ONE-OF-US.NET(1) User Manual ONE-OF-US.NET(1)

NAME

one-of-us.net - a decentralized web of trust and identity wallet

SYNOPSIS

one-of-us.net [application]

DESCRIPTION

The one-of-us.net phone app is your digital wallet for identity. It creates, stores, and lets you sign statements with your cryptographic public/private key pairs (a single identity key pair; as many delegate keys as you want).

It allows you to:

Sign and publish trust/block statements referencing other keys, thus forming our cryptographically secure web-of-trust.
Create disposable, delegate key pairs, associate them with your identity, and allow other services (like the Nerdster) to state stuff on your behalf.

The statements are replicated to the cloud and are meant to be portable and available to be read and trusted by anyone or any service.

GETTING STARTED

Join the network

Until you trust someone else on the network, your network will be empty. Until someone else on the network trusts you, you'll be invisible to the network.

Trusting others

There are three main ways to trust another identity:

1. Meet them in person: Tap the big Scan button (QR icon) at the bottom center of the main screen, and scan the QR code on the main screen of the other person's app.
2. Remote sharing: Use the Share button (bottom left) to send your public key/QR to a friend. Receive theirs in return. View the QR code they sent you on another screen (laptop/tablet) and scan it with your phone using the Scan button.
3. Copy/Paste: If someone sends you their key as text (JSON), copy it to your clipboard. Open the scanner (Scan button) and look for the Paste icon/button to process the text directly.

Once scanned, the app will initiate a "Trust Statement". Fill in the "moniker" (typically first name) and optionally a "comment", then tap Trust.

Being trusted

Do the reverse of the above. Show them your QR code, or share it via the Share button. Until someone on the network trusts you, you are effectively invisible.

DELEGATION (SIGNING IN)

You can authorize services like the Nerdster to act on your behalf without giving them your main identity key.

Method A: On a separate screen (Computer/Tablet)

Go to nerdster.org.
Click "QR sign-in" to display the Nerdster's sign-in QR code.
Use your ONE-OF-US phone app: Tap Scan and point it at the screen.
Confirm the "delegate key" creation.

Method B: On the same device (Phone)

If you are visiting Nerdster on your phone's browser, use one of the Magic Links provided on the sign-in screen:

Universal Link (https://...): Best for iPhones.
Magic Link (keymeid://...): Best for Android.

STATEMENT TYPES

Statements are signed by your active ONE-OF-US public/private key pair. The subject is always another public key. The verb defines your disposition:

trust / block: Form the network. Your trust network is defined by these relationships. Requires --moniker (e.g., "Alice").
delegate: Authorize other services. Your identity key is you. Delegate keys are disposable keys you hand to services. Can be revoked with --revokeAt.
replace: Maintain your identity. If you lose your phone or key, you can replace it. This links your new key to your old identity history.

USER INTERFACE

Navigate by swiping left/right or using the Menu button (bottom right) to access the Management Hub.

PEOPLE: Lists everyone you {trust, block}. Manage statements here.
SERVICES: Lists your active {delegate} keys.
ADVANCED: Options to {replace} your key or view history.

Overwrite or Clear

Your disposition towards another key is singular. If you trust a key and then block it, only the block counts. Clear acts as an erase; it is as if you never spoke about it.

KEY MAINTENANCE

Recovering from lost keys

Reinstall the app and create a new identity.
Go to Advanced > Manage Identity History.
Reach out to friends who trusted your old key and ask them to trust your new one.
Once they verify and trust your new key, the link is re-established.

Helping friends recover

If a trusted associate loses their key:

Verify their new identity (meet them, call them).
Trust their new key.
Clear your trust in their old key (optional).

WARNINGS

BLOCKING Only block if a key is a bot, a bad actor, or hopelessly careless. Do not block people just because you dislike them—that is what content filtering is for. Blocking at the identity layer says "This is not a valid human."

REMOTE TRUST If you get a text/email with a QR code saying "Trust me, it's Bob", verify it is actually Bob (call him, recognize his voice). Don't just scan random QRs.