Re: Digital Press Passes and Decentralized Public Key Infrastructures from David Karger on 2021-07-23 (public-credibility@w3.org from July 2021)

From: David Karger <karger@mit.edu>
Date: Fri, 23 Jul 2021 19:52:50 -0400
To: public-credibility@w3.org
Message-ID: <a34a397e-7f08-4406-eb8d-af9cc286160d@mit.edu>
We don't have access to browser UIs, but my group has built a system and 
a browser extension that takes this approach.

On 7/23/2021 7:47 PM, Annette Greiner wrote:
> Scott,
> Has there been any discussion with browser makers or others about 
> browsers possibly surfacing this data in their UIs? I could imagine 
> browsers having a control that lists the belongs-to claims that a site 
> makes and indicates whether they are verified by the corresponding 
> domains. I don’t want to specify the UI too much, but it could be 
> something similar to the typical lock icon in most browsers now. So 
> the browser makers or platforms wouldn’t have to decide anything about 
> who to trust; they would just surface the claims and whether they are 
> verified, so that the user can evaluate based on their own context of use.
> -Annette
>
>> On Jul 19, 2021, at 2:47 PM, Scott Yates <scott@journallist.net 
>> <mailto:scott@journallist.net>> wrote:
>>
>> Adam, (and friends),
>>
>> I looked really hard at a PKI solution for a long time, and the 
>> downsides were insurmountable..
>>
>> Probably the biggest problem that you can't get around is: Who 
>> decides who is in and who is out?
>>
>> After beating my head against the wall for a couple of years, I came 
>> up with trust.txt. It's a text file in the tradition of robots.txt 
>> and ads.txt. In that file, press associations list their members, and 
>> members list their associations.
>>
>> For example, the Texas Press Association's file is here: 
>> https://www.texaspress.com/trust.txt 
>> <https://www.texaspress.com/trust.txt> and the file for a small 
>> weekly paper in Hays has its file here: 
>> https://haysfreepress.com/trust.txt 
>> <https://haysfreepress.com/trust.txt>
>>
>> With those, anyone can build a crawler and an algo to get 
>> confirmation about who belongs to whom.
>>
>> No one body has to decide who is "press" and who is not. Groups on 
>> their own decide who is a member, and it's up to the platforms to 
>> interpret the signal and decide that the Hays Free Press is just a 
>> bit more trustworthy because they at least know that it belongs to 
>> the TPA.
>>
>> I'm now rolling this out to press and broadcasting associations in 
>> the U.S., and hope to go international starting in the fall.
>>
>> After studying it for a long long time, I think this is as close as 
>> we can get to a "digital press pass" that is consistent with the 
>> First Amendment and an open, decentralized web.
>>
>> -Scott Yates
>> Founder
>> JournalList.net <http://journallist.net/>, caretaker of the 
>> trust.txt framework
>> 202-742-6842
>> Short Video Explanation of trust.txt <https://youtu.be/lunOBapQxpU>
>>
>>
>> On Mon, Jul 19, 2021 at 3:23 PM Adam Sobieski 
>> <adamsobieski@hotmail..com <mailto:adamsobieski@hotmail.com>> wrote:
>>
>>     Credible Web Community Group,
>>
>>     Credentials Community Group,
>>
>>     I would like to broach the topic of “digital press passes”
>>     towards a more credible web.
>>
>>     As envisioned, “digital press passes” could be provided to
>>     organizations and individuals utilizing decentralized public key
>>     infrastructure.
>>
>>     Webpages could include URLs to their “digital press passes” in
>>     link elements (<link rel="press-pass" href="…" />). This
>>     information could also be encoded in documents in a manner
>>     interoperable with Web schema. News content could be digitally
>>     signed by one or more “digital press passes”.
>>
>>     Upsides include: (1) end-users and services could configure which
>>     certificate authorities that they desired to recognize, (2)
>>     end-users could visually see, in their Web browsers, whether
>>     displayed content was from a source with a valid “digital press
>>     pass”, (3) news aggregation sites could distinguish content
>>     digitally signed by “digital press passes”, (4) social media
>>     websites could visually adorn and prioritize shared content which
>>     is digitally signed by “digital press passes”, (5) entry for new
>>     news organizations and recognition as such by existing services
>>     would be simplified, e.g., a new newspaper organization, the new
>>     news organization would need to obtain a “digital press pass”
>>     from a certificate authority.
>>
>>     Downsides include: impact on citizen journalism, where users
>>     other than journalists desire to publish or distribute news content.
>>
>>     Have these ideas been considered before? Any thoughts on these ideas?
>>
>>     Best regards,
>>
>>     Adam Sobieski
>>
>>     P.S.: https://meta.wikimedia.org/wiki/Wikifact
>>     <https://meta.wikimedia.org/wiki/Wikifact>
>>
>
Received on Friday, 23 July 2021 23:53:02 UTC