idVer was a feature to allow people to create semi-verifiable, consistent IDs on this site.

This site has no user database. So how can we tell if someone is who says they're "johnk" is really "johnk"? You can't.

So by filling out the "secret" field, you can produce an idVer value.

Nobody understood this.

Then, I must have shortened the author field at some point, causing a bug, that prevented idVer from being used.

Of course, someone could try and just copy paste the author with the idVer part in there. I did that in the OP.

So I added a feature that would flag those attempts.

This was, a pretty half-baked way to do this.

I should have just punted the post if there's an idVer in the author field.

---

Aside from that, there's a whole other problem, where the field is named "secret", and the instructions call it "id verfication code", and then it's labeled as "idVer".

That's so inconsistent. It should be called:

secret

hash

hash:123f23sdfar32r

This is tech jargon, but so what? So is "idVer" and all the other terms. At least "hash" can be searched and you can learn what a hash is from Wikipedia.

So the terms here have to change.

The hash is also way too long. It needs to be turned from a long, 41 char hex value into something like hash:AMZEFSD, a short alpha value.

---

The point of idVer was to make a kind of identity that didn't have a user database. No user database means no accounts, no passwords, nothing.

No OpenID, no OAuth, no nothing.

---

What it doesn't do is integrate with PGP style signatures, which are based on public and private keys. So the posts can be altered by the admin.

Of course, the user can use PGP style signatures, and post the public key after the post.

One thing I overlooked is that the article database is also a user database, once this hash is calculated.

Past uses of the author and secret could be used to verify future uses of the author and secret. If the author forgets the secret, their identity is damaged, going forward.

They'd have to create a new username.

----

Another likely security hole is people using the same password they use for another site. If this site's salts are compromised, then the password can be cracked.

----

As noted before, the more secure solution, to use PGP to sign posts, is better. The problem, of course, is hardly anyone understands it, and even people who understand it, often don't use it.

I searched for a browser extension for PGP GPG and found only one with 90 installs, that's very old.

On Linux, I found kgpg, which is a GUI that manages keys *and* has a gui to sign files and bits of text.

The infrastructure to use GPG is also confusing (to me).

This is all sad :(

---

This username/secret system doesn't really address the actual trust issue - which is whether the person you're reading is even worth reading.

Someone with a consistent ID can be bad.

This site's been "infected" by at least two long-term asses. Aleth, a "communist" who seems to actually be an Italian Catholic Ultranationalist Anti-Semite. Patrice Faubert, an "anarchist" poet who sometimes goes misogynist.

To their credit, they're stalwarts. They spam like machines. Aleth was an anti-Semite long before Gaza, and in a style which was pretty clearly bigoted. Patrice has been on here decades, and the misogyny predated this whole "incel misogyny" thing. I hide Patrice without reading his material mainly because he spams, and harms the site's ranking.

There's also a new person who is a 9/11 truther. I'm flipflopping on them, and might not hide them, if their stuff has some useful info. At this time, they seem to have an axe to grind with the Covert Action Magazine, and defending RFK Jr. I don't like their material, but it merits a closer reading.

The fact I don't agree with someone is not my basis for hiding. It's more about 1. fascism, 2. spamming, 3. conspiracy theory.

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

I'll address censoring anti-semitism, because I'm sure someone reading this will assume Aleth is "antizionist" or something like that.

Antizionism isn't hidden on this site. It's been anything from a 0 state, 1 state, 2 state on here. I think nearly every article about Israel-Palestine has sided with Palestine. We've also published Latuff, who's been accused of antisemitism, and, I think, very occasionally, legitimately -- but he's been acceptable.

Aleth's stuff generally feels like conspiracy theory. Since it's in Italian, usually, I autotranslate, and try to guess if it's legit. It's often about the Catholic Church, about which I know almost nothing, so I can only go on a vibe.

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE68yR68mOiMrmCxoyvFZQoR7fNh4FAmiJQAYACgkQvFZQoR7f

Nh4CWwf+ON7eDLL2a1sk4MWl1+hbden81InpNX15yFsYbxDSwKFM+QgpU0r5FUIY

vJBWdTrN5P5rTjst4dXDpBd/tXD0rAzzlPJd65mktFgPhl57Ayi9yOGlRqj1FZCk

beYajAQfAPVxkYXzb+hjuDD0o0ozDHRD3QK6RJEJoQ2hzd6eB2xfG8tnB7i0USkT

pxPum99UVz+znk+PeMHVER67UPM6H8lXvZOOIzAffPVRJntB8kosoNU1ar+VSg+O

RldU8OBJio30W5ROtCu2LvonEQVcmuDJg39e5iZA53SQGsq6rHCfE/zZ7IeJXG1c

5hbaNDsNd5OoeLeKA55pDyE7Nq7Gww==

=w+cp

-----END PGP SIGNATURE-----

Well, that failed.

The text filtration features on the site altered the posted text, causing the PGP signature to be invalid.

The filtration alters whitespace, and might change the character set (because this software was written before UTF-8 was widespread).

So, I guess PGP won't work on here. LOLz.