ONE-OF-US.NET
A network of the people, by the people, for the people.
Retis, ergo sum. (I network, therefore I am)
A network of the people, by the people, for the people.
Retis, ergo sum. (I network, therefore I am)
The one-of-us.net phone app is meant to be simple. It creates, stores, and lets you sign statements with your cryptographic public/private key pairs (a single identity key pair; as many delegate keys as you want).
The statements are replicated to the cloud and are meant to be portable and available to be read and trusted by anyone or any service. For example, my one-of-us statements are here: https://export.one-of-us.net/?token=2c3142d16cac3c5aeb6d7d40a4ca6beb7bd92431
Until you trust someone else on the network, your network will be empty (and useless). Until someone else on the network trusts you, you'll be invisible to the network (and useless).
Options:
Once the app has initiated the process of signing a trust statement, fill in the field "moniker" (typically first name) and optionally "comment", click Trust, approve, congratulations!
Do the reverse of the above.
Until someone on the network trusts you, you'll be invisible to the entire network, and so this is important.
Access the Nerdster on a computer web browser:
Use your ONE-OF-US phone app:
You should now be signed in and centered as yourself on the Nerdster.
In case you don't see any content, you probably don't one-of-us trust anyone, and so your network is empty.
Statements are signed by your active ONE-OF-US public/private key pair.
The subject of these statements is always another public key.
The verb tells us what you are stating about that other key: trust, block, delegate, or replace. The 'clear' verb is a special verb that erases any previous statement you've made about that key.
The trust network is defined by the trust relationships.
In case of fraud or mistakes, a block may be required.
A moniker, typically a first name, is required in trust statements.
Your ONE-OF-US key pair is your identity, but you can also create disposable "delegate" keys to hand over to other services to state stuff on your behalf.
In case of lost or compromised keys, or in case a delegate service misbehaves, you can revoke the key you gave it.
That is done by issuing an overriding delegate statement, this time with revokeAt set to the last valid statement so that whatever statements that key signs after it's been revoked are not to be considered as valid.
In case you lose your phone, reinstall the app, or have your key compromised, you can replace your key.
The goal is to maintain your identity even though you'll be using a new key. The statement you'll state with your new key is something like, "This new key of mine replaces my old key as of this particular time".
All of those you've trusted or blocked with your old key will be understood to be trusted or blocked by your new key, and the same goes for delegate keys, folks who've trusted you, and even older keys which you've replaced before.
A revoked at last statement token is always required for replace statements.
The app lists all statements made by your active and replaced keys in 3 groups:
One key's disposition towards another is singular, and so if you trust a key and then block it, only the most recent statement is your key's disposition towards the other. The "clear" verb acts as "erase", and so if you trust a key and then clear the key, it's like you never said nothin' at all.
And so whatever you do can always be undone.
(If you lose your private key, then it's more complicated, but there's a path for that, too.)
You can re-state any statement by finding it under the "state" menu, clicking its box, and updating its fields ("moniker", "revokedAt", or "comment").
This will override whatever you previously stated.
You can also clear any statement (similarly, find the statement and choose "clear").
Phones and keys can get lost or hacked.
When you create replacement keys, you need to take a few steps so that your network understands that your new key still represents you.
Don't lose your one-of-us key and don't get hacked.
In case you lose your one-of-us key or get hacked, you can replace your one-of-us key.
You do this by:
But immediately after you do this, no-one will know that you've replaced your key. You'll need to reach out to the folks who trusted your old key and ask them to trust your new key.
Once some of them have done that, the others should see a notification on their Nerdster that an attempt has been made to replace a key that they trust directly, and so they may possibly reach out to you to confirm that before you reach out to them.
To actually get started on this, use the state / replace menu on your one-of-us phone app.
In case you had to replace your one-of-us key, then you should use your new key to state that your old delegate keys are associated with your new one-of-us identity key.
Delegate keys for which you still have the private keys can be used by importing them.
Delegate keys which you don't have the private keys for can and should still be claimed by your active one-of-us identity key.
In case you suspect that a delegate key has been compromised, then you can re-delegate it and revoke it as you do.
This is your network.
Blocking a one-of-us key is harsh!
You should only block a key in case you have strong reason to believe that the key:
If and when one of your trusted associates loses their key, they'll need for you to:
You'll need to:
I use copy/paste instead of QR mostly during development, but there may be times when the text version of the key is more useful (maybe hard to point the phone camera at the same phone's display, for example).
Most UI gestures that scan for a QR code also have a paste icon to accomplish the same.
Those are real people, and they belong in the ONE-OF-US network. Instead, block them for <Nerdster> follow, censor their content, etc...
Suppose I receive a text from an unknown number saying, "Hey, Tom. This is John. I had to get a new phone plan, please update my number in your contacts.", I'd want to speak to him first, right?
If you need this explained further, then sorry, bud, you ain't nerd!