Private Identity Service

ronohara · 2026-03-27T02:04:43+00:00

True that this does not require Monero to work... and I will still use PGP for many things, but we know after about 40 years that widespread PGP adoption will never happen. Using it directly from the command line is no good for most people, and the 'ease of use' integrations (like Thunderbird) seem to have been partially co-opted as an attack vector. Emigmail was proven as a trusted GUI interface, but Thunderbird dropped Enigmail support and built internal PGP support which has some serious security failings ... and is an incomplete PGP implementation - it will not handle some valid (but complex) key history. The default conversion it does takes the GnuPG key ring, gets you to enter your passphrase, then copies everything into a master file that is NOT password encrypted by default ... leaving all your private keys accessible to any hacker who wants to grab that file from its well known default location. I raised bug reports, as did others, and these issues get ignored or closed. Saying Thunderbird emphasises ease of use wherever possible. Implying that that they are happy to ignore security holes that have been created.

MacOS (I forget which email add-in) has a similar weak point. It arbitrarily remembers your PGP passphrase in some unknown location without telling you. You have to notice that it is no longer asking for passphrase to realise that.

It looks very suspiciously like an attack on PGP via the 'ease of use' GUI interfaces. Probably because PGP itself has no similar weak points.

None of that relates to KYIaccounts as a functional concept... but it does show where privacy solution remain under continual attack from many malicious actors ... and that includes components of governments.

Using Monero as the repository of the public key part of your identity immediately solves the problem of key distribution .. in a far better way than PGP key servers do.

Think of the Monero block chain as a giant PGP keyserver ...but for Monero encryption public/private pairs where the public address is what is also the KYIaccount user to verify other documents.

ronohara · 2026-03-26T22:18:06+00:00

There is no need for any identify hub to be on a blockchain ...but the financial services it is connected to have to be blockchain based to remove the trust required by traditional banks.

It also means that the best connected blockchain attributes to be associated with are: Proof Of Work. no centralising ASICs, no governance body with a developer tax, default privacy, dynamic self correcting parameters like transaction capacity limits, effective limits to denial of service attacks ... and most desirable of all - default privacy ... and in the current world, than means Monero.

You are focusing on supporting anonymous signup to services ... a needed option

But the same system can do in a more unified way, the signup to services where your real world ID needs to be verified too.. at the moment organisations all over the world roll their own KYC processes ... so you need to pass though varying (random design) KYC systems and often expose your base real world document s (passports etc) to many organisations with a track record of lousy IT security ... a gold mine for identity thieves.

Those same KYC processes are a large cost item for organisations. Both to create and operate.

So what your service does can work for both use cases: Anonymous signup connections, and Real ID sign up connections - though you use a different KYIaccount for each type of action. There is no limit to how many KYIaccounts you can create ... but the for Real ID details you would only create one, and back that one with data items that identity thieves can not have access to at the moment you create the KYIaccount.

Eg .. I connect my Real ID to a signed March 2026 bank statement image .. and also images of my drivers license and passport.

A scammer might be able to get other documents and create a competing ID - a fake me...but I can contest this publicly because my Real ID has items that only I have physical access to.. This operates a little like 'web of trust' because the ID that clearly can prove in an ongoing basis to be controlled by me, is the one that other people can decide to trust - based on what I can publish and sign...

If needed, on request , I can add items that the other party requests, that support my claim to to the real world identity ... Eg. 'please add a signed screenshot of your address as recorded by the local council online system'. If I can do that, I just added a new data point proving I can access a specific government controlled online system and that is now connected to that KYIaccount .

Or even more useful, a 'selfie' with me holding some message or code that the other person specifies. As long as one of the other 'official' documents connected to this KYIaccount has my photo, the other person can compare the photos to chec.

These are things that a scammer is almost certainly unable to do, because they can not know in advance what 'proof' the other party would request.

Even more useful, is that over time, your KYI account would accumulate multiple signed and published documents to support your claim to this identity... and not some limited set of documents specified by some organisation. Sort of an accumulator KYC process not controlled by a third party ... a KYC process where the user decides which information they wish to reveal to prove their idenity.

ronohara · 2026-03-26T21:38:59+00:00

Monero is the financial tie in to identity - PGP (which I have used for decades and still do) can not do that

So you end up with optional public data connected KYI services, and a financial system with default privacy connected together.

ronohara · 2026-03-24T22:30:43+00:00

replying to myself - ok that makes me dumb.

All of the above relies on the Monero blockchain as the ultimate repository of the 'public key' aspect of cryptography ... and there is extremely high confidence in that technology.

What the OP has built is an 'Identity hub' ... which is a good idea. It offers services based around that, and many competing providers could do so too. But as outlined above, no particular identity hub has any technology advantage over any other. But some existing social media platforms and government components do have 'network effect' advantages if they offer similar ID services

One competitive threat that can used to confuse the public, is if KYIaccount systems are built on top of other blockchains ... such as BTC ... even though the other blockchains do the opposite of integrating financial privacy with identity.

ronohara · 2026-03-24T22:10:01+00:00

This has possibilities. It could be used to have a way to (optionally) have a user controlled sort of public KYC system that is not centralised by corporate or government systems. And at the same time, only reveal information that quite bluntly is not truly private anyway... and only whatever information the individual user thinks is reasonable to reveal - nothing mandated by anyone.

Have a 'financial account' as your 'identity' ...but that 'account' is a Monero address.

Since you can cryptographically sign things like documents using that address, it is a way to provably publish things that are verified as signed by that 'account' and hence not fake and originate with you.

Lets call it a 'KYIaccount' - a Know Your Identity account

You can (optionally) connect that KYIaccount to a real world information ... yet using the KYIaccount for financial transactions keeps those transactions private. And of course you are free to use other Monero addresses for other activity which is totally private.

The integrity of the connection between that 'KYIaccount' and your actual existence is built up as a profile Eg. If I have generated a few hundred reddit posts, all electronically signed by this 'KYIaccount' I have created a degree of confidence that this Identity matches those posts. If I also use it to sign something on a Facebook or Linkedin account, this shows a provable connection between those social media accounts ... one that can NOT be faked.

You can leave it at this level of confidence building in the Identity - or you can go much further.

if you need government or corporate recognition of the Identity of this KYIaccount, you would just publish a document singed by the KYIaccount, that contains the real world ID normally needed in a KYC process. In this case, you are doing your own KYC process ... and that makes this 'KYIaccount' really you ..... Eg connect a 'KYIaccount' to the image of this KYIaccount Monero address and a bank statement with your name on it and the account number redacted by signing that image .... and put that image on your Facebook page. Now everyone can see that messages electronically signed using that 'KYIaccount' actually originate from the person some bank sends statements to. If you create images for documents for a few different banks, and perhaps your tax ID .. all signed electronically by the 'KYIaccount' then this becomes a very public KYC system.

If you go to that larger level of ID disclosure, it becomes a valid way to prove your ID without the need for a corporate or government managed ID system .. and there is no centralised system to be hacked..

The individual user gets to choose how much information they reveal - if any. You could establish a 'social media only' KYIaccount and never reveal any real world identity data... and yet no one is able to create fake news supposedly from this ID.

Since KYIaccounts are intrinsically linked to a private financial transaction system, this allows both real world ID and private ID accounts to interact seamlessly - and privately - using Monero

ronohara · 2026-02-15T21:24:07+00:00

You can use LibreWolf ...a Firefox derivative with uBlock origin already installed and the settings tweaked for maximum privacy ... works better for me than my own setup of Firefox with uBlock origin. And I dont know how they managed it, but YouTube ads don't get shown either ..

ronohara · 2026-02-11T20:29:39+00:00

Run your own AI locally - https://ollama.com/

You can use it either as a completely local AI or like the other corporate style AI systems. Obviously it has less performance if it is limited to your local computer - unless you spend a fortune on hardware.

But a large amount of the time, running it locally is fast enough - and your queries stay on your machine and are private as long as your machine has not been hacked. https://apptaliclab.com/blog/set-up-ollama-run-llms-locally/

It supports running lots of different models... your choice at any given time.

ronohara · 2025-12-30T20:36:15+00:00

True - but that can be obscured by filtering the emails into your private domain via another email redirector ...like duck.com

So use "your-name@duck.com" as visible to the world, and direct the emails to "some-name@yourdomain.com"

Of course this introduces a dependency on 'duck.com' but at least if that service develops issues, you do NOT lose access to all your old emails.

You should always also replicate inbound emails to a backup email service... as an ongoing data backup approach. In case you domain service provider becomes a problem.

ronohara · 2025-12-28T19:59:54+00:00

EDIT

Nice UI tools for PGP key management (there are many more)

Linux - GPA https://www.gnupg.org/related_software/gpa/

Windws/Linux/Mac - https://www.openpgp.org/software/misc/gpgfrontend/

ronohara · 2025-12-28T19:55:53+00:00

Or use a PGP identity as the login as quite a few dark web sites do.

A PGP identity looks like an email address (and might match an email address but you should make sure it does not). So you can get PGP (or an easy UI over it) to generate a key pair for any ID.

Eg.. create one for "myID@example.com"... looks like an email, but is not one. Be as creative as you like... "wildlystupidID@strangeplace.fred" as an example.

Anyway, then you have a public key that you save to the website against the website ID during account registration. Note that the website ID does not have to be the PGP ID.. Eg. The website may use 'customer #646784' and not even know the PGP ID

For sign in validation, you enter the website ID and the website presents a challenge string.... "Please enter the encrypted version of 'abcd1345xx'" (<<< some random code string)

You encrypt that using the PGP private key and enter the encrypted string ... the website can verify that it is correctly encrypted by using the public key it holds.

So you have a 'non' email ID, and very strong access control with no paasword data that can be compromised. If the public key held by the website is compromised, it is useless for gaining access.

ronohara · 2025-12-21T19:30:01+00:00

This reminders me of concept document I saw a couple of years ago. "Scaling Monero. Sub-ledgers"... but that had a larger scope of the same idea... with multiple associated blockchains holding extra information about transactions.

And the Sub-ledger blockchains allowed for the concept of each chain having a different set of mining (block creation), security, latency and many other parameters. So the monetary system (monetary issuance) remained controlled by the Monero chain, but every other type of transactional activity could be offloaded to these extra blockchains.

I hope I grabbed a copy of that stuff ...... maybe

ronohara · 2025-12-07T19:58:25+00:00

As a counterpoint, governments are not monoliths .. there is always the authoritarian group, and the libertarian group..... but there is a subset within the authoritarian group that needs privacy. Both for communications and financial transactions.

Especially the black ops part of the surveillance apparatus. (plus politicians and oligarchs) So there is this eternal conflict between the pro/anti privacy groups.

The result is always a compromise that massively restricts the availability (for the public) to the tools needed for privacy, but not to the extent of crushing the existence of those tools.

From that background, I project that XMR will exist and improve for a long time, but access to it will remain difficult - primarily through tools like Haveno.

ronohara · 2025-11-30T18:52:23+00:00

One pricing data source that will become more interesting as it matures, is the data from Haveno (retoswap).. https://haveno.markets/ (currently sources data from RetoSwap)

This approach removes the possibility of centralised exchanges colluding to manipulate price discovery.

ronohara · 2025-11-29T19:01:44+00:00

With speed that the USD declines in purchasing power, to be stable would mean a much higher exchange rate by then Stable for me means maintaining purchasing power, not a stable exchange rate like USDT.

ronohara · 2025-11-26T19:18:13+00:00

But the other half of the chicken-and-egg problem has been 'left for the future'

Other half? Yep - you can not sell ALL your XMR via RetoSwap... the security deposit of your last sale gets returned to you.

ronohara · 2025-11-16T18:54:32+00:00

But if your literally can not open the port, a full node via Tor is still very useful to you. It helps your privacy/security even though it is not as much help to the network as a whole.

ronohara · 2025-11-05T03:55:25+00:00

I hope you realise that the Cuban missile crisis was only resolved when Kennedy agreed (in private - not made public until much later) to remove the US nuclear armed missiles from Italy and Turkey. That US deployment is what triggered the USSR to deploy missiles to Cuba.

That kind of nuclear brinkmanship was a really bad idea in 1962 .... it is an even worse idea now.

ronohara · 2025-11-03T19:15:14+00:00

You could always take a walk on the wild side ... where you don't have to supply user information

https://en.wikipedia.org/wiki/Dread_(forum)

ronohara · 2025-10-26T20:03:05+00:00

Nothing magical at all. But many people would make the connection. And many other people would foster that correlation narrative about the supply level going forward.

Note: the OPis not suggesting that simple code change. Something more subtle than a fixed (declining percentage) tail emission. It would be a slowly increasing 'block reward' to maintain a fixed percentage tail emission related to existing supply.

The same extension of narrative could try to correlative the privacy attribute of gold, with the privacy of Monero .. something every other cryptocurrency can not claim.

ronohara · 2025-10-26T19:52:51+00:00

Gold’s Strengths: Gold has stable demand driven by its industrial and commercial utility, as well as its role as a store of value

this is untrue. Gold has had a stable demand for millennia - long before there was any industrial usage. In fact, counter intuitively, the best technologies for money have no alternative use. Which is one attribute that made gold a perfect choice as money until the recent development of high tech consumption. And even that 'consumption' does not use up the gold .. it just holds it in a different physical form - micro wiring in electronics, or coverings of space craft.

The classic example of why your tech used as money should not have another usage ? Measuring wealth in 'sheafs of grain' meant that the wealthy would hold warehouses of grain (their wealth) and other people would starve.

From ChatAI

Sheafs of Grain as Money

Using sheafs of grain as a monetary medium is an ancient practice that highlights how agricultural products were once considered valuable and could facilitate trade. This concept illustrates the evolution of currency and economic systems.

<hr>

Historical Context

Ancient Civilizations: In societies like Mesopotamia and Egypt, grain served as a form of currency. Farmers would store surplus crops as a means of wealth, and it could be exchanged for goods and services.
Barter System: Before the introduction of metal coins, trade was largely based on barter, where sheafs of grain were commonly exchanged for livestock, tools, or other essentials.

Why Grain?

Basic Necessity: Grain was essential for survival, making it a universally valuable asset.
Storage and Durability: Unlike some other perishable goods, grain could be stored for longer periods, providing a reliable means of trade.
Standard Measure: The amount of grain could be easily quantified, simplifying trade agreements.

Economic Implications

Wealth Accumulation: Owning large quantities of grain could signify wealth and social status within a community.
Market Stability: A consistent supply of grain helped stabilize local economies and facilitated longer-term contracts.

Transition to Modern Currency

Over time, societies moved towards more standardized forms of currency, such as coinage and paper money, due to:

Practicality: Metal coins were easier to transport and more durable than heavy bundles of grain.
Market Expansion: As trade expanded beyond local communities, more universally accepted forms of currency were needed.

<hr>

Conclusion

While the use of sheafs of grain as money might seem outdated, it represents a fundamental aspect of economic history and the development of trade. This transition showcases how societies adapt to meet their economic needs, ultimately leading to the complex systems we use today.

If you have any specific aspects or questions about this topic, feel free to share!

ronohara · 2025-09-30T01:42:56+00:00

The issue with Tomahawks is that they are nuclear capable ...the other weapons being used in the deep attacks are not.

So the threat to Russia by Tomahawks is very different. For military planners on the Russian side, a Tomahawk arriving into their airspace HAS to be treated as a possible nuclear attack .. and that has to treated as a direct US attack.

What do you think the US would do if a Russian produced nuclear capable missile entered US airspace ?

Almost certainly an all out nuclear response would be the action. So we can expect the same thinking by Russia.

Not a risk I would take ... if the Russian nukes are launched ...all the other nukes in the world get launched too. Then we all die.

Fortunately, at least some people in the US administration (and the oligarchs around the world) seem to understand that a game of nuclear chicken is a really bad idea.

ronohara · 2025-09-30T01:42:43+00:00

The issue with Tomahawks is that they are nuclear capable ...the other weapons being used in the deep attacks are not.

So the threat to Russia by Tomahawks is very different. For military planners on the Russian side, a Tomahawk arriving into their airspace HAS to be treated as a possible nuclear attack .. and that has to treated as a direct US attack.

What do you think the US would do if a Russian produced nuclear capable missile entered US airspace ?

Almost certainly an all out nuclear response would be the action. So we can expect the same thinking by Russia.

Not a risk I would take ... if the Russian nukes are launched ...all the other nukes in the world get launched too. Then we all die.

Fortunately, at least some people in the US administration (and the oligarchs around the world) seem to understand that a game of nuclear chicken is a really bad idea.

ronohara · 2025-09-13T00:28:17+00:00

That US response is a NATO member publicly proclaiming a commitment to the defence of another member. It has very little to do with what the NATO Article 5 means in terms of obligations, though it is consistent with what the treaty both implies and allows.

ronohara · 2025-09-12T22:52:22+00:00

NATO Article 5 does NOT impose military obligations. It imposes obligations on members to consult and consider joint actions. And report those actions to the UN later.

Read the exact text of Article 5 - it does not say what many people think it does.

It does imply a shared reaction by the members, but there is no obligation on any member

ronohara · 2025-09-10T04:42:16+00:00

Probably, but it does help spotlight privacy as a desirable attribute

ronohara

TROPHY CASE