Response to Show HN: Eth Signing for Wikipedia Updates

OP(xinbenlv@HN): Hi all, OP here. I am new to the HN so please forgive me and educate me for the proper etiquette if I doing anything wrong. I am super thrilled to see 28 upvotes and 58 comments overnight. thank you for your passionate response, suggestion and critize of what we shared. It took me a while to read every comments you left so please bear with me for delay. Here are the combined responses for your questions: > NoZebra120vClip@: This is fake, right? Why would Wikidata touch this with a ten-foot pole? ... It is one thing to propose this as an extension for MediaWiki that some rando running a website may use. It's entirely another thing to mock this up as if it's part of Wikidata's own interface. OP: Haha, no, it's not fake. It's done via a Wikipedia feature called "User script", which works like a Chrome/Firefox Extension. If an user choose to install what you build, it could load additional JS and CSS. Our code is open sourced on https://github.com/wikiloop/signed-stmt, and the feature is enabled for my own account User:Xinbenlv https://www.wikidata.org/wiki/User:Xinbenlv/SignWithEtheruem.js Anyone interested could try to enable it in their account if they choose to, by opt-in this user script that we built. --- > NoZebra120vClip@: EDIT: Headline says "Wikipedia" but screenshots are allegedly "Wikidata" which is really different. OP: We use "Wikipedia" here because that's what most audience might recognize. In technical specifics, the site is Wikidata.org which is a sister project of Wikipedia, also supported by Wikimedia Foundation and share the same spirit. The Wikipedia is powered by software called MediaWiki, and Wikidata uses an extension of MediaWiki called Wikibase. It has its whole ecosystem and terminologies like all other open source movement. > NoZebra120vClip@: Just because someone has reserves of ETH, they get to say what a valid edit is? > NoZebra120vClip: What's the point of some random person "endorsing" an edit? I'm not sure how a wholly external PKI could be any help in "endorsing" edits. A user's ETH wallet has no relation to their reputation or trustworthiness on WMF sites. > World177: ... Though, I think blockchain based identities are objectively better. In implementation, it doesn't have to be a random person, it could be anyone or any organization that could endorse changes... OP: Actually to use this tool we don't require anyone to own any ethers. It's just a digital signature signed with Ethereum compatible wallet. And I am super glad that @World177 pointed it out. That's exactly what where we are going. If we could let people sign with identities that's crypographically and blockchain native, we could further expand it with other social and tech architecture. For example, with support of Ethereum Name Service or other DID, people could sign with their identiteis associated with some institutions or organizations. Or they could collaboratively sign - e.g. a committee of reputable peer review group would only sign as a whole when their signatures aggregates to beyond the threshold. There is also another possiblitity that we establish a decentarlized computer graph based on "who has endorsed whose edits" so that the editors who are endorsed by more people, has a greater power endorsing others. Visualize the similar approach of Google's PageRank or Facebook's EdgeRank except for each vertex could be an editor's decentralized identity or an article, and each link could be the endorsement relationship or the author-article relationship. --- > bawolff@: This system is signing the revision id number (im assuming based on the video). ... OP: that's totally true, bawolff@. Our intention was to show case the signing part End-to-end workflow prototype. In real production one could be signing for a diff patch, or a full update. --- > NoZebra120vClip@: ... Also, if this signature isn't recorded on the blonkchain, then where is it going to be recorded? Wikidata ain't holding it for you. You've got to put it somewhere. Are you going to use IPFS or Dropbox or something? OP: I am glad that you brought it up! Yes, that's something we are comtemplating right now. It could be a IFPS, it could be a centralized server that we own, or a Wikimedai Toolforge. The good part is, it could be both, and also decentralized. Being a cryptographic signature, anyone who hold a copy of an endorsement could validate if their are true. We put out this prototype to solicit wise and inspiring feedbacks like yours, and hopefully we can improve our product. We also ask for open source contributors who are interested. --- > NoZebra120vClip@: Wikipedians also use something called a "Committed Identity" which is a cryptographic proof of their identity, which can be used to recover an account if credentials don't work. Since it's encrypted, it doesn't amount to revealing your real-life identity, it merely provides a mechanism for them to verify it with your cooperation. OP: Thank you for brought it up. The growing adoptiton of crypto wallets brings hope for more people to sign as this Wallet apps are built for regular users so their user experience is much easier than PGP / "Committed Identity tools which is SHA-256 and other options even though those options has existed for decades. A metaphor will be FaceID / TouchID supported PassKey vs other crypographic signing GNU libraries. --- > bawolff@: You could definitely do better than what they were doing, but i dont see how you would be able to distinguish between a signature on a real edit and one on a fake edit that never existed on wiki. OP: In our prototype, an endorsement is being signed. In production, it's possible that people will add their signature for their edits tool. We hope increasingly people will sign their edits so there is an increasing subset of Wikipedia edits that could benefit from decentralized signature that doesn't rely on Wikimedia or centralized entities to verify. The adoption will not happen overnight, just like The HTTPS. --- > bawolff@: Of course you could have a trusted third party verify the edits, but in that case you might as well just use a normal website. OP: In that version of future, we no longer need a trusted third-party to verify the edits. --- > bawolff@: So assuming the context is to prove if wikipedia is "censoring" you, i dont get how this would work. OP: The main goal is not to avoid Wikipedia censoring. --- > spaceman_2020@: The fundamental flaw at the heart of crypto: the insistence that only onchain data matters, while in the real world, your reputation is tied to your real identity. OP: I think I share the view with sowbug@ in his answer: > sowbug@: Why do corporations get to conduct business, have credit scores... OP: also, in the long term, I believe that "reputaiton" is going to exist in a digitized form in the future, and people will have real identity attested with digital signature, just like HTTPS help you ensure the site you visit is the site that you think you are visiting. And I agree with everfree@ that thinking "blockchain" insist on anonimity is a common misconception and misunderstanding of cryptography. --- > bawolff@: Anyone can make a mock up, doesnt mean wikidata is going to use it. OP: that's true. We are trying to get a small percentage of early adoptor who would love to opt-in this user script. --- > justsomeadvice0@: But why in the world would you want to use the same key that can instantaneously shred the dollars in your bank account to ensure authorship of some edit on a website article?... It is a neat hack, that would fare tragically when applied to the masses. You are right that neat hack doesn't always applied to the masses. The assumption that we will have the level of mass adoptions will be a dream. Today, it doesn't. and we are just exploring and option. it's totally possible that this is a bad idea. And we have options to mitigate that such as using ERC-5453 endorsement, or using "semi sig" which will be e.g. a signature that's half size of normal etheruem size etc. but there is a long way to go for the whole industry to improve its UX. I think we envision a (long term) future where most fund are kept in contract wallets that operated under proper limits and multi-sig or signaure aggregation requirments. --- > @8organicbits: Can I create 1000 empty wallets and endorse bogus edits 1000 times? It's really easy to create empty wallets at scale. What value does an endorsement like that have? In a centralized setup, e.g. facebook and twitter, that's what they have suffered from. In decentralized setup, however, it's possible that different reader will use different algorithm provider. If an algorithm provider uses something like PageRank/EdgeRank kind of graph-random-walk based reputation algorithm, 1000 empty wallets who doesn't have reputation will not increase any reputation of the edits they endorse. --- > @mvid: I work in crypto, and even I ask, what makes this better than GPG? OP: two points. 1. It helps harness the help from EVM wallet's adoption. Most people don't know how to use GPG. Most GPG tools aren't built with mind of regular user as target audience. 2. We could soon see on-chain identities, and organizational relationships linked to it. E.g. one could use ERC-1271 to have a contract attest to a signature. --- > @crote: Heck, I'm having trouble seeing what makes this better than a Facebook Like! Yes it's pretty much the same as Facebook Like, except that the accounts are decentralized so could never be banned. Also you could have a group of people "like" an edit as a group (shared identity). --- > FreeTrade@: I'm interested to see an integration of wikis and web-of-trust. This looks to be a step in the right direction. OP: yes, thank you! That's what we see in common! --- > Considering most Wikipedia editors are under-employed guitarists and retired house painters deciding on the veracity of details about local history events and obscure scientific niches, this doesn't help much. OP: that's true, for majority editors. But just like Balaji says in his Network State book, it only take a small group of people to start something big. We just need early adoptions from some subset of editors and hopefully if it's useful, other poeple will see it and begin using it. --- > oskarw85@: That's simply not true. Even if the underlying mechanism is the public-private key pair most owners do not use it with signing in mind. OP: Society with and without "phones" are foundamentally different. The introduction and adoption of cryptography into daily life is at this level. In the beginning, we probably could only attract a small group of adoptors. But the monthly active editors of Wikipedia is only O(100000) and the number of editors that actively review and "like" edits are even smaller, around O(1000). This is the scale of users that have made great impact on Wikipedia and the world's knowledge. --- ## Final words Thank you all for your passionate conversations. Your criticize and defending are all super valuable and inspiring to us. Thank NoZebra120vClip@, bawolff@, spaceman_2020@, justsomeadvice0@, duskwuff@, 8organicbits@, mvid@, greenthrow@, sacnoradhq@: you helped us think harder with your criticizing comments and questions. World177@, sowbug@, everfree@, 40four@, peyton@ crote@ yieldcrv@, xk_id@ Thank you for your defending, your inspiration and your support.