New Post has been published on https://seanlaffan.com/your-web-identity/
Your Web Identity
As a normal user of Facebook, Twitter and emails we generally have a small group of people that we interact with. We recognise most of our fellow Users by using our normal sense of association…recognition of faces, children, dogs and environments. We understand the context of an update on Facebook or a comment on Twitter and use this to trust that the person making the post / comment are who they are. But is this enough? Are we being naive and risking our reputations just because a picture looks like our friend? There is many stories of fake Facebook accounts where people use other peoples pictures to create a false profile.
The answer may be is that as Users we need to claim our web identity, mark our territory in the world wide web bad-lands.
Surprisingly Facebook have introduced encryption email using PGP. As with all techno terms PGP is not so difficult to decipher… Pretty Good Privacy… huh! Those email notifications that you receive when you are tagged in a post or log in using a new browser can be sent encrypted, so only you can read it. All you need is a PGP key… no problem for us ordinary folks.. 🙁
Actually it is not a major problem just a series of tasks. In essence it is a crumb trail whereby you place tokens in areas of the web where only you exist such as your website, your twitter account, your Facebook account etc,. The tokens are linked to a central repository which you control
image courtesy loseyourmarbles
The approach that I have taken is to use an application called Keybase.io. This is an open source and free application which provides encryption messaging. There are others available such as Telegram Signal and ProtonMail however Keybase focuses on the web of trust.
Keybase provides a means for creating unique I.D. tokens which I can post in my social media accounts or embed into the domain of my website. The more places I can place my token builds my web presence or that I am who I claim to be on the web
Below is my keybase.io/seanlaffan pagewhich lists all the applications that I have posted a token.
Keybase gives you a link to post in your social media account, which Keybase then finds and confirms. An example can be found in my Facebook public post.
This confirms that a User called ‘Sean Laffan’ is in control of a FaceBook profile and a Keybase profile. The more linked social accounts to keybase.io increases the probability that the user ‘Sean Laffan’ is the same person controlling these accounts. When I link my domain to keybase.io, which is registered to Sean Laffan, and has a website www.seanlaffan.com then it is highly probable that the usernames associated with all these social media accounts are controlled by one user named ‘Sean Laffan’. I have built my web of trust or my user authenticity that shows my web presence belongs to one person, in this case me!
A bit of blockchain technology is used to build a chain of custody and this can be viewed in my sign chain which includes the devices that I use and when I used them. It is now at the stage that it is fairly irrefutable that my web user is the one person and if someone wished to confirm me they can. In all my accounts I have a link to keybase.io/seanlaffan so if people think my account has been hacked they can confirm it is the real account.
Which brings me back to Facebook. With all their travails with regard to security they have introduced encrypted email where you need a PGP key to use. Do you really need it… really that is up to you to decide. The process does not work on iOS so you need to use a laptop which is a bit of a pain.
But the bigger issue is that you can basically certify who you are on the web relatively painlessly before some else will… and they will at some stage.















