Update FAQ

This commit is contained in:
Yarmo Mackenbach 2020-08-28 23:31:46 +02:00
parent 296c4311e9
commit 3b4c13e352
3 changed files with 89 additions and 154 deletions

83
content/faq.md Normal file
View file

@ -0,0 +1,83 @@
# FAQ
[[toc]]
## What is Keyoxide?
[Keyoxide](/) is a modern and privacy-friendly platform to establish your decentralized online identity. It is fully Open Source under an AGPLv3 license and it can even be self-hosted. It can also perform basic cryptographic operations like encryption and signature verification.
## Why does Keyoxide exist?
[Keyoxide](/) helps solve a growing issue on today's internet: **identity**.
During the *Web 1.0* days of the internet shortly after its inception, it served as a new world for people to explore. **Anonymity** reigned as all websites were silos: you could be two completely different personas on two different sites. You could even have different personas on the same website. There was no method to link personas to our real-world identity, nor a reason to.
Entered the *Web 2.0*. Small sites disappeared as large corporations took over. Facebook, Google, Amazon. Creating an account on those platforms had a lot of implications: that single account could be used across their different services and with the creation of "Login with X" buttons, even across different websites. People gave these platforms their personal information, a name, a phone number. That one account defined who you were on the internet. The corporation behind the platform had become the guardian of our online **identity**. As the internet slowly invaded our real-world lives, so did these platforms. We trusted them. We became complacent.
We know better now. These internet corporations gave us convenience with one hand and took away our privacy with the other. But we are getting a third chance.
Developers all over the world are building the *Web 3.0*, a new vision of the internet where its citizens keep control over their data and, by extension, their **identity**. The internet is only growing bigger and becoming a larger part of our lives. This new Web will have a strong focus on both **anonymity** and **identity**. [Keyoxide](/) is here to help with the latter.
While **anonymity** is the art of keeping a persona devoid of individualizing characteristics or qualities, **identity** is the science of tying online entities together, making sure the world can see these entities are part of a larger persona. A person can have multiple personas, or online **identities**.
## How does Keyoxide work?
### The simple explanation
You create a special secure document that only you can edit, containing a list of accounts that you have created: one of these accounts is, let's say, a Twitter account. At the same time, you also a little piece of text to, for example, your Twitter bio, containing the name of that same document. [Keyoxide](/) reads this special document, sees you have a Twitter account, has a look at that account and finds the name of your document.
Because this is only possible if one and the same person has access to both that special document and the Twitter account, we have now verified this account belonging to you. If you add other accounts, you get a profile page which people can use to know who you are on different websites.
### The complicated explanation
Cryptographic keypairs consist of a private key and a public key. While both keys contain the same information, the private key allows one to edit the contents of the keypair and the public key allows one to simply read the contents of the keypair.
This makes cryptographic keypairs a perfect vessel for online identities. Only one person can add so-called "proofs" to the keypair while the rest of the world can only read the proofs. The same is true for accounts on websites: the whole world can see your profile while only you can make changes to it.
Proofs are stored inside keypairs as so-called "notations": these can be seen as custom data entries. Typically, proofs are structured as follows:
`proof@metacode.biz=https://platform.com/username`
- *proof* tells us we are looking at a proof.
- *@metacode.biz* tells us this is a specific type of proof, as defined on the [metacode.biz website](https://metacode.biz/openpgp/proofs). This part should NOT be changed when adding a new proof to your key.
- The rest of the proof is simply a URL to the profile page of your account on a website.
It is important to note that not all websites are supported. For now, supporting a single online platform involves quite a bit of manual work. It is also important to note not all platforms can be supported. You can always suggest new platforms to support by [creating an issue here](https://codeberg.org/keyoxide/) or contacting me at [yarmo@keyoxide.org](mailto:yarmo@keyoxide.org).
## How does Keyoxide fit in the Web 3.0?
The one word to associate with the Web 3.0 is **decentralization**. This indirectly refers to the process of separating applications from data.
This means that while [Keyoxide](/) (the application) does the verification of your identity, it should not store that identity on its server! The data associated with your identity is stored in a different place where you keep control over it, typically a dedicated key server. We strongly recommend [keys.openpgp.org](https://keys.openpgp.org/) which is the default key server [Keyoxide](/).
## How can I make an account?
You can't and that is the whole point of [Keyoxide](/). Your data and your keys are not stored on our server. Therefore, there is no need to create an account. You simply [create a cryptographic keypair](/getting-started) and upload it to a dedicated key server. [Keyoxide](/) will automatically fetch your key only when needed.
## Can I get a sweet profile page?
That, we can help you with! Just append the fingerprint of your keypair to the domain like so: [https://${domain}/9f0048ac0b23301e1f77e994909f6bd6f80f485d](/9f0048ac0b23301e1f77e994909f6bd6f80f485d) to generate a profile page.
## Where do I upload my private key?
**DON'T**! We don't want it!
Alternative services may ask you for your private keys so that they can offer additional functionality. Please understand that your private key is yours and ONLY yours. You should never upload it to any online service, in fact it should never leave your computer.
## Where is the app?
There is no app yet. This is planned for the near-future.
## PGP must die!
Not a question but we get your point. While there are [legitimate reasons PGP should not be used for use cases like communication](https://restoreprivacy.com/let-pgp-die/), it is still widely used and is actually quite a good fit for decentralized identity management.
But yes, try to avoid OpenPGP for communication. There are plenty of (decentralized) encrypted messaging platforms out there much better suited to that task.
## What is on the roadmap?
- Create apps
- Create an API
- Make Keyoxide more accessible (a11y and i18n)
- Support more platforms and services
- Integrate other encryption programs

View file

@ -49,7 +49,6 @@ router.get('/', (req, res) => {
router.get('/getting-started', (req, res) => { router.get('/getting-started', (req, res) => {
const env = {}; const env = {};
let data = fs.readFileSync(`./content/getting-started.md`, "utf8"); let data = fs.readFileSync(`./content/getting-started.md`, "utf8");
let content = md.render(data, env); let content = md.render(data, env);
@ -57,7 +56,12 @@ router.get('/getting-started', (req, res) => {
}); });
router.get('/faq', (req, res) => { router.get('/faq', (req, res) => {
res.render('faq', { title: `Frequently Asked Questions - Keyoxide` }); const env = {};
let data = fs.readFileSync(`./content/faq.md`, "utf8");
data = data.replace('${domain}', req.app.get('domain'));
let content = md.render(data, env);
res.render(`basic`, { title: `Frequently Asked Questions - Keyoxide`, content: content });
}); });
router.get('/guides', (req, res) => { router.get('/guides', (req, res) => {
@ -66,7 +70,6 @@ router.get('/guides', (req, res) => {
router.get('/guides/:guideId', (req, res) => { router.get('/guides/:guideId', (req, res) => {
const env = {}; const env = {};
let data = fs.readFileSync(`./content/guides/${req.params.guideId}.md`, "utf8", (err, data) => { let data = fs.readFileSync(`./content/guides/${req.params.guideId}.md`, "utf8", (err, data) => {
if (err) throw err; if (err) throw err;
return data; return data;

View file

@ -1,151 +0,0 @@
extends template.base.pug
block content
.content
h1 FAQ
h3#what-is-keyoxide
a(href='#what-is-keyoxide') #
| What is Keyoxide?
p
a(href='/') Keyoxide
| is a lightweight and FOSS solution to make basic cryptography operations accessible to regular humans. It is built to be privacy friendly and secure, it can even be self-hosted.
h3#why-does-keyoxide-exist
a(href='#why-does-keyoxide-exist') #
| Why does Keyoxide exist?
p
a(href='/') Keyoxide
| provides a solution to a modern problem: we humans have developed advanced methods of encrypting data and signing it. Unfortunately, it requires complicated tools that demand a minimal level of understanding cryptography and how keypairs work to leverage these technologies.
p
| Sadly, this means that true privacy and secrecy in this modern age of surveillance capitalism is reserved to a subset of the world population.
p
| Luckily, there is one thing we can do. Some cryptographic operations are more accessible than others and less prone to leaking private data. By building a service around only those operations, we hope a wider general audience can benefit from modern cryptography.
h3#what-cryptographic-operations-can-keyoxide-handle
a(href='#what-cryptographic-operations-can-keyoxide-handle') #
| What cryptographic operations can Keyoxide handle?
p
a(href='/') Keyoxide
| can:
a(href='/verify') verify signatures
| and
a(href='/encrypt') encrypt messages
| .
br
a(href='/') Keyoxide
| can't: sign messages or decrypt messages.
h3#why-so-few-cryptographic-operations
a(href='#why-so-few-cryptographic-operations') #
| Why so few cryptographic operations?
p
| Good question. First, what cryptographic operations are generally available? There's
strong encryption
| and its counterpart,
strong decryption
| , but also
strong signing
| and its counterpart,
strong signature verification
| .
p
strong Decryption
| and
strong signing
| require private keys.
strong Encryption
| and
strong signature verification
| only require public keys.
p
| If you happen to be in possession of a private key, there is one thing you should know: that key is private! It shouldn't leave your computer and most certainly should never be uploaded to any website!
p
| So yes, alternative services may offer more cryptographic operations but at the highest cost of surrendering your private keys to servers you generally shouldn't trust and companies that may be under geopolitical influence.
p
a(href='/') Keyoxide
| offers a simple solution to the trust issue: we don't want your keys, therefore you don't even need to trust us. Everything that this service offers is possible thanks to publicly available keys.
h3#how-does-keyoxide-work-without-keys
a(href='#how-does-keyoxide-work-without-keys') #
| How does Keyoxide work without keys?
p
| We still need keys, of course, but only the harmless public keys. And yes, we could have built a website where one can make an account and upload public keys, in a similar fashion as alternative services.
p
| But why would we? There's already an entire infrastructure out there in the form of websites that host their own keys (plaintext or web key directory) or dedicated "HTTP Key Protocol" or HKP servers, designed specifically for public key hosting. Why reinvent the wheel?
h3#how-is-this-privacy-friendly-and-secure
a(href='#how-is-this-privacy-friendly-and-secure') #
| How is this privacy friendly and secure?
p
| You can't make an account on
a(href='/') Keyoxide
| because for basic cryptographic operations, we don't need your data or your keys. By not knowing anything about you or using any trackers, this is as privacy-friendly as it gets.
p
| As for secure,
a(href='/') Keyoxide
| does all the cryptographic processing on your device and never sends data to the server. It also doesn't use private keys for any operation (so make sure to never upload those anywhere).
h3#how-can-i-make-an-account
a(href='#how-can-i-make-an-account') #
| How can I make an account?
p
| Well, you can't and that is the whole point of
a(href='/') Keyoxide
| . We don't want your data or your keys. Uploading your keys and/or data to our servers is never required for any of the operations provided by
a(href='/') Keyoxide
| .
h3#can-i-get-a-sweet-profile-page
a(href='#can-i-get-a-sweet-profile-page') #
| Can I get a sweet profile page?
p
| That, we can help you with! Just append your fingerprint to the domain (like so:
a(href=`https:/${settings.domain}/9F0048AC0B23301E1F77E994909F6BD6F80F485D`) https://#{settings.domain}/9f0048ac0b23301e1f77e994909f6bd6f80f485d
| ) to generate a profile page.
h3#where-is-the-app
a(href='#where-is-the-app') #
| Where is the app?
p
| There's no app. Why would you want yet another app for what is essentially just a form with a big blue button?
h3#where-do-i-put-my-private-key
a(href='#where-do-i-put-my-private-key') #
| Where do I put my private key?
p
strong DON'T
| ! We don't want it!
p
| Alternative services may ask you for your private keys so that they can offer additional functionality. Please understand that your private key is yours and ONLY yours. You should never upload it to any online service, in fact it should never leave your computer.
h3(id="what-is-the-use-if-i-can't-decrypt-or-sign-messages")
a(href="#what-is-the-use-if-i-can't-decrypt-or-sign-messages") #
| What is the use if I can't decrypt or sign messages?
p
| If you want to be on the receiving end of securely encrypted messages, you should either learn the basics of modern cryptography and know your way around your computer's command line or switch to end-to-end encrypted instant messaging providers.
p
| Simply put, if you have private keys, you probably won't be using
a(href='/') Keyoxide
| . You will benefit from using command line tools or GUIs like
a(href='https://www.openpgp.org/software/kleopatra/') Kleopatra
| .
p
a(href='/') Keyoxide
| is designed for those without extensive knowledge about cryptography and who wish to encrypt messages to, or verify the authenticity of messages coming from the people with that extensive knowledge.
h3#but-other-services-provide-a-social-network-function
a(href='#but-other-services-provide-a-social-network-function') #
| But other services provide a social network function!
p
| It doesn't need to be centralized to have a "social network" function.
a(href='/') Keyoxide
| simply uses the already existing "social network" of websites hosting their own keys and servers dedicated to hosting large amounts of keys.
h3#pgp-must-die
a(href='#pgp-must-die') #
| PGP must die!
p
| Not a question but we get your point. While there are
a(href='https://restoreprivacy.com/let-pgp-die/') legitimate reasons PGP should cease to exist
| , it is still widely used and without any clear sign of imminent extinction, it needs proper tooling.
p
| It should be noted that while PGP can indeed be harmful when applied to email encryption, there are other legitimate ways of leveraging PGP to encrypt and/or sign messages.
p
| That being said,
a(href='/') Keyoxide
| aims to integrate different cryptographic technologies and therefore ease the transition away from PGP.
h3#what-is-on-the-roadmap
a(href='#what-is-on-the-roadmap') #
| What is on the roadmap?
ul
li Support more decentralized proofs
li Write more guides
li Integrate other encryption programs