freyja-lynx.dev / geocache-world
geocaches for the atmosphere
fork atom
Nix 94.7%
Rust 5.3%
12 1 0

Clone this repository

https://tangled.org/freyja-lynx.dev/geocache-world
git@tangled.org:freyja-lynx.dev/geocache-world

For self-hosted knots, clone URLs may differ based on your setup.

Download tar.gz
README.md

geocache.world#

let's go outside together#

roadmap#

  1. Finish up fleshing out the baseline lexicon
  2. Fix this repo and/or move to a new one as I'm ditching the original Rust + HTMX plan
  3. Build a frontend in Gleam that leverages Quickslice for rapid prototyping
  4. Build the attestation/token tooling

tl;dr manifesto#

Going outside is fun. Geocaches are a fun reason to go outside. Wouldn't it be cool if your cache's guestbook was both physical and digital?

geocache.world should be fun. You should own the online representation of your geocache. geocache.world should not lock you in -- you should be able to run the frontend, clone the backend, and run it all on your own while having the same features as anyone who's using the "official" website.

token attestation?#

The basic format I'm creating right now is:

  • Create a public/private keypair for your geocache
  • Associate the geocache with it's public key
  • Use the private key to create signed "tokens" that are stored with the geocache (or other ways)
  • Visitors take a "token" and include it with their online visit record
  • Decrypt the token, that visit actually happened.

The token format is not well defined yet, but will basically just be something like a JSON string that at minimum contains a UUID representing the token. I'm thinking of making a custom UUID format which is deterministic on the location of the geocache + provide some ordering to tokens so that:

  • The geocache can publish a range of tokens that are currently available
  • The owner can disown/reject tokens if they ever choose to by publishing disallow ranges

You can encode literally anything else you want. A message for everyone? Parts of a story? A link to your portfolio? It's your geocache. Do whatever you want (as long as it fits on a QR code, which is the intended token format now).

What about bad actors? Well, for one: if you're being a bad actor over something this silly, you're silly. For two: that's where the cryptography comes in. Signing each token with the private key won't keep the token data secure (you can just create the token data), but the token means nothing on its own. The meaning comes from the decryption using the cache's public key. Is it entirely fool proof? Probably not, I'm not a cryptographer. But it should provide just enough "safety" through scarcity. Hopefully.

There's a lot of open questions. I'm building haphazard. We'll see where it goes.

want to help?#

reach out to @freyja-lynx.dev!