Skip to content

In-product username search requires public binding between product account and primary identity #267

Description

@BigTava

Problem

Username-based search requires a public binding between a product account and users primary identity account, which restricts products from protecting the privacy product accounts are meant to give.

How Browse does this today:

  1. A user recommends an app. The product account signs the recommendation, and to prove which person is behind it, it signs a binding message of the form "attestation v1\n" followed by the resolver contract address and the product account address, using the primary DotNS identity account.
  2. The resolver contract verifies the signature and records the identity behind the product account, storing it in a public map.
  3. To search for apps recommended by a username, Browse scans every app recommendation and reads back which identity each attester is bound to.

Suggestion

One alternative to the current public binding is to keep the product-to-identity link private and managed by the User Agent. A product could request through TruAPI that another user share their product account for that product over chat. If the other user accepts, the link is stored and managed by the User Agent instead of being written to a public contract map.

Related to #222

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions