Alright @jude I have taken a look at that document. Thank you again for your time in sharing your knowledge and providing me this resource. It is very informative, well-written, and impressive. I am not saying this in regards to the scope and structure, but in vision. Hats off to everyone there for putting this together.
Also, I have to say that as someone who has a bit of a historical addiction to domain name registrations (seriously, it’s a problem LOL), this is especially appealing to me.
So if I understand correctly, it would seem that the reason my username is publicly exposed is to adhere to the DID?
EDIT: Turns out my concern here is in the wire format.
This does make sense and I understand this aspect, but () I want to be clear in my concern here. It might be due to my newfound interest in the technical workings of blockchains and I could be suffering from ill-conceived notions as I have not entirely groked this subject yet, so I appreciate any further patience you can lend in this regard.
It would seem to me that some information is not readily available to the user from a “vanilla” explorer, as you called it, but the user name is. Even if this is to adhere to a standard, it seems incongruent with the nature of blockchain which is intended (from what I understand) to be anonymous. That’s the primary concern.
The secondary concerns stem from the primary, of course. If someone can see the id, they know without much work that:
- This is a blockstack message (or at least, a message used by blockstack).
- This is a blockstack message about a blockstack user.
- This message can be used to build an intelligence profile around this information, for whatever purpose (and it’s usually not for a good thing).
Further, this party knows that since blockstack exposes this information in a public manner for this aspect of their system, that there must be other aspects of the blockstack system that also provides additional, exposed information that could in turn lead to other vectors of interest, intelligence gathering, and possible attack.
Additionally, I would tend to think that if another service could build a similar offering that does not expose such information in a publicly accessible way, it would gain more interest and subsequent traction in the marketplace in comparison to blockstack’s offering, as it would protect the customer information that is enrolled in it (and therefore circumvent the concerns outlined above and more).
I hope that helps clarify my concern here and makes sense to you. Again, my (mis)understanding here could be completely due to my newb status, but my concern was the same as before when I mentioned it. Reading the very commendable document you provided seems to explain the use of it, but does not seem to explain away the concern I have on why it is used in a way that offers exposure to potential nefarious tracers and parties.
Please feel free to let me know what I have fundamentally misunderstood here and/or to correct what I have misunderstood, which, incidentally, has been the story of my life lately.