Wikipedia suffers from vandalism. We built a prototype for making endorsement from cryptographically signed signature using Ethereum wallet (e.g. MetaMask)
This is fake, right? Why would Wikidata touch this with a ten-foot pole?
There is a lot of paid promotion on Wikipedia and highly-motivated vandalism. Just because someone has reserves of ETH, they get to say what a valid edit is? It seems altogether antithetical to the free-knowledge open-source ethic of the WMF.
It is one thing to propose this as an extension for MediaWiki that some rando running a website may use. It's entirely another thing to mock this up as if it's part of Wikidata's own interface.
EDIT: Headline says "Wikipedia" but screenshots are allegedly "Wikidata" which is really different.
What's the point of some random person "endorsing" an edit?
MediaWiki has a mechanism called Pending Changes, where edits are held from public view until an officially-designated reviewer editor signs off on the edits. This is the sort of endorsement already built-in and in active use on Wikipedia, and it leverages the reputation of a trusted user to "endorse" possibly disruptive edits.
I'm not sure how a wholly external PKI could be any help in "endorsing" edits. A user's ETH wallet has no relation to their reputation or trustworthiness on WMF sites.
Wikipedians also use something called a "Committed Identity" which is a cryptographic proof of their identity, which can be used to recover an account if credentials don't work. Since it's encrypted, it doesn't amount to revealing your real-life identity, it merely provides a mechanism for them to verify it with your cooperation.
> What's the point of some random person "endorsing" an edit?
I think you're right in that it's so far not been necessary to use blockchain based identities. Though, I think blockchain based identities are objectively better. In implementation, it doesn't have to be a random person, it could be anyone or any organization that could endorse changes.
> I'm not sure how a wholly external PKI could be any help in "endorsing" edits. A user's ETH wallet has no relation to their reputation or trustworthiness on WMF sites.
Ethereum based identities are easy to remember and harder to censor. If Wikipedia wants to censor someone currently, they can just remove the system they have implemented. The solution offered provides an external system that provides a way to determine if someone did something even if Wikipedia tries to hide it later. (with the certainty that also backs billions of dollars in value on Ethereum)
> The solution offered provides an external system that provides a way to determine if someone did something even if Wikipedia tries to hide it later.
No it doesn't.
This system is signing the revision id number (im assuming based on the video). There is not neccessary any connection between the signer and the revision id. There is no way to verify if the revision id was ever valid (typically revision ids are sequentially increasing numbers but there are edge cases where that is not true. And i dont mean censoring edge cases, although there are systems on wikipedia where pages can be deleted or revisions hidden)
So what does this system actually prove? That someone at a specific point in time signed an integer. Maybe that integer corrdsponds to a edit they like, maybe it doesn't. Maybe they never read the edit. Maybe the edit never existed.
This whole thing is seriously stupid. It is a non-solution to a non-problem. The problem they are trying to solve doesn't exist and even if it did this wouldn't fix it.
I mean hell, at the very least you think they would sign a hash of the edit instead of just an id number.
Yeah, at this point you might as well hook in to the RecentChanges API, monitor that, sign everything, and then you could detect when there was a RevDel or Oversight action taken and the edit disappears from view.
Or you could, you know, get involved in the WP community and become an Administrator, and then you would actually have access to see those deleted edits and files without hindrance.
This whole bit seems to be some kind of hedge against Wikidata oversighters becoming evil and "covering up" some misdeeds or truths by abusing their powers to delete and suppress edits. While anything could happen, and I grant that this is a temptation to anyone, "signing an integer" as is proposed, with a completely unrelated identity in a completely unrelated PKI, is going to be utterly pointless and won't produce the accountability they seem to seek.
Also, if this signature isn't recorded on the blonkchain, then where is it going to be recorded? Wikidata ain't holding it for you. You've got to put it somewhere. Are you going to use IPFS or Dropbox or something?
> NoZebra120vClip@: ... Also, if this signature isn't recorded on the blonkchain, then where is it going to be recorded? Wikidata ain't holding it for you. You've got to put it somewhere. Are you going to use IPFS or Dropbox or something?
OP: I am glad that you brought it up! Yes, that's something we are comtemplating right now. It could be a IFPS, it could be a centralized server that we own, or a Wikimedai Toolforge. The good part is, it could be both, and also decentralized. Being a cryptographic signature, anyone who hold a copy of an endorsement could validate if their are true. We put out this prototype to solicit wise and inspiring feedbacks like yours, and hopefully we can improve our product. We also ask for open source contributors who are interested.
I wasn't really paying attention to the implementation, but just what is easily possible. It would be simple to sign the full edit and provide that to other people without ever storing it on chain. It's also possible to create a contract that serves for domains of an organization to sign messages, etc.
> This whole thing is seriously stupid. It is a non-solution to a non-problem. The problem they are trying to solve doesn't exist and even if it did this wouldn't fix it.
I think this a valid. I actually do think blockchains solve identity well through domains, though, with endorsements, there's already seemingly good trust to the accuracy of identity on social media platforms. As an example, there's not usually a question to whether Elon Musk was the person who made a Tweet endorsing something as true.
> I mean hell, at the very least you think they would sign a hash of the edit instead of just an id number.
With most blockchain based stuff, it seems like projects are frequently made without much consideration.
> It would be simple to sign the full edit and provide that to other people without ever storing it on chain
You could definitely do better than what they were doing, but i dont see how you would be able to distinguish between a signature on a real edit and one on a fake edit that never existed on wiki. Of course you could have a trusted third party verify the edits, but in that case you might as well just use a normal website.
> You could definitely do better than what they were doing, but i dont see how you would be able to distinguish between a signature on a real edit and one on a fake edit that never existed on wiki. Of course you could have a trusted third party verify the edits, but in that case you might as well just use a normal website.
If they really wanted, they could prove they made edits on a chain. Using Ethereum directly is expensive, but the layer 2 chains that finalize on Ethereum are not expensive. The EVM can handle and store the results of any computation given that it is small enough for the block and has enough gas to pay for it. The fees on some layer 2 chains are very low. [1]
I don't really know if it necessary to prove someone did not make an edit though.
Note: I'm not sure that Polygon's zkEVM supports all op codes. Though, there are other chains like Arbitrum Nova where the EVM is fully supported, and the fees are less than $0.01/transaction. (for now at least) Polygon's zkEVM provides better security guarantees though. You can see the total value locked for different chains here, [2] which should be partially indicative of how much the markets trust them.
So assuming the context is to prove if wikipedia is "censoring" you, i dont get how this would work. Sure you could store the whole edit on the blockchain, but how do you prove that is the same edit as the one that used to be on wikipedia and is now censored? How would an outside observer be able to tell that the whole edit isn't faked? That instead of wikipedia censoring the edit, what actually happdned was the edit was never submitted to wikipedia at all but made up.
If everything is going on a blockchain, it's very simple. I made this simple contract to demonstrate. [1] It can be tested with Remix. [2]
In [3], the getArticle is called which shows the article text has not yet been set. Then, in [4] I'm showing that by calling a method on the contract, the text of the article can be set by someone using the contract. In [5] I show that this previous edit changed the text of the article. In [6] I'm showing that different signers of transactions can also be displayed as an editor. And finally, in [7], I'm showing the an item in the edit history can be looked up by index.
If what is stored on the blockchain does not match what Wikipedia is showing, then Wikipedia is censoring what is supposed to be in the article. This isn't showing endorsements, but, endorsements could easily be added to this contract by creating a mapping on the contract for users that want to endorse edits at an index, etc.
This is not state everything should be on a blockchain, but just demonstrate that it is possible to create censorship resistant article edit tracking that has endorsing users.
Endorsements. (specifically to edits they approve)
While this prototype did not consider much, most applications on Ethereum do provide high levels of interoperability. An organization (or DAO) could write their own implementation for how their domain uses the endorse function on a contract, then have their members endorse information, which results in the organization endorsement (ex. endorsed by who.int) showing up when requirements are met, etc. A high profile person, like Elon Musk, could also sign stuff to have his signature show up on a reference. (ex. ElonMusk.eth endorses this reference as accurately representing the truth)
I think with this specific use case, the purpose is not as clear because endorsements on social media are already trusted by users. For users, even if this was correctly decentralized through a blockchain domain, it still would likely require developer interpretation for them to understand if the decentralized service is operating as expected.
I mean, i dont think "elon musk endorses this statement as true" is something that wikipedia would want. Elon musk is not a good source for what is true about elon musk (not picking on musk specificly. Most people have motivation to not be fully truthful about themselves).
Ultimately i dont see what benefit all the blockchain stuff has. You need to bind identities to wallets anyways, why not just skip the middle man and have people make endorsemdnts directly? Like the main benefit of signing would normally be non-repudiation, but it seems like this is a case wherd repudiation would be beneficial - we wouldnt want to keep an endorsemdnt that was repudiated.
> Like the main benefit of signing would normally be non-repudiation, but it seems like this is a case wherd repudiation would be beneficial - we wouldnt want to keep an endorsemdnt that was repudiated.
So, it sounds like you're thinking something more like [1]
> I mean, i dont think "elon musk endorses this statement as true" is something that wikipedia would want. Elon musk is not a good source for what is true about elon musk (not picking on musk specificly. Most people have motivation to not be fully truthful about themselves).
I think it's useful information, but, that it basically already exists. I think there are times when it becomes really interesting, like organizational endorsements and repudations, but I just don't see endorsements and repudations being that interesting. Another idea I've seen suggested in the past is requiring users to provide a small deposit, which can be seized if it's shown they're intentionally acting malicious.
> You need to bind identities to wallets anyways, why not just skip the middle man and have people make endorsemdnts directly?
This actually has been done really well. Ethereum Name Service now has over 2,500,000 registered domains. [2] It's as easy to remember someone's address as it is their email address or social media handle. (And they can be contractually controlled, so an organization or DAO can create transactions with them or create complicated implementations that determine how they should resolve)
> bawolff@: You could definitely do better than what they were doing, but i dont see how you would be able to distinguish between a signature on a real edit and one on a fake edit that never existed on wiki.
OP: In our prototype, an endorsement is being signed. In production, it's possible that people will add their signature for their edits tool. We hope increasingly people will sign their edits so there is an increasing subset of Wikipedia edits that could benefit from decentralized signature that doesn't rely on Wikimedia or centralized entities to verify. The adoption will not happen overnight, just like The HTTPS.
> bawolff@: This system is signing the revision id number (im assuming based on the video). ...
OP: that's totally true, bawolff@. Our intention was to show case the signing part End-to-end workflow prototype. In real production one could be signing for a diff patch, or a full update.
The fundamental flaw at the heart of crypto: the insistence that only onchain data matters, while in the real world, your reputation is tied to your real identity.
This idea would work if the ETH wallet was tied to a real identity, but since crypto keeps insisting on anonymity, all you get is a random address signing a thing.
In what way does crypto "keep insisting on anonymity"?
It's a system of private keys. You can attach identities to these keys, or you can not attach identities to them. The tech itself is unopinionated in this way.
Tech isn’t insulated from culture, and crypto culture so far has heavily emphasized anonymity, starting from the very beginning with Satoshi’s undisclosed identity.
It wasn’t until a couple of years ago that you even started seeing real world identity startups pop up.
"... your reputation is tied to your real identity."
Why do corporations get to conduct business, have credit scores, influence others' credit scores, and even make political contributions without anyone knowing the identity of the humans directing them? Seems like that reputation system functions well enough, and it's anonymous vis-a-vis "real identity." Shouldn't human beings be entitled to at least as much privacy as a shell corporation?
On the internet, no one knows you’re a dog. On the internet, no one also knows that you’re a 14 year old signing off on Wikipedia pages about vaccines.
Anonymity is welcome and important, but some things require connections to your real world knowhow.
> spaceman_2020@: The fundamental flaw at the heart of crypto: the insistence that only onchain data matters, while in the real world, your reputation is tied to your real identity.
OP: I think I share the view with sowbug@ in his answer:
> sowbug@: Why do corporations get to conduct business, have credit scores...
OP: also, in the long term, I believe that "reputaiton" is going to exist in a digitized form in the future, and people will have real identity attested with digital signature, just like HTTPS help you ensure the site you visit is the site that you think you are visiting.
And I agree with everfree@ that thinking "blockchain" insist on anonimity is a common misconception and misunderstanding of cryptography.
> NoZebra120vClip@: Wikipedians also use something called a "Committed Identity" which is a cryptographic proof of their identity, which can be used to recover an account if credentials don't work. Since it's encrypted, it doesn't amount to revealing your real-life identity, it merely provides a mechanism for them to verify it with your cooperation.
OP: Thank you for brought it up. The growing adoptiton of crypto wallets brings hope for more people to sign as this Wallet apps are built for regular users so their user experience is much easier than PGP / "Committed Identity tools which is SHA-256 and other options even though those options has existed for decades. A metaphor will be FaceID / TouchID supported PassKey vs other crypographic signing GNU libraries.
> NoZebra120vClip@: Just because someone has reserves of ETH, they get to say what a valid edit is?
> NoZebra120vClip: What's the point of some random person "endorsing" an edit? I'm not sure how a wholly external PKI could be any help in "endorsing" edits. A user's ETH wallet has no relation to their reputation or trustworthiness on WMF sites.
> World177: ... Though, I think blockchain based identities are objectively better. In implementation, it doesn't have to be a random person, it could be anyone or any organization that could endorse changes...
OP: Actually to use this tool we don't require anyone to own any ethers. It's just a digital signature signed with Ethereum compatible wallet.
And I am super glad that @World177 pointed it out. That's exactly what where we are going. If we could let people sign with identities that's crypographically and blockchain native, we could further expand it with other social and tech architecture. For example, with support of Ethereum Name Service or other DID, people could sign with their identiteis associated with some institutions or organizations. Or they could collaboratively sign - e.g. a committee of reputable peer review group would only sign as a whole when their signatures aggregates to beyond the threshold.
There is also another possiblitity that we establish a decentarlized computer graph based on "who has endorsed whose edits" so that the editors who are endorsed by more people, has a greater power endorsing others. Visualize the similar approach of Google's PageRank or Facebook's EdgeRank except for each vertex could be an editor's decentralized identity or an article, and each link could be the endorsement relationship or the author-article relationship.
> NoZebra120vClip@: EDIT: Headline says "Wikipedia" but screenshots are allegedly "Wikidata" which is really different.
OP: We use "Wikipedia" here because that's what most audience might recognize. In technical specifics, the site is Wikidata.org which is a sister project of Wikipedia, also supported by Wikimedia Foundation and share the same spirit. The Wikipedia is powered by software called MediaWiki, and Wikidata uses an extension of MediaWiki called Wikibase. It has its whole ecosystem and terminologies like all other open source movement.
Signing things is cool. Humans on the internet should sign more things. But why in the world would you want to use the same key that can instantaneously shred the dollars in your bank account to ensure authorship of some edit on a website article? The UX for these two things should be incredibly different; instead you are setting people up to get phished and lose their savings.
I mean, to your point, why in the world would anyone use a ‘hot wallet’ or any wallet with anything valuable in it for this purpose. You wouldn’t. You would make a dedicated wallet for signing Wikipedia transactions.
Trying to be fair here - it's technically not linked to any blockchains. It's just (ab)using the cryptographic primitives provided by the Metamask wallet app to sign things with a key stored in the wallet. That key might (probably) also be used to sign things that end up on any sort of blockchain, e.g. ETH.
The reason to do this is some people do indeed have Metamask (a browser extension, yuck) already installed and a wallet set up - so technically this might be an easy way to enable signing for them.
The reasons not to do this, I already detailed above. It is a neat hack, that would fare tragically when applied to the masses.
No, the users are on Wikipedia. WMF has their own auth infrastructure already in place. It seems like the author of this "mockup" is proposing that WMF shitcan their entire user/auth infrastructure and replace it with a blonkchain-based one (and to be specific, this one particular ETH-based blonkchain.)
And then, of course, you'd apparently need to convince every Wikipedia user to get on the ETH PKI for this purpose? That does not seem like a rational choice.
Nothing about this mockup seems rational. It is entirely fake and frivolous. There's not even an explanation of the supposed benefits of this "endorsement" feature. Because it doesn't have any.
If there were 10M monthly real users, large crypto airdrops would go out to way more people. But even the big ones like Arbitrum and Optimism went out to like 500k “wallets”. Many of these were multiple wallets owned by the same people.
Daily transaction data on Etherscan shows that the most popular tokens like USDT/C are traded at most by under 100k wallets. OpenSea has like a few thousand wallets trading daily at most.
Real onchain users are not more than 1M a month, and that’s a stretch. I would put it closer to 500k real users, many of whom might have multiple addresses (I have 8).
And Facebook probably has a couple orders of magnitudes more, but you don't see anyone lining up to make a Facebook app for this.
Besides, Wikipedia already has user accounts. They even have a system for users with the appropriate permissions to approve revisions of a page -- no external crypto-nonsense needed.
Can I create 1000 empty wallets and endorse bogus edits 1000 times? It's really easy to create empty wallets at scale. What value does an endorsement like that have?
> @8organicbits: Can I create 1000 empty wallets and endorse bogus edits 1000 times? It's really easy to create empty wallets at scale. What value does an endorsement like that have?
In a centralized setup, e.g. facebook and twitter, that's what they have suffered from.
In decentralized setup, however, it's possible that different reader will use different algorithm provider. If an algorithm provider uses something like PageRank/EdgeRank kind of graph-random-walk based reputation algorithm, 1000 empty wallets who doesn't have reputation will not increase any reputation of the edits they endorse.
Sure, public votes would allow alternate algorithms or even client side ranking. That's a cool idea. Wallets are not required for that and are a weak part of the idea.
You could, for example, apply your own ranking algorithms on top of HN, using things like karma to decide reputation.
> justsomeadvice0@: But why in the world would you want to use the same key that can instantaneously shred the dollars in your bank account to ensure authorship of some edit on a website article?... It is a neat hack, that would fare tragically when applied to the masses.
You are right that neat hack doesn't always applied to the masses. The assumption that we will have the level of mass adoptions will be a dream. Today, it doesn't. and we are just exploring and option. it's totally possible that this is a bad idea. And we have options to mitigate that such as using ERC-5453 endorsement, or using "semi sig" which will be e.g. a signature that's half size of normal etheruem size etc. but there is a long way to go for the whole industry to improve its UX.
I think we envision a (long term) future where most fund are kept in contract wallets that operated under proper limits and multi-sig or signaure aggregation requirments.
Same as with a CA system, you can simply use a high-security key to delegate signing privileges to a lower-security subordinate key, then revoke when necessary. ENS natively allows for this pattern due to it supporting separate ownership and resolution addresses, and so it might make a good integration with a signing tool like this.
Ethereum is a blockchain of computations. The fact that it also secures billions of dollars is evidence that the records, such as domains that represent an identity, are highly secure. In the same way that someone can't change who owns a balance, they also are not able to change who owns a blockchain based domain.
At a super low technical level, probably nothing. At a higher level, obviously way more people use Ethereum and the MetaMask extension, than use GPG. It’s better because it’s way more popular and easier to use.
The chain of trust seems better with blockchain based domains than chain of trust often used with GPG. With blockchain based domains, they're secured by the same chain that has so far successfully secured billions of dollars. In the old system, at the top of the chain, the person trusting keys had to be confident that the keys at the top were correct, where in my opinion, it's harder to mistake having an incorrect version of Ethereum's chain.
The old system also provided a way for domains to be seized, which would be the equivalent of an identity being revoked. This can't happen with blockchain based identities, so it provides more certainty. Blockchain based domains are tie human rememberable names to identities well. Which while GPG is associated with email addresses, the association seems more difficult to fake, and provides non-technical people certainty of identity in a similar way to how they would normally trust a website.
> @crote: Heck, I'm having trouble seeing what makes this better than a Facebook Like!
Yes it's pretty much the same as Facebook Like, except that the accounts are decentralized so could never be banned. Also you could have a group of people "like" an edit as a group (shared identity).
This project feels a lot like “we could do things with blockchain because…we can do things with blockchain”
As mentioned elsewhere, there’s already PKI stuff for Wikipedia, there doesn’t seem to be a lot of point, or benefit? Just because there’s some sort-of-convenient infra in ETH land doesn’t automatically make that inherently useful to anywhere else, and honestly comes across more like a veiled attempt to pump MAU’s on blockchains/meta mask.
Even as a skeptic, this wallet can be tied to a real identity, which would make signing transactions way more legit. And more importantly, the infrastructure for crypto is already established.
Still can’t shake the idea that this is a solution waiting for a problem, and this isn’t really it.
> @mvid: I work in crypto, and even I ask, what makes this better than GPG?
OP: two points.
1. It helps harness the help from EVM wallet's adoption. Most people don't know how to use GPG. Most GPG tools aren't built with mind of regular user as target audience.
2. We could soon see on-chain identities, and organizational relationships linked to it. E.g. one could use ERC-1271 to have a contract attest to a signature.
> oskarw85@: That's simply not true. Even if the underlying mechanism is the public-private key pair most owners do not use it with signing in mind.
OP: Society with and without "phones" are foundamentally different.
The introduction and adoption of cryptography into daily life is at this level.
In the beginning, we probably could only attract a small group of adoptors. But the monthly active editors of Wikipedia is only O(100000)
and the number of editors that actively review and "like" edits are even smaller, around O(1000). This is the scale of users that have made great impact on Wikipedia and the world's knowledge.
Why is this better than just signing it with any private key and sharing the public key? Why do you need to involve a blockchain and I assume transaction fees as well?
The infrastructure for this mechanism is already implemented, operational and secure. The alternatives are hypothetical at this point in time. And signing doesn’t incur transaction fees, why would you assume that?
No TX fees here, since signing is not on-chain- the advantage is just that having eth accounts means people are already set up with a keypair, often without even realizing it.
> Why is this better than just signing it with any private key and sharing the public key?
People using Ethereum often also use blockchain based domains which makes it easier for non-technical people to be more certain about endorsements. Ethereum leaves the implementation of how something becomes endorsed by a domain up to the owner(s) of a domain.
> Why do you need to involve a blockchain and I assume transaction fees as well?
This is more dependent on implementation. Just endorsing something does not need to be on chain, so there does not need to be fees.
If that “spam” you talk about was real and not just a conspiracy theory, you wouldn’t have to rely on promoting uncritical, dogmatic skepticism. That only works on feeble minds anyway. The people who matter are taking crypto seriously regardless of your “efforts”.
I mean a lot of us are skeptical about many of the proposed use cases for legitimate reasons. We aren’t just mindlessly against any and all mentions of crypto.
OP(xinbenlv@HN): Hi all, OP here. I am new to the HN so please forgive me and educate me for the proper etiquette if I doing anything wrong.
I am super thrilled to see 28 upvotes and 58 comments overnight. thank you for your passionate response, suggestion and critize of what we shared. It took me a while to read every comments you left so please bear with me for delay.
Here are the combined responses for your questions:
It's done via a Wikipedia feature called "User script", which works like a Chrome/Firefox Extension. If an user choose to install what you build, it could load additional JS and CSS. Our code is open sourced on https://github.com/wikiloop/signed-stmt,
and the feature is enabled for my own account User:Xinbenlv
Thank you all for your passionate conversations. Your criticize and defending are all super valuable and inspiring to us.
Thank NoZebra120vClip@, bawolff@, spaceman_2020@, justsomeadvice0@, duskwuff@, 8organicbits@, mvid@, greenthrow@,
sacnoradhq@: you helped us think harder with your criticizing comments and questions.
World177@, sowbug@,
everfree@, 40four@, peyton@ crote@ yieldcrv@,
xk_id@ Thank you for your defending, your inspiration and your support! It means a lot. We also look forward to collaborate with you if interested.
Considering most Wikipedia editors are under-employed guitarists and retired house painters deciding on the veracity of details about local history events and obscure scientific niches, this doesn't help much.
> Considering most Wikipedia editors are under-employed guitarists and retired house painters deciding on the veracity of details about local history events and obscure scientific niches, this doesn't help much.
OP: that's true, for majority editors. But just like Balaji says in his Network State book, it only take a small group of people to start something big. We just need early adoptions from some subset of editors and hopefully if it's useful, other poeple will see it and begin using it.
There is a lot of paid promotion on Wikipedia and highly-motivated vandalism. Just because someone has reserves of ETH, they get to say what a valid edit is? It seems altogether antithetical to the free-knowledge open-source ethic of the WMF.
It is one thing to propose this as an extension for MediaWiki that some rando running a website may use. It's entirely another thing to mock this up as if it's part of Wikidata's own interface.
EDIT: Headline says "Wikipedia" but screenshots are allegedly "Wikidata" which is really different.