Oookay so like. What actually is a "crypto-art"/NFT?

- root of trust (Ethereum blockchain, 🤮 )
- attestation of ownership (hashing some piece of art, or an IPFS URL if you want to have a bad time)
- method of transference (via smart contracts)

All of these are accomplished perfectly fine using older tech that isn't environment destroying:

- GPG web of trust as the root of trust
- Regular Old Digest Hashes as attestation of ownership
- GPG packet-signing as a method of transferrence

I, the artist, make an art. It's a digital file. I hash it in one or a few canonical formats, maybe including a few URLs or whatever.

This is all publicly verifiable.

I also have a GPG key. This is something most artists probably don't have right now, and it's the bottleneck; more on that later. Let's say I have one, and I'm in the strong set.

Also publicly verifiable.

Now I, the artist, bundle together the artwork itself (or just its hashes), a legal contract (something no current NFTs can do), and the public key of the person I'm selling the NFT to. The contract says something like "the person with this public key, gets these rights."

If that person wants to transfer the NFT to someone else, they simply take the whole existing NFT, add the recipient's key, and sign it with their own key (thus proving they own the public key enclosed in it).

All publicly verifiable, minimally environment-destroying, and a hell of a lot less centralized.

Cryptocurrency is a complete scam.

The one real issue is the trust anchor: getting into the strong set is kind of a pain in the ass.

If you're impatient and your customer is okay with it, use a CA; sign your NFTs with your domain key. Boom, done.

Like, I'm the GPG key with the fingerprint 8945ED09AE2017A85E152BF87A8B52EC67E09AAF, but I'm also, arguably moreso, and its associated certs.

@tindall What about GPG and SSL key expiration? Wouldn't that cause a problem with verification for those who move to new keys or certificates?

@dmoonfire @tindall No, an expired key is still valid for old signatures, they can just not create any signatures that are newer than their expiry date.

As long as the key is not revoked, it's all good.

@dmoonfire @tindall However one should keep in mind, that it would be possible to tamper with the timestamp if you get access to the key. Therefore a while back we developed "Signed timestamps" which basically takes the document (or a hash of it), sends it to a (trusted) third-party, which add a timestamp and signs it with an own certificate, before sending it back to you, allowing you to proof that you actually signed the document at this time.

@sheogorath @dmoonfire that's really cool! More anchors of trust needed but in some applications that's definitely really valuable.


@tindall @sheogorath Well, just like blockchains require X acknowledgements before a trade is finalized, one could also say you need X trusted services before it is considered secure.

Plus, that might help in case you have to revoke a GPG key (because it was compromised) and then accidentally negate the proof on ten years worth of previous work.

... not that had happened to me.

@tindall @dmoonfire One can argue back and forth how trusted this third-party actually has to be. Personally I would argue roughly as trust-worthy as a witness in on a crime scene especially if you only ask them to sign a hash of the document.

I mean, all they verify is that this hash existed at the mentioned time. So as long as you can make it reasonable that they did not conspire with/are also victim to the attacker, you are good.

@tindall I'm not sure if you already know it, but in this context a look at @keyoxide (basically a fancy GUI for OpenPGP keys) could be worth, as it provides a proof system that allows you to have all this data as part of your key: (example of the main developer)

@tindall Doesn’t this allow duplication by transferring the NFT more than once? The role of the cryptocurrency is to enforce artificial scarcity.

@skybrian yeah, although there are similar solutions to this as well - but that's not scalable in the same way "artists make signatures themselves" is

@tindall Part of this story might be multi-dimensional failures of knowledge transfer between generations of hackers, and also just the chasing of fashionability - being seen to be doing something new.

@bob @tindall Or a desperate need to prove themselves as useful. I'm sure it was entirely coincidental that NFTs started being pushed into the public just as there was a huge swarm of articles about the economic and energy costs.

Hive/Steem has basically NFTs for years (used in the online card games and dcity), but it's a proof-of-stake system and not the proof-of-waste.

@bob @tindall
The two parts missing from GPG were a compelling UX and a robust public key infrastructure. UX is a perennial problem for GNU and the GPG PKI was a proof of concept written as a grad school thesis

The thing a blockchain can do that you can't accomplish with simple signatures would be establishing proof that a digital asset wasn't duplicated. Which isn't to say that proof of work blockchains are justified or that blockchain isn't overhyped, just that there is some value there. Attributing the problems of high profile chains to the entire sector misses the point that people are trying to find alternatives to US economic imperialism

Also a lot of this is funded by American tech VC, so it overwhelmingly supports the nouveau bourgeoisie at the expense of national sovereignty as well as the banking establishment

@tindall i really hate NFTs as well but you haven't solved the double-spend issue: under your system, I can sell the same thing to two people at once.

@hierarchon @tindall is it only to me weird that artificial scarcity is the feature people want implemented??

@uint8_t @tindall i mean, i view it as the equivalent of signing a physical piece of art, or limited-run editions. artificial scarcity for something that's basically just bragging rights doesn't bother me.

@uint8_t @hierarchon @tindall i don't think limited-run art collecting is necessarily the same as drm?

@shoofle @hierarchon @tindall for me, "owning" digital art through convoluted cryptocurrency schemes, doesn't fall into the same category as a hand-signed item (something I'm also not into)

@uint8_t [-tindall]

i mean obviously the energy use was fucking awful, but if the energy use wasn't an issue (using a proof-of-stake thing, or just centralizing it) i wouldn't really get angry about it

@hierarchon you can do this with regular NFTs, too - minutely alter the compression, add a millisecond of silence to your MP3, etc and simply resell the changed hash.

@hierarchon the scarce thing isn't hashes, it's artist signatures. Same trust as when someone makes a "limited run" of disks or whatever.

@tindall sure, but only the person who created the work can do that. if i buy the blockchain-NFT from you, i can't do that because i won't have the right address. (this assumes the NFT platform verifies author authenticity, of course.)

on the other hand, with your GPG-NFTs, after i buy a token from you i can double-transfer it by generating two transfers and sending them to different people.

@tindall (this isn't to say i like NFTs in their current state, though tbh if they were on a non-energy-wasting system like proof-of-stake and were limited to things where the author of the underlying made them i'd just roll my eyes as opposed to despising them)

@tindall wow. i was a bit worried after your last post. but might i humbly suggest rfc 3161 for establishing origin, too (i even put up a docker container to set up such a timestamping server as a self hosted instance should one desire to do so: )

@tindall except for two things:

- NFTs don't actually give the holder any rights
- NFTs are extremely volatile and most of them will probably be gone within 10 years. this is probably by design

NFTs aren't supposed to be useful in any sort of way. they're just another money grabbing scheme by crypto assholes

the only thing that's being sold here is hype. and then the hype will die down and NFTs will be pretty much worthless, even to the people who still own functional ones

Sign in to participate in the conversation

cybrespace: the social hub of the information superhighway jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal support us on patreon or liberapay!