So this is Fireweed.

It is a distributed forum / social protocol thing I'm making built around cryptographic identity instead of accounts. It is a proof-of-concept in essence, to prove it can be done.

No usernames as authority. No central database as truth. Just local cryptographic identity. In the future I plan to allow attestation via signing a nonce you can put on a site or something.

Anyway.

Your identity is a keypair. That’s it. That's the pitch. Everything else revolves around that.

🧡

How it works:

You generate a root keypair (Ed25519, small, fast, modern elliptic curve, supported by almost every browser).

That key is:

  • Your identity.
  • Your authority.
  • Your signature stamp.

If you lose it, you’re done. There is no "forgot password." Eventually you will be able to export your keypair and save it somewhere, but you absolutely need this keypair to use it.

This is not far off from how SSH works, actually.

The root never touches the Internet, at least the private key doesn't. Or ideally, shouldn't.

It is encrypted at-rest in your browser and only loaded into memory when needed, decrypted via a password. It's... not perfect, because browser-based crypto is not perfect, but it's irretrievable in direct form.

This is brutal, yes, but it is clean. Also, if you destroy the key? No one can cryptographically prove it was you.

Anyways.

The root key signs:

  • Device keys
  • Identity metadata
  • Potential revocations
  • Anything that defines "you"

Obviously, posting from your root key directly would be clunky and having a lot of key material around you really don't want widely duplicated

Instead: the root key generates and signs a device key.

Device key is what signs posts, preferences updates, etc..

Each device key is:

  • Separately revocable
  • Linked to root
  • Explicitly authorized
  • Has capabilities attached like posting and preferences updates

If your laptop gets owned? You revoke that device key. The root signs a revocation. Network sees the revocation. That device stops being valid. Posts and preferences updates from it are ignored.

0

If you have a fediverse account, you can quote this note from your own instance. Search https://social.treehouse.systems/users/Elizafox/statuses/116084850719728967 on your instance and quote it. (Note that quoting is not supported in Mastodon.)