Hacker News new | past | comments | ask | show | jobs | submit login

from the FAQ: "How do I add someone to my contacts list?

Look in the profile or settings panel of your client to get your Tox ID which should look something like:

56A1ADE4B65B86BCD51CC73E2CD4E542179F47959FE3E0E21B4B0ACDADE51855D34D34D37CB5"

Yuk! I see this flaw so many products like this, just about anything p2p, blockchain addresses, commit ids, etc. I think there is zero chance of getting anyone who is not technology elite to adopt a product with UX that rotates around these untypeable/unpronounceable/immemorable identifiers. Why aren't Identicons(https://en.wikipedia.org/wiki/Identicon) or QR codes used more?




Choose two:

    Human-meaningful: Meaningful and memorable (low-entropy) names are provided to the users.

    Secure: Any entity in the system can act maliciously, including the majority of the entities or the available computational power.

    Decentralized: There is still only one, unique and specific entity to which a name resolves.
https://en.wikipedia.org/wiki/Zooko%27s_triangle


Zooko's Triangle is conjecture, and Namecoin has shown it to be defeatable, no?

Edit: Ah, I see; "including the majority of the entities" would exclude Namecoin from being a proper solution to Zooko's Triangle.


Interesting. So a NameCoin for QR codes would be progress?


ToxMe[1] seems to attempt to solve this issue by creating a public databases of emails and Tox IDs, though this defeats the object of the service being anonymous.

[1] https://toxme.io/


It's good that it is a choice you have though.


> Why aren't Identicons or QR codes used more?

Nothing stops you from turning that hash into a QR code (afaik Antox does) - but then how do you copy & paste it?


a common usage, if you're able to do in person meetings, is to produce and scan them with your smartphone. much better than spelling the whole fingerprint. this makes, for instance, gpg key exchange a nice thing finally.


Exactly.


This isn't a flaw, it's a feature. Whoever controls the phone book controls the keys to the kingdom. If the names are numbers generated by some cryptographic system, it is harder to subvert the system.


That still doesn't make a good idea to throw them at the face of the user.


You underestimate how alien "http://www.yahoo.com./" looked in 1995.


The difference is that there _is_ meaning to be found in that URL once you learn which standard boilerplate is ignorable. And once you know how to parse them, most web addresses are easy enough to remember. Random alphanumeric strings contain no human-parseable meaning and have no patterns to aid in memorization.


Once upon a time, we didn't have user names when communicating:

https://en.wikipedia.org/wiki/ICQ


Bit ICQ numbers are a few digits, whereas a tox id is like, 32 characters




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: