What if inet identifer (such as twitter handle) is sold?

I am afraid that it can be some security issue if user has unlimited twitter attestation. lets imagine that PersonX has TwitterX account and created twitterIdAttestation(TwitterX) for autographNFT. That attestation will be saved in the blockchain. then PersonX sold his TwitterX account to PersonY in that case PersonX still can use TwitterX account because of unlimited attestation @colourful-land , what do you think about that?

That is an attack parameter. Our model, with attestation.id, was built on the assumption that the identifier identifies an individual, but in reality observe the 2 scenarios where it isn't.

𝑎. the twitter handle changed owner for legit reasons

𝑏. the twitter handle changed owner because someone wants to have valuables attached to that Twitter handle.

𝑎 model happens if a company (alphawallet) wants to buy a handle (@alphawallet) for its brand. In this case

  1. the deal is done with passing passwords, then the old holder of alphawallet is in his right to transfer his tokens to the new twitter handle (but was able to impose alphawallet for a while when buying new tokens, imagine a contract that only sells tokens to brand owners - this is a problem)
  2. twitter has a feature for one party to change handle and another to get it (and people do use that feature) then there is no attack model because the inet identifier attestation includes the Twitter user ID.

The 𝑏 model is a problem and due to the said risk, the buyer of the twitter handle is better off buying the crypto asset associated with the twitter handle, instead of the twitter handle itself, which is exactly what we want them to do. So, in a way, it is a security issue but, in another way, it is a coercion method for people to use blockchain "properly".

Let's say

  1. Alice bought a FIFA ticket issued on her twitter handle, and she got an identifier attestation;
  2. Bob bought her twitter handle, instead of buying the FIFA ticket, likely to avoid the fee the FIFA smart contract imposed on ownership change.
  3. Then, Alie transfer the ticket to another twitter handle, so Bob gets nothing. Bob will feel bad but he also knows he was tricking the system.

So what is decision? Will we stop using unlimited expiration attestation? Do we have any benefits when we use unlimited in time attestation?

Oh, we never decided to use unlimited expiration, the current unlimited expiration is just an unfinished product, not the intended design. The decision is we will use something with expiration (anywhere between a day or a few weeks) and ignore the risk that the identifier is sold.

1 Like