a blog article, as it doesn’t really fit in anywhere else.
I also like to keep advanced things to the blog, because the site is where we keep “evergreen” content that is more appropriate for all levels of ability.
It’s worth mentioning that Keyoxide now has ASP (Ariadne Signature Profile) as the main way of setting up profiles and verifying identities and claims/proofs, which does not rely on OpenPGP and is a lot easier to create and set up:
https://blog.keyoxide.org/ariadne-signature-profiles/
https://blog.keyoxide.org/how-to-create-ariadne-signature-profile/
https://docs.keyoxide.org/getting-started/creating-profile/
Example ASP profile:
I do like this tool, however, I’m not sure where it really “fits in” as far as privacy goes… Anyone have any thoughts?
Digital identities? Proving ownership of stuff and prevent compromise of your identity.
Say, incase of website compromise or impersonation etc.
Quick intro to Keyoxide vs Keybase