Won't an identity system make it easier to track me online?
It could, as much as having an email address or phone number makes it easier to track you online. You're certainly free to share these pieces of identifying information with others, as you are your Stamp identity, but you also don't have to. You can choose not give your Stamp identity to some sleezy ad company, or you can generate a fake one to fool their feeble algorithms.
You can also choose what information your identity exposes publicly by using private claims, giving you granular control over what you share with others.
Ultimately, the control is in your hands. You don't have to share your identity, just like you don't have to show your state ID to anyone who randomly walks up and asks for it.
Why not just use PGP/GPG?
Although PGP already exists as an identity system and trust network, it falls short in a few areas.
- PGP only allows a handful of claims: name/email and a photo. The Stamp protocol allows you to make any number of claims, from your name, to your age, to your home address, but also custom claims, such as a state-issued ID number or being a member of an organization. Each of these claims can be individually stamped, allowing granular trust. For instance, applications might only allow membership if you have a state-issued ID stamped by a government agency. Want to write a review on that oven mitt you bought on Amazon? Better make a DMV appointment! Joking aside, PGP's lack of claim expansion limits its ability to incorporate certificate authorities or state agencies, which are often essential parts of identity infrastructure.
- PGP also lacks in another area: the keyservers. They allow anybody to create any number of signatures on your identity without your approval. In Stamp, any changes to your identity must be approved and signed by you, and a single unified p2p network replaces a set of federated keyservers that seem to be perpetually broken.
- Lastly, GnuPG, the flagship implementation of PGP, is difficult to use. The interface is unintuitive and often painful. How many times have you read this guide? Be honest. GPG is complicated to use.
Keybase attempted to fix some of the issues with PGP but, bless their hearts, they decided to do it using a centralized service. Then they had to go and get bought by Zoom. Oops. Stamp retains much of the functionality of Keybase, such as claiming ownership of domains and www locations (except for Twitter because Twitter sucks) but allows verification directly in the client. No need to trust a central third party.
Stamp fixes the above issues with PGP/GPG not just for the sake of improving on them, but to create the foundations for entirely new methods of secure identity-based applications that just aren't possible with existing systems.
Why did you build this??
Identity is a core concept to how humans interact with each other and form relationships. It allows us to distinguish one person from another, enabling us to truly know somebody. We accomplish this by recognition of someone's presence, their appearance, their movement, etc.
However, conveying this in electronic systems is difficult. We most often represent ourselves in textual form, a medium that doesn't communicate presence, appearance, movement, or many other forms of recognition we use to distinguish one person from another. It becomes easy for one person to imitate another, or create a completely new identity. This can be desirable: it allows us to communicate without the shackles of oppression or shame, enabling more free exchange of information. The ideas we're communicating speak for themselves instead of the identity behind them.
In many cases however, we need to know exactly who we're talking to. Stamp allows us to bridge this gap between identity in the physical world and identity in the electronic world.
Stamp fills a void in an interesting space: user-friendly, self-owned electronic identity for individuals and groups.
We envision a world where online discourse can be more personal. As it stands, people must rely on corporations (Facebook, Google, etc) to vet the identities of their users, but sometimes (read: always) these companies don't have your best interests in mind. Shouldn't you decide whether the person you're talking to is Bob from down the street or a Russian troll who wants to convince you that there are people out there who will stop at nothing to get you to eat only soy products? Stamp allows you to build your own trust, and does so in a way that integrates with institutional identity providers. Google or Facebook or your local DMV can always stamp your identity, and anybody who trusts them will then have some measure of trust for you!
Beyond online discourse, state-run identity systems are not that great. At least in the United States, a person's identity comes down to a nine-digit number that acts as both a username and a password. This is the stupidest thing in existence, and causes an immense amount of problems. We're not delusional enough to think that if we build Stamp, states will start using it just because it's so great, but leaving the next identity system up to lawmakers (the ones who bring snowballs into congress or lobby every year to ban encryption) is just as foolish. Perhaps we can lead by example, and in a perfect world, states might integrate with Stamp once they realize that, yes, it is great and the SSA is due for a few updates. But Stamp doesn't care about states: it's a sovereign system! No, this doesn't mean you can drive without a drivers license, but it does mean that it exists beyond any state, whether corporate or national, and so your identity is always yours.
With AI and "deepfakes" becoming commonplace, it's more important than ever for people to know if a message or media came from you. Stamp allows you to create digital signatures that are impossible to forge so you can create official channels for you or a your company that are cryptographically verifiable. This will become increasingly important in this strange new world we live in.
As more of the world moves online, it's important that we keep, cherish, and protect anonymous online interactions and privacy. But it's also important that we allow building systems that need to rely on trusted identity, such as voting or non-anonymous communication platforms, in a way that profit-chasing corporations or antiquated state bureaus don't end up holding the reigns.
Join Stamp and take back your electronic identity!
How do I verify the release files?
Download the release file for your platform and also grab the cli.sha256sums
,
cli.sha256sums.gpg.sig
, and cli.sha256sums.stamp.sig
files.
First, we need to verify the
cli.sha256sums
file.If you want to verify using GPG, download the signing key and do the following:
gpg --import andrew.gpg gpg --verify cli.sha256sums.gpg.sig cli.sha256sums
Make sure the output says
Good signature from "Andrew Lyon <orthecreedence@gmail.com>"
!! If not, do not continue.If verifying using Stamp, download the stamp identity and do the following:
stamp id import andrew.stamp stamp sig verify cli.sha256sums.stamp.sig cli.sha256sums
Make sure the output says
This signature is valid
! If not, do not continue.Now that we've verified our checksum file, run
sha256sum <downloaded release file>
and compare the resulting hash to the corresponding entry incli.sha256sums
. They should match exactly. If not, the release has been tampered with. If they match, congratulations, you have an official version of Stamp!