Hacker News new | past | comments | ask | show | jobs | submit login
The Future of Online Identity Is Decentralized (yarmo.eu)
276 points by Yolta on July 12, 2020 | hide | past | favorite | 194 comments



Have worked in the identity space for a long time. Authentication isn't a hard problem, but identity is. It will be decentralized because if it is not fragmented, it is literally just oppression. Trusting authentication is not trusting identity, and the origin of identity is the Ur-problem because it comes down to questions of recourse, collateral, risk, authority, and legitimacy - which are all political economy questions and not technical ones.

The technology can change the economics of identity, but identity itself reduces to how you organize to provide recourse to people within your scope. Sure, we can use escrow systems and smart contracts, but these still require a means to organize and provide adjudication.

All the use cases for digital identity are about enforcement and liability, and there are almost none that anyone would volunteer for. In this sense, identity is necessarily imposed, so all products in the space are necessarily aimed at a customer who is imposing identity on a group. It's why I tell identity companies who ask to find some other problem to solve because holding out for some government to adopt your product as their source of sovereignty is a waste of time. There is one other use case for identity, and yes, it is decentralized and bottom-up, because it is about dividing into secure, self-sovereign affinity groups, and the reasons for doing that are on a very short list of uses. Super fun, but basically a weapon.


>It will be decentralized because if it is not fragmented, it is literally just oppression.

The conclusion ("It will be decentralized") doesn't follow from the argument though ("because if it is not fragmented, it is literally just oppression").

It could very well be "just oppression" and keep being that...


Yeah, that's one of my top worries. It's already that way in much of the world. And the "liberal democracy" sector is teetering on the edge. Once we get seriously into the chaos of global climate change, pandemics, mass migrations, war and so on (aka Gibson's "Jackpot"), who knows?


Who is Gibson, what is the jackpot (because looking like our world falling part).


It's from The Peripheral (and Agency) by William Gibson. I gather that "jackpot" alludes to the fact that some will/did profit from global culture collapse.


>All the use cases for digital identity are about enforcement and liability, and there are almost none that anyone would volunteer for.

Everything from a LinkedIn or Facebook account to your personal artist homepage with your CV on it establishes identity. People obviously disclose identity voluntarily, because identity is the primary means by which strangers establish trust.

If your identity is not transparent to me, I won't enter a relationship with you that requries me to know who you are, which in practice is almost every one. I don't see how non-fragmented identity is oppression. It can be for sure, but the primary reason why identity is important in our interactions is because it establishes trust and reputation. I've always considered "non-imposed" identity a sort of oxymoron for that reason, because if full control of identity is left to the individual, identity essentially loses its primary purpose.


It's not that simple. My meatspace identity is entirely transparent. But online, I'm mostly Mirimir and other pseudonyms. Even so, I've been Mirimir for long enough, and have written enough about freedom, privacy and anonymity that I have a substantial reputation.

That is, one can have a range of identities, from entirely transparent to stably pseudonymous to fleetingly anonymous.


This is the key point -- identity is plural, not singular. It means different things in different context, so requirements change as do the types of identity, data and disclosures used.

The important nuance though is that the 'range of identities' can be tied together on the user's side if done properly. I can have all my auth methods, accounts, personas, data, etc. tied together with a properly designed decentralized identity system, and choose which to use when depending on the context. This is the real promise of decentralized identity -- a connective tissue around the users rather than platforms.


> If your identity is not transparent to me, I won't enter a relationship with you that requries me to know who you are, which in practice is almost every one.

There are two things about this that don't require centralized identity.

The first is that it's very commonly not true at all. If you want to sign up for an account for an online service (e.g. email, YouTube, gaming), they don't need the name on your driver's license for anything. They don't need to know anything about you. You create an account, set up authentication to prove you're the account holder in the future, and that's it. The identity you use can be created along with the account; it doesn't have to exist beforehand or be associated with anything else.

Second, even where reputation is important, you still don't need a single identity, it's just that an identity without any history would be untrusted.

Suppose you go to the bank to take out a loan. If you tell them your name is Barrin92 and you have no financial history, they're not going to give you one unless you get some more trusted party to cosign it or you post enough collateral that they can be assured to recover their principal if you default.

But then you start off with a small loan with a large amount of collateral, or a cosigner, and build a credit history as "Barrin92" with financial institutions. Now you can get a bigger loan, or one without a cosigner or as much collateral. Until you default. Then "Barrin92" would no longer be creditworthy and you'd be back to square one.

This works fine even if you have a thousand separate identities, because identities with no credit or bad credit aren't trusted and good credit is valuable so that you lose something significant (the creditworthiness of that identity) if you default.

People having multiple identities is effectively just equivalent to the ability to declare bankruptcy. It doesn't really break any good important thing and it does break some important mechanisms of oppression that we should want to break.


But again, in practice banks will loan more money more easily to those with a verified identity that has recourse beyond simple "loss of creditworthiness", so those loans will always be more appealing to those who can get them, and so nonrecourse loans never become a thing for normal citizens who can avoid them.

And those who can't get shunted down into the "Payday Loan" tier of finance and they have to dig themselves back out with the equivalent of deposit-backed credit cards.

But few people will choose a deposit-backed card when they have the option of trading identity for better pricing / convenience. If the online ad industry has taught us anything it is that mainstream consumers will trade their data for even the smallest of considerations.

Even if decentralized financial identity would be an improvement (and it is not clear that it would be), a vision with no practical incentive to get there from here is just the basis for another startup destined for whatever is the spiritual successor to f*ckedcompany.com.


> But again, in practice banks will loan more money more easily to those with a verified identity that has recourse beyond simple "loss of creditworthiness"

The normal recourse is foreclosure of the asset (e.g. house) that the loan was made to purchase, which they don't need your name to do at all, only a way to identify the property they're taking as collateral.

> And those who can't get shunted down into the "Payday Loan" tier of finance and they have to dig themselves back out with the equivalent of deposit-backed credit cards.

That's where everybody starts anyway. You make a hundred bucks mowing lawns in high school or whatever and get a credit card like that. By the time you have the down payment for a house you have a credit history to go with it. Or you start out getting cosigned with your parents' credit history.

> But few people will choose a deposit-backed card when they have the option of trading identity for better pricing / convenience.

You're ignoring the benefit -- it's the equivalent of corporate limited liability. If you get a car loan and then some idiot totals your new car, that's the bank's problem now and they're the ones who have to deal with the insurance company instead of you. If you lose your job and your life gets messed up temporarily then you don't have to wait 7 years to start over.

And that's not even counting the privacy benefit.

Also, the best version is for centralized identity to cease to exist whatsoever (e.g. stop issuing people social security numbers or prohibit their use for anything but social security) and then people can't give up their centralized identity in exchange for magic beans because they haven't got one.


I wish getting bank credit was that easy (made bad choices in my twenties, paid well into my thirties for that)...

I could easily just buy up some account that has good credit since it's all anonymous, no way to know if the original 'good credit' actor is the same person now applying for the loan.


Having "good credit" would imply doing something like having paid off six figures in student loans or the mortgage on a house, which requires paying many thousands of dollars in interest, so that credit history would have a high market value and defaulting on a loan taken against it would destroy that value. So that system would work fine -- it might cost the bank money to go through the inconvenience of foreclosing on a house, but it would cost you just as much for the good credit you destroyed in doing it, so it's symmetric and people would have an adequate disincentive to do that.


Linkedin/Facebook/Email login establish that it is the same "person" coming back. They don't guarantee the identity of the person as in official name or address or date of birth.


is this a distinction without a difference? Networks like LinkedIn exist for the purpose of building real social capital and that's how they're used by 99% of their users. I don't see the incentive for someone to use a fake persona (other than scamming).

All those private firms are in many ways identity providers just as real and official as governmental ones.


> Networks like LinkedIn exist for the purpose of building real social capital

???

No they don't. They exist for the purpose of selling advertising. Any other purpose is either marketing copy to get you to use it or an emergent property based on people believing the marketing. Consider that LinkedIn would continue to exist if it provided no social capital whatsoever as long as it could still get ads in front of eyeballs.

Another observation: whether any specific social network "builds social capital" depends on the demographics of the audience and general "trendiness". People in high school don't care about LinkedIn, professionals in their 30s don't care about TikTok. Does this mean that TikTok should be an "identity provider" to people under 20?


It's weird to mount a mild defense of LinkedIn, which I don't really like much, but I think you're making a slight category error by tacitly lumping it in with other social networks. LinkedIn's value proposition has always been "getting jobs is mostly about professional contacts and we're going to help you build professional contacts," and it makes the bulk of its revenue by selling its recruiting tools and, to a lesser degree, its premium services for job hunters. The most recent figures I've found suggest it makes less than 20% of its revenue from ads. I actually susect LinkedIn would not continue to exist if it provided no "social capital" whatsoever, because their business model really isn't "get ads in front of eyeballs." It's "get job prospects in front of eyeballs."

Having said all that, I wouldn't want to use it as an identity provider. :)


It's a massive difference. Consider linkedin vs national UK login.

The later one guarantees the identity: full name, date of birth, address, verified phone number, last taxable income, etc...

It allows to request government benefits or open a bank account online, because the identity is guaranteed. There is a real verified person behind the account. (corollary: you will be in troubles if somebody gets credit cards under your UK identity).

On the other hand, it's not great if that identity is required to apply to a job. The company can see your passport after they hire you. There is no need for every job board and recruiter and company to systematically get all your personal information in advance.


It will be decentralized because if it is not fragmented, it is literally just oppression.

I've never understood that way of viewing things. For me identity is a right. The government must provide me with the means to prove who I am and my associated data like birth certificates, academic titles, health (vaccination), real estate and indirectly verifying identity for private contracts that use my national id card number.

In an oppressive state identity surely could be oppression, just like everything else, but in a democratic country? Come on. In the USA goverment and even private entities are collecting massive databases of everybody's data. But there's this panic about a centralized service providing identity. It makes no sense.


"In an oppressive state identity surely could be oppression, just like everything else, but in a democratic country?"

What makes you think a democracy can't be oppressive?

Even in perfect democracies there is something called the tyranny of the majority, where the majority can oppress the minority.

If we're talking about the US in particular, we have to recognize first that it's not even a perfect democracy, and there are many anti-democratic things about it such as the electoral college, and plenty more things that hinder democracy even where it exists (such as poor civic education, money's outsize influence in elections, extremely biased media, branches of government which shirk their balancing and oversight roles, etc).

Then, to get specifically to the oppressive aspects of the US, they range from slavery and lack of women's rights from its foundation, to segregation that existed in law up to the middle of the 20th Century (and arguably still exists in fact to some extent and in some places in the US even now), to the imprisonment in concentration camps of Americans of Japanese descent, to discrimination against people who weren't heterosexual, to the War on Drugs and police brutality which primarily impact minorities, to abuse, killing, and imprisonment of people who come to the US from other countries.

All this oppression and more has happened in what is ostensibly a democracy, and often likes to style itself as the world's greatest democracy.

And all of this oppression has had to do with identity, which required identifying people's race, gender, sexual preferences, or country of origin.

Such identification is amplified and made all that much easier in the age of computers, the internet, and gigantic databases on everyone. It's a data trove just begging for abuse.


>>Then, to get specifically to the oppressive aspects of the US, they range from slavery and lack of women's rights from its foundation, to segregation that existed in law up to the middle of the 20th Century (and arguably still exists in fact to some extent and in some places in the US even now), to the imprisonment in concentration camps of Americans of Japanese descent, to discrimination against people who weren't heterosexual, to the War on Drugs and police brutality which primarily impact minorities, to abuse, killing, and imprisonment of people who come to the US from other countries.

To the imprisonment of those who refuse to surrender their privacy and submit an income tax return, and pay the income tax, to the prohibition of mutually voluntary economic interactions, like getting a haircut from an unlicensed barber, where barbers are licensed.

The important thing to remember is that oppression in a democracy is not perceived as oppression to the majority, so democracy will generally be perceived as non-oppressive, due to the subjectivity of what constitutes it.


It's not meant to be purely democratic. The founders were students of history and recognized the inherent instability of pure democracies. There were no human rights recognized anywhere in the world in 1776. The imperial era was still a thing and Kings and queens still had vast influence over European politics, with various other centralized power structures in virtually all parts of the world. I get that it's easy to point out the hypocrisy of the phrase "all men are created equal" when slavery was still a thing in half the states, but it was a very tenuous situation to go against the crown of England in 1776. It was far from guaranteed. A lot of people see the human rights we have today as some sort of inevitable outcome of progress, but China is case in point that progress and time do not necessarily yield more rights for more people. China is 4000 years old and they still don't even have basic freedom of speech there.

All of human history is filled with bloodshed, tyranny, endless wars, conquering, slavery, piracy, vandalism, raiding parties, human sacrifice, religious battles and authoritarianism, with just a few punctuating moments of anything resembling democracy and recognition of human rights. That goes for every race, country, tribe, continent and creed. No heritage is innocent of that. That's the truth. 1776 didn't have to succeed. It very much could of ended with being squelched by the Crown and then where would we be today? Perhaps the Nazis would of won. Perhaps the Soviets would have developed imperial ambition in the absence of a strong US to keep them in check. Maybe the world would be a darker place. I suspect that without the U.S. that it would be, since that's the rule of history and not the exception.

Interning the Japanese Americans was of course wrong, but when you're fighting a world war and tens of millions are dying at the hands of Japanese (they slaughtered Chinese by the tens of millions)...it's very touchy isn't it? The lesser of two evils in that particular war was certainly the U.S.

Again, prior to world war 2 the world was still filled with imperial forces itching to conquer and enslave other people by the tens of millions. This is just 80 years ago...not that long ago. There was no where else in the world living up to the high ideals we seek to achieve today back then. The U.S. was that place for so many people to escape to. The Jews being one group. The Cubans being another. The Vietnamese being another. The Koreans being another. If you're going to paint the picture, paint it in the context of the world at the time and the subsequent actions in the wake of those problems. I think individuals deserve forgiveness after some time, and the same goes with nations, given that their behavior is corrected. There's nothing wrong with the movement towards more civil rights. But expecting things to go from millenia of imperialism to utopian democracy overnight, especially one saddled with so much legacy from that era, is naive. Again, it didn't have to go so well. It could have very gone south and ended up worse off for everyone.


"It's not meant to be purely democratic. The founders were students of history and recognized the inherent instability of pure democracies."

Many of the founders were also elitists who didn't want anyone but landowning white men to run the country. They were wary of "mob rule" (ie. direct democracy), and preferred to have the elites rule. The jury's still out on whether they were right or whether direct democracy is actually better. Considering how much power and wealth is being concentrated in the hands of a tiny minority in the US, I'm siding with having more direct democracy, not less.

"I get that it's easy to point out the hypocrisy of the phrase "all men are created equal" when slavery was still a thing in half the states, but it was a very tenuous situation to go against the crown of England in 1776."

The existence of slavery in the US wasn't just about 1776.. it lasted until 1865. The US was one of the last countries to end slavery.

"All of human history is filled with bloodshed, tyranny, endless wars, conquering, slavery, piracy, vandalism, raiding parties, human sacrifice, religious battles and authoritarianism..."

"Interning the Japanese Americans was of course wrong, but when you're fighting a world war and tens of millions are dying at the hands of Japanese (they slaughtered Chinese by the tens of millions)...it's very touchy isn't it? The lesser of two evils in that particular war was certainly the U.S."

The point of my post wasn't to say there weren't reasons (some might say excuses) for the US to behave the way it did (extreme, widespread racism against minorities is one such reason and excuse), nor to deny that some countries were just as bad or even worse, but to recognize that massive, serious oppression did in fact happen in the US, despite it being some sort of a democracy.

Oppression in the US is still happening, is likely to continue, and will probably be greatly enabled by the easy availability of identifying information on the people within and without its borders.


I want to express a frustration with this type of response I have.

Inevitably, when this topic of discussion comes up, I almost always see a response of this type, calling into question the entire foundation of the USA on the basis of the founding brothers being white slave owners, and it really bugs me, but I'm having a hard time trying to articulate it well...

I think it mostly centers around a very superficial understanding of the evolution of the enlightenment and the renaissance into the culmination of those that was the US. I would probably respond better if, when these arguments get thrown about, I heard discussion of the philosophical underpinnings the founders, in particular Madison, based their proposals on. Discussion or reference to individual liberty, natural law and natural rights, and such, as learned from study of Socrates, Plato, Aristotle, Thomas Aquinas, Locke, Hobbes and Spinoza, Montesquieu, etc.

I almost never see these referenced in this responses though, and to me it seems very dangerously close to "throwing the baby out with the bathwater", and I fear that the sentiment is growing so rapidly, as shallow as it may be, that the lack of understanding why America truly is a revolutionary country and is exceptional in history will potent some very turbulent times in the future.

Yes, the system was imperfect from the start, and has been even more imperfect in implementation, but to say then that the whole system (not saying you said this, but it seems thinly veiled to that affect often) must be thrown out is foolhardy at best. The shining light of America is that it has, in it's founding documents, a system designed to self-improve over time. I see our main problem as being the lack of memory of why each piece of that system is so important, and have allowed it to become corrupted. The path forward then is in seeking to enforce the core foundational principles the founders thought very hard about (such as Montesquieu's checks and balances system), and not to discard them just because they came from people that were imperfect.


My main point was that there's been plenty of oppression in the US despite it being to some degree a democracy.

It doesn't sound like you're actually disputing my main point at all, but wanting to shift the discussion on to whether the American system of government needs to be replaced and why, which is really off-topic.

Still, in response to your tangential point, I want to make clear that I'm not advocating discarding the entire American system of government, and my dissatisfaction with parts of it as they stand now does not stem from who the founders were.

I do think the system has proven itself to fail at meeting the high ideals that some of the founders professed to have. The system has proven itself to be highly corruptable, the checks and balances built in to the system have failed, and much of the Constitution is widely ignored or reinterpreted to mean whatever the people in power want it to mean.

These failures are not due to the founders owning slaves, but due to them being unable to foresee or adequately prepare the nation for things such as mass media, the internet, modern advertising and propaganda, and a slew of consequences of modern warfare, mutually assured destruction, the military-industrial complex, corporate dominance of the economy, enormous amounts of money being thrown at elections, the shutting out of third party alternatives, the poor civic education, widespread apathy and easy manipulability of the electorate, and on and on.

Despite the founders' short-sightedness and all the fialures and weaknesses in the American system of government, I am not an advocate of eliminating it wholesale. I believe reform is possible, and that it could be made more democratic, more accountable, more fair and just, and we don't have to scrap it all to do it.

However, I very much doubt the political will or consensus is there to make significant positive changes. If anything, I expect it to get much worse before it gets better.. if it ever will.


> I do think the system has proven itself to fail at meeting the high ideals that some of the founders professed to have. The system has proven itself to be highly corruptable, the checks and balances built in to the system have failed, and much of the Constitution is widely ignored or reinterpreted to mean whatever the people in power want it to mean.

It arguably failed so long ago that virtually nobody notices. For the first ~century, corporations were allowed only in the public interest. To some extent, that reflected outrage at the excesses of corporations chartered by the English Crown. But there were also concerns about the concentration of money and power.

But that began to fail in the mid 1800s, with the rise of the railroad corporations, and their growing political power. And it ended with the 14th amendment and some Supreme Court opinions, which granted many citizenship rights and legal protections to corporations.


Overwhelmingly, I believe the issue we're facing is somewhat to do with identity and property being tied together, and not something specific to the US. And this is a factor that precedes 1776 in the rise of national identities: monarchs had a strongly individualized identity, but identity across a people via a national boundary was a more limited consideration until trade growth had sufficiently developed a reason to use such: language, religion and local allegiance did most of the work. The locals could often evade legibility by obscuring their identity.

But property-based identity held a lot of currency by the time 1776 rolled around: it established credibility as an actor with some real agency and independence within trade relations, and therefore our modern nations have built their legibility around property. And what we've done since is to either try to position everyone somewhere within the property system, or to turn towards an authoritarian model to create identity without ownership(as in the various communist experiments, or the flat, hidden authority in "Tyranny of Structurelessness").

So when we have the idea of something like identity theft, or corporate personhood, that's a thing generated of having an identity to own, cascading down into human relationships as property, personal branding, etc. And the largest, most developed function of the legal system in the US is to make judgments about property. But we also have systems of identification that are imposed in an authoritative fashion(the SSN, DL, passport, etc.) - every nation is a mixed identity market in this way.

And in this respect I think the philosophy is truly starting to fail in a world which has so greatly automated ownership, and we will need to consider both identity and property at the same time to reach useful alternatives.


I guess you are right I wasn't really disagreeing with you too much, but rather pointing out that I see this type of response very often, but without the more in-depth discussion as you and the other commentator go into.

So to use your example of more democracy. One of my pet peeves is when people say we are a democracy. We are a constitutional democratic republic to be precise. There are elements of democracy, but we elect representatives. The problem to me is that the representatives no longer represent us. If you consider moving them towards representing the people democracy than I am all for that. What I am not for is a move towards rights of groups as opposed to individuals, because history has shown that ends up being abused.

All in all, I hope that reform is possible, but it is hard to see the pragmatic path there with how bad the system is currently, so we agree there. I just hope it doesn't devolve too much, because if it does, in this age of technology it will be extremely bloody for all involved.


I can reasonably change my hardware, software, and habits to avoid being matched with some corporate aglomerated profile of "me".

However, I cannot change my government provided identity.

Right now I can have multiple identities: one for work, one for my WoW guild, one for security research.

With a single centralized identity provider I couldn't do that. They wouldn't just be able, they would by default associate my personal and professional associations.

I feel that the risk of a single central (and especially government run) identity provider is that it can chill freedom of association by disallowing you to anonymously, or if not anonymously then disconnectedly associate with people or groups.


The problem with making government-issued ID easy to verify online is that every website will start requiring it and pseudonymity or anonymity would become a thing of the past, even though it's necessary in some cases.


>I've never understood that way of viewing things. For me identity is a right.

Historically "identity" wasn't a right, but something imposed on people, for better tracking and controlling them by authorities...

>In an oppressive state identity surely could be oppression, just like everything else, but in a democratic country?

Oppression is not about democratic vs totalitarian state. McCarthy and Hoover, to mention just two examples, reigned over others in the good ole democratic US of A.

Not to mention very few (if any) countries have actual direct democracy, or give the people say in how they want to be governed, from the constitution and downwards.


> Historically "identity" wasn't a right, but something imposed on people, for better tracking and controlling them by authorities...

I used to own a wonderful book about the history of data science. As I recall, starting in maybe the 1600s, experts in France and Germany were tasked with tracking populations, birth and death rates, economic activity, and so on. And the primary goal was to aid in military planning. Unfortunately, I've lost the book and forgotten the title and author. And the search terms are so topical as to be useless.


Was it "Against the Gods: The Remarkable Story of Risk"?


Thanks, but I don't think so.

I do recall reading it, however.


Identity can’t be “imposed,” come on. Personhood is continuous across time and space. All a system can influence is your ability to lie about this. Ability to deceive the state can protect your freedom but inability to trust others also has a cost, there has to be a balance.


(Knowing nothing about the author of this reply at all, upon reading the comment as a reference) - as spoken by someone who has yet to have been down the rabbit hole of what "personhood" might mean.

Identity is a philosophical problem and a relationship, and so far we've managed to kick the can down the road of what an identity might mean outside the nation state, but the internet may prove to be a bit of a forcing function in deciding some of these questions we had the luck to avoid. I've been doubtful of digital identity startups because most of them are just substituting an opaque problem in crytography for the capital-H hard problem in political philosophy, which originates in prehistorical problems in collecting a census.

Maybe OAuth with some OIDC extensions and attributes solves everything, and FIDO has solved it, but if there were a way to bet against that, personally I'd go all in.


This is a really fascinating conversational pattern. It's like I said "when I let go of a ball it falls down to the ground" and you said "the meaning of 'falling' is a question as old as Genesis, and 'down' depends on your frame of reference." There's a sense in which both of those things are true, just like everything you've said here. And yet.


https://en.wikipedia.org/wiki/Personhood

I recommend starting there on personhood, as like the role of gravity in your analogy, it's a complex enough topic that it would be worth reading up on, since it's more plausible that the details of it matter than the implication that I am some kind of wizard engaged in mesmerism.


>Identity can’t be “imposed,” come on. Personhood is continuous across time and space.

I'm not talking about "identity" as in "being somebody".

I'm talking about identity as in identification, documents, and so on -- which is what we were discussing (as in "identity provider" in software terms).


The problem is not that the data is centralized; the problem is that centralization engenders a position of advantage, which incentivizes perversion. This is why the problem becomes political. The amount of privacy one should have is relative to the ethics of humanity, society, to material necessity and fact, etc. This is an unsolved problem. One would need a series of blind oracles to solve it, unfettered by the influence of living things.


> In the USA goverment and even private entities are collecting massive databases of everybody's data. But there's this panic about a centralized service providing identity.

The existence of centralized identity is what enables those databases. They're all indexed by the centralized identity. You give Facebook your "real name" and location and the same thing to your bank and they correlate them in a database. If you were using a different identity for each one they couldn't do that.

On the other hand, creating some kind of national ID authentication system would make it much worse, because then things would require that. You couldn't sign up under a pseudonym, so now even the things that are currently separate or that you can keep separate if you want to would be forced into being correlated with everything else about you in those databases. It's an attack.


It's interesting how different countries treat "names" in different ways. In the UK, for instance, changing your name is super easy. You tell the government your name is now Foo Bar, and you're done. They'll update their pointers and issue new documents.

In Belgium, changing your name is virtually impossible. The king (ostensibly) has to grant permission; you need to provide a "valid reason". This never made sense to me.


Identity federation seemed to promise solutions to some of these problems, but never quite took off. The part I liked most was the ability to verify someone as being over 18 without divulging their age or any other meta data. That was 10 years ago though, and I have no idea what the citizen/consumer identity space looks like now.

Did the industry ever get around the sub-par SAML protocol which had no support for the active requestor profile, and the superior WS-Federation protocol which had to use the technically superior SAML token?


OIDC is just starting to get some traction in instutions, but it's really about federated authentication with trust of the IDP implied. Digital identity itself is still in the context of the given IDP you've federated to, and there isn't much better than whatever their enrolment process is.

There are a couple of companies that are using hyper ledger to federate identity providers like banks, governments, and other institutions, but the scope of that identity is still local to the federation participants who are a walled garden of their own.


What is the Ur-problem? I googled it and the top result was this post.


It means approximately "the original problem", i.e. where the problem ultimately stems from.

The prefix "ur" is derived from old high German "ur", old Nordic "ōr" or Gothic "us": "from, out of".

That there's an ancient city of that name is purely incidental.



> There is one other use case for identity, and yes, it is decentralized and bottom-up, because it is about dividing into secure, self-sovereign affinity groups, and the reasons for doing that are on a very short list of uses. Super fun, but basically a weapon.

A weapon against who? A self sovereign affinity group could just be a community trying to self organize without relying on non-owned infrastructure. Aka prepper stuff.


If anything, my bet is the future of identity is more centralized.

Decentralized solutions, as I've read about them in their current form, require a significant amount of technical knowledge to understand. That is, to understand both what they are and, more importantly, their benefits ("why does this specific solution matter to me?"). Past that, the user experience is extremely poor in comparison to clicking "log in with Google", and I'm not convinced it can ever fully get there.

It is for those reasons that I think centralized identity is here to stay long term. Most people aren't going to spend the time to learn about this because they just want the easiest solution and don't care about their data being sold. I know several people in tech that fully understand the extent of how their data is used by internet corps, and don't mind it because they prefer convenience for free. And I think that's OK--it's their informed choice.

Personally, I try to login with email most of the time, and that's the limit of my drive to care about the security of my personal data. But my email is gmail, so I doubt it really makes a difference from login with Google.


In the US, everyone uses credit cards (centralized identity) to pay for stuff.

In Mexico, credit cards are stolen and reamed for all they're worth by criminals. As a result, everyone uses cash (decentralized, anonymous, difficult to use). Everyone could move to decentralized in the face of significant pressure, even if centralized identity is more convenient.


All central authorities are built on trust, fear, or complacency. Americans are complacent with the credit card system and trust it for the most part. The Experian breach has shown that breaches of trust are easily overlooked in favor of complacency, at least to a point.

Considering how Americans view other Americans (I hear "stupid" thrown around a lot), I strongly doubt that a decentralized authority would ever gain enough trust in the US to take hold today without a strong historical precedent.

For what it's worth, cash is still centralized. It's made "legitimate" by the power of the central government, and is managed & controlled by that authority. Given, it is somewhat "decentralized" because the value of fiat money comes from the people's agreement that the currency has value. On the other hand, the US dollar's global hegemony exists in large part because of global US Military presence, which is absolutely a "central authority".


> The Experian breach has shown that breaches of trust are easily overlooked in favor of complacency, at least to a point.

I disagree that it matters for trust in CC's. It may have damaged experians reputation, but people still trust amex/MasterCard/visa and their banks, despite Experian being useless. The fact that Experian is required to access those systems is unfortunate, but most people don't deal with Experian directly.

I think people's day-to-day trust in banks is well placed, for what it's worth. I banked with a large bank that fell in 2008, and had less than 10,000 in my bank. My money wasn't affected, I just had to find a new provider.

I've had multiple incidents of fraudulent transactions on debit and credit cards over the last 15 years, and in _every_ instancr, my card provider has sided with me and refunded me the money immediately (even in the one case I was actually wrong and it was a billing mistake). Those amounts we're almost always in the few hundreds.


Considering that the data breach was actually at a completely different company than the one this thread named leads me to believe that the reputation damage is not as significant as you suggest.


It's unfair to say we still use credit because we are complacent. If you stop caring about building a credit score, you will end up paying more money in things like mortgages or car loans. There is a financial incentive to use credit cards (if you don't miss payments) despite the breach of trust.


I didn't say it's just complacency that keeps the credit system going. Low friction purchasing (complacency) absolutely plays a strong role. Trust is important, too (but is less strong than complacency) because the system wouldn't be used at all without it, and, to your point, fear absolutely plays a role as well.


Bad example. In Australia, everyone was using credit cards.. but they have PIN code + chip.

If a centralized system is not inept, it can do all the same things decentralized things do and better.


PIN codes and chips are used in the US as well, but I doubt a PIN and better encryption would help you[1].

1: https://xkcd.com/538/


As I used to work in a high-crime area, I placed fairly low daily and weekly limits on how much I can spend. I have to warn the bank at least 1 day before if I want to spend more. So chip+pin allows for mitigations where cash doesn't


Then with cash it is even easier as it doesn't leave any digital trace.


In the US, liability for fraudulent credit card use is limited to $50. No matter how much was charged.


Yes, I suppose if we moved to becoming a lawless society fuelled by drug lords....then yes, I can see how the hoops could be worth it.


As much as I'd like to see a decentralized solution, I agree with you. I just spent 30 minutes helping my mom (age 60) and brother (36) set up a microsoft family account so they can dictate and monitor my nephews computer usage because [nephews] are addicts.

I didn't even know Microsoft family was a thing, but setting it up and configuring it (from my perspective), was intuitive and simple. My mother and brother however struggled to follow along, an are stressed that they won't be able to manage it.

Most users (even my spouse who is in her late 20's) readily fall into this category. My point is that if configuration requires any troubleshooting it won't reach mass adoption unless it addresses a perceived necessity without an alternative approach.


Beaker Browser is getting close to solving it.

When you visit a website that works with it, to login, you just grant the webpage access to one of your profiles. (I just use one profile for everything, but you may wish to keep some things separate). Then any activity you do can be associated with that profile. No passwords or keys or even email addresses to remember.


I dunno, I think the UX for decentralized identity could be made pretty good. The GNUnet project has one that runs locally but exposes itself with an OIDC interface: https://reclaim.gnunet.org/

It's still pretty early, but imagine a more polished version of that with a user-friendly installer. If you had the software installed and running, it'd behave pretty similarly to e.g. Google's OIDC provider. Linux distros could even preinstall it. (I have no hope that MS/Apple/Google would do the same since they all have their own centralized providers.)


That's so so many steps and requires knowledge of so many things. It has the big two fundamental problems, and a major third one:

* Its value prop is poorly explained. As an engineer with a CS degree, I still barely understand what it's talking about (what's an "identity attribute"??) without some digging.

* Even if the value prop was well-explained, it's still very high friction compared to "Sign in with <Service I Already Use>". Why would a user download an installer and deal with managing all of their accounts? There's a secure, anonymous, easy, centralized option that does it all for you (Sign in with Apple). That service does it so well that you only have to click a button to log in or sign up. Nothing else required. That isn't achievable without a central authority managing everything for you.

* (this is the big one) Your local machine is a major point of failure. If you lose your local machine and haven't backed up your accounts, you just lose access, right? The only solution is either set up a server with periodic backup (too much friction for regular users) or a centralized authority that stores them for you, which defeats the purpose of all of this.

This project, to me, falls into the "cool technical stuff category". It's obviously built for "geeks" (lack of a better term) and not for people. That's why centralized tech co's will probably always do this better than open source. They are customer focused just as much as technology focused.

Unmonetized open source projects tend to focus more on technology than user experience. That's why you see regular people using monetized software and developers using open source to build monetized software.


>As an engineer with a CS degree, I still barely understand what it's talking about (what's an "identity attribute"??) without some digging.

It's not really ready to be used widely at this point. Given that, the fact that the documentation is currently more oriented towards developers working on identity software is fine, I think.

>Even if the value prop was well-explained, it's still very high friction compared to "Sign in with <Service I Already Use>". Why would a user download an installer and deal with managing all of their accounts? There's a secure, anonymous, easy, centralized option that does it all for you (Sign in with Apple). That service does it so well that you only have to click a button to log in or sign up. Nothing else required. That isn't achievable without a central authority managing everything for you.

Sure, installing software is higher-friction than using a centralized service, but it's not that much higher friction. It's not like people don't install software all the time. (And again, this is something that could easily be preinstalled by your OS vendor of choice, which would make the experience very similar to the centralized providers'.)

>Your local machine is a major point of failure. If you lose your local machine and haven't backed up your accounts, you just lose access, right? The only solution is either set up a server with periodic backup (too much friction for regular users) or a centralized authority that stores them for you, which defeats the purpose of all of this.

Yes, this is a big one. No, I don't think those are the only two options. You could sync them between devices if you have more than one (phone/laptop?), you could store them on a user-specified data storage location (think MIT's Solid), etc. I acknowledge that it's a problem, but I think it's a tractable one.

>This project, to me, falls into the "cool technical stuff category". It's obviously built for "geeks" (lack of a better term) and not for people.

I think you're looking at the project as it is, and not as it could be.


All people still somewhat understand is federated identity, and that's becoming less prevalent.

Though a weird set of coincidences I often get support tickets about people using or enrolling in TOTP escalated to me. These people have never used an authenticator, except for the company-mandated Microsoft authenticator. Not only do they simplify the concept thinking there's just one code for everything (e.g. microsoft token are used for AWS, don't worry these people only have access to some S3 stuff) they also extrapolate that because Microsoft sends them a push notifications, AWS must too, and they didn't get one, so it's obviously broken.

Email is slowly losing this awareness too. The only remaining analogy that's probably not going away is getting your credit card from a bank while they still work on the same network.


Couldn't the UX just be improved and deliver the benefit while hiding the complexity?


It's more about a fundamental design trade-off rather than removing accidental complexity coming from UX. Currently, most of us delegate the responsibility of identity management (other than memorizing id and password) to one of big-techs, presumably much better at this area than 99% of us. In the fully decentralized world, the burden of proof is now up to users. And they usually don't really care about the best practice for security, privacy and reliability. Technology may improve over time so the equation will get better, but I don't expect this dynamic to change that much.


On the other hand, however, the outcomes of a breach are vastly different. An individual who fails to secure their information is liable for only their information. If a "big-tech" is compromised, they are liable for everyone's information.

If users are still unwilling to run their own infra, then that seems like a great opportunity for Identity as a Service. I'd feel much more comfortable handing identity to a firm whose entire business model revolves around securing my information and protecting my privacy rather than a big-tech.


"I'd feel much more comfortable handing identity to a firm whose entire business model revolves around securing my information and protecting my privacy rather than a big-tech." - in order for that company to be rock solid, trusted by most of the world and with a proven track record of top notch security, would mean that the said company is a big-tech.

I would call okta, auth0 and iWelcome big-tech already, even if they're not FAANG-level big tech yet.


This is a great point that I hadn't thought of. Well said.

I'd rather, as a company, risk managing all of my users' identities (vulnerability to a data breach, mitigated by a well-trained security team) than trust my users to manage their own security well and inevitably deal with a mass amount of compromised accounts.

As a user, especially if I'm not technical, I'd have a strong bias towards handing my identity to a team that's spent years studying computer security. Managing my own identity would involve learning a lot about computer security. That would take a lot of time and I'd really have to care about it to do it "right". Regardless, I'd likely get a lot of things wrong, leading to my identity being more insecure than if I had just stored it with someone like Apple.


The UX isn't the most looming problem, but it's one that needs to be solved. My question is: How in the world would you convince people to use keys to verify their accounts to one unique, anonymous, identity, as the OP suggests? I just don't see it being something people would spend the time to do. Not to mention, getting to a "Login with Google" level of UX, available as universally as "Login with Google", would be extremely hard without a centralized authority.

The bigger problem is convincing people that it's worth switching. Apple is the closest to doing this with "sign in with Apple". "Sign in with Apple" hides your identity from the client site, the value prop is clear for the user, and the process as close to frictionless as possible. But the solution is still "centralized". Apple stores all of the information to make the system as frictionless as it is.


Yes, but that requires an economic model. UX is often well over 90% of the work for a product and usually includes a ton of work that is not much fun and people have to be paid to do.

Centralized has subscriptions, advertising, and "surveillance capitalism." Decentralized has nothing. I had some hope that cryptocurrency would provide some kind of mechanism, but cryptocurrency was taken over and destroyed by scammers and bad money drives out good.

The lack of an economic model is IMHO why decentralized solutions have not succeeded, not technical challenges.

One possibility would be to abandon the free as in beer part of open source ideology and go back to just charging for software, but licensing and payment add friction and it's very hard to compete with "free" options funded surreptitiously via surveillance.

BTW the fact that cryptocurrency was destroyed by scammers and criminals highlights a second huge issue: it seems to take the efficiency, executive ability, coordination, and direct human guidance of a centralized system to resist bad actors. This is why even the most democratic countries have mechanisms to phase shift into dictatorships during emergency or war. I have yet to see a decentralized system that became popular and was not instantly destroyed by black hats.


The lack of an economic model is IMHO why decentralized solutions have not succeeded, not technical challenges.

You’re right. This lack needs to be addressed for us to progress.

How about this model? Would like feedback: https://qbix.com/token


The model intentionally guards against data harvesting. I think that is great but unless users are willing to pay for that the existing "free but we collect data to manipulate you" will receive more capital.


So since you have one identifier, companies can track you across all domains.

They can find out if you are a user of sex.com or dangerouspoliticalopinions.com

They can do this by trying to register an account with your email address, and being told it was already registered.

Here is a tool that allows anyone to do it:

https://www.quora.com/Is-there-a-way-to-know-which-all-sites...

https://brandyourself.com/blog/privacy/find-all-accounts-lin...


Yes, exactly. Attempts to register with an email that's already used will fail, and so adversaries check whatever sites interest them.

However, I believe that would fail for those using Google or Facebook authentication. But I can't test that, given that I don't have an account with either.


Everyone? Unless the sites publish a list of logins for everyone to read the only one with that knowledge would be the identity provider.


Not at all. See above.


In my ideal world, we have a framework for brick-and-mortar businesses to act as internet notary service providers.

If you want a general-purpose open-id style account, you visit a notary, and provide them with a fee and proof of your identity. You tell the notary how much information they can share (in particular, whether they can release your name to the internet, or just the "we verified this account is held by a real person" boolean).

The protocol would cover much more than passport info though. You could have a notary vouch that you're a licensed driver, or have a college degree, visited a certain country, etc.

That might cut through some flavors of online nonsense. It would also allow people to stay pseudonymous, and yet enable law enforcement to subpoena their identity, if they go on a killing spree, or hack a few million dollars worth of bitcoin.


CAcert has a system in place that is close to what you described[1]. Basically already verified users check the identity documents of new users and vouch for their authenticity. Their "Assurer Handbook"[2] is an interesting read. When I became an assurer a few years ago the person that trained me also took their task very seriously and I learned a ton about how to check identity documents for forgeries. That alone made it worth it.

Since we have Let's Encrypt I'm not entirely sure what CAcert's place and purpose is, but I think with an existing network of trusted people they are in an ideal position to pivot into a decentralized online identity system.

Mark Shuttleworth's Web of Trust similarly had so called Thawte Notaries but I think it was discontinued a few years ago.

[1] http://wiki.cacert.org/FAQ/AssuringPeople

[2] http://wiki.cacert.org/AssuranceHandbook2


It's possible to enable this setup using verifiable credentials - an emerging W3C standard for creating and sharing "attestations" about a person.

https://www.w3.org/TR/vc-data-model/


Holy mackerel! Thank you :) I've been thinking about this issue for weeks. This standard looks very relevant!


> You could have a notary vouch that you're a licensed driver, or have a college degree, visited a certain country, etc.

Humans, generally, are very bad at caching document fraud. It wouldn't be a vouch for a licensed driver but instead it would be a vouch for "a bit of plastic that looked like a driving license to me".

There is lots of sophisticated fraud and often automated solutions have a much higher rate of detection than your average person, even with some training against common attacks.


Certificate authorities with brick and mortar locations would be an improvement over the current USA situation of SSN+DOB as master password to all IRL accounts. Checking a drivers license IRL is better than looking at an uploaded scan or photo. They could use those box scanners casinos use.

The main issue is minimizing cost. Dot com companies and banks don't want to pay for this so they peg online identities and account security to SMS effectively pushing off the problem to cellular companies. Cellular companies lack the competence to handle IAM. Opening a branch in every city is very expensive and companies don't want to even pay ~$10 for an offshore script reader to check a SMS code and verify "public information" off a credit report.

Credit card companies that are already liable for fraud usually settle for SSN+DOB, ID scans and aforementioned Equifax data verification because fraud losses are cheaper than in person due diligence.


Absolutely! It would be far from perfect, and, but for the worst-case scenario that the internet currently embodies, not worth pursuing. But there's so much room for improvement today. Just placing a barrier against sock puppet accounts would already be a huge win.


Maybe have the DMV be the notary for driver's licenses?


In my ideal world I never have to deal with notaries and there are no physical documents at all.


Who notarizes the notaries?


The people who consume the notarized documents. If too much crap comes through they can reject the issuer. Kind of like how Symantec CA got dropped by browser makers.

Public notaries are licensed by US state governments. There is generally a background check, brief training course, and application fee. In at least some states they have strict liability for theft of their stamp.


What does it mean to reject the issuer when there are around 4.4 million notaries in the US? What systems are in place now or would need to be created in order to aggregate trust and what are the pros and cons associated with those systems?


For individual notaries file a complaint about incompetence or report them for fraud. Signatures, seals, and watermarks aren't as good as public crypto but that's okay because phone calls, clearinghouses, and the legal system backstops them (especially for reversible transactions).

Rejecting issuers would be more applicable to repeated transactions from a corporate certificate authority.


Reputation?


Why would I ever trust a notary?

As a person being notarized it sounds like I have to give that business more personal information about myself than I usually have to do to get an online identity, as suggested by your subpoena statement.

As a service trying to verify accounts I now have to trust a third party. Maybe the notary has a business that sells fake IDs in the back that are then used in the notarizing process. Maybe my competition set up a burner notary node in order to flood my service with malicious accounts. It sounds like an attack vector.


You've never provided any business with ID? How do you get into nightclubs?

The internet is important. When something is important enough, it is worth the risk. That's why people share secrets with their bank, lawyer, doctor, psychologist, etc.

We are squandering most of the potential of social media, because its design limits worthwhile conversation to hypotheticals. Since there's no reason to trust the honesty or motivations of anyone online, discussing actual data or life-experience is pointless.


> How do you get into nightclubs?

Clubs don't care about identity. In some parts of the world they care about age and outward signs of affluence and/or attractiveness.


I was thinking of North America, where "carding" is still standard practice.


>Age


> If you want a general-purpose open-id style account, you visit a notary, and provide them with a fee and proof of your identity.

This is never going to happen. I will never visit a physical location in order to create an online account. I strongly suspect I'm not alone in this regard.


It would create a small financial (and convenience) pressure to use one identity. Careful design would be needed to ensure that multiple identities are encouraged and accepted.


There is enormous pressure to converge on one identity. IAM has huge network effects. On-boarding customers is an expense so businesses and governments rely heavily on existing rails like email, SSN+DOB, Facebook, SMS, etc. If you don't want to surrender SSN or your whole Facebook profile your only option is to reject the service entirely.


Facebook accounts are available for $1-$10, payable in cryptocurrencies.


More like $25-50. But even then, it likely doesn’t have the attributes attached to it that you want if you have a particular target.


It could also make things like online voting (like, for winners in a contest or features in software) possible which would otherwise be impossible due to multiple accounts.


We have this in The Netherlands but it hasn't picked up yet. It's promising though: https://privacybydesign.foundation/irma-explanation/

The system is attribute based and requires an 'authority' to give you the attribute. After that the attribute lives on your phone and you can give it out to organisations or businesses asking for....:

  - your name
  - whether you are >= 18
  - your address
  - etc.
What's great about it is:

  - you can give out minimal information
  - no 3rd party/intermediary required after you've received an attribute


The future of online identity is centralized.

China is already there. At age 16, you get your picture and fingerprints taken. If you get a phone, its ID is tied to your personal ID. Your WeChat account is tied to that ID. If you ride the subway or bus in a major city, or a train, your ID is recorded when you pay. A combination of phone tracking and facial recognition records where you go in some cities. It's even used to shame jaywalkers.[1]

The US is getting there with Real ID. It's been postponed a year due to the epidemic, but soon you will need a Real ID, checked against your birth registration, to board even a domestic flight.

[1] https://youtu.be/ectdRsyj-zI


As the article mentions, centralized trust has proven that it reaches a certain maximum before being plagued by political, legal, and corruption. I don't know much about the China's state ID system, but based on other systems they've rolled out, I'm sure with enough money and the right contacts you can wipe, fabricate, or change your ID (which is also true for the US). Centralized systems have to also undertake the same problems as decentralized ones, like ensuring records are kept updated, which is no trivial task when providing identity for millions of people(1)

(1) https://www.washingtonpost.com/us-policy/2020/06/25/irs-stim...


Real ID is a contract between the federal government and the states about the security of their existing ID issuing processes. It covers things like, don’t leave ID printers and card stock in podunk branch offices where $12/hour staff can let in their friends at night. Use printing processes that are sufficiently hard to replicate. If your freedom relied on stuff like this, you were already an outlaw, the only implication of Real ID is that now you will need stronger technical skills to produce your next convincing fake. It has nothing to do with where and whether IDs are required. Airport and courthouse security have been requiring IDs for many years now.


I think one of the great parts of the internet is that it promotes this identity decentralisation (or, as i have always thought about it, identity fragmentation). You are allowed to isolate online identity from the rest of your life, or from separate online accounts/personae.

Which is why I am confused as to why the author spent so much time worrying about verifying identity. To me, that feels like it's completely missing the point of fragmenting your online experience. Is the author simply concerned with the amount of power associated with their google login?


There's the "European" ID4Me project (https://id4me.org/), which tries to add federation on top of OpenID Connect / OAuth2. The idea is to give users globally valid IDs that contain a domain name. Using a TXT record on that domain you then specify which OpenID auth provider a service should use to authenticate the user. If you have your own domain this enables you to switch ID providers without having to update your accounts.

In general I like the idea but since it's a EU-style project I don't expect it to go anywhere to be honest. And personally I don't think the benefit over e-mail based authentication is marginal. That said there are some extensions in OpenID Connect that can achieve something similar, and that (IMHO) are more likely to actually get widely adopted.


New Zealand had a program called Real Me. It's based on a completely and totally broken SAML2 implementation, that only gives you back a single token, and then you have to query another web service to get more information. Oh and years ago when we had to implement a product using it, their Identity Providers would give us different responses randomly ... and it once went down for two weeks straight.


What does federation bring here? Aren't OpenID identities already collision free?

I'd love to have SSO under my own control, and while it was theoretically possible with OpenID 2 things have gone backwards with OIDC with everyone supporting it but restricting login to just the big names (Google, Facebook, Apple).

I put together a simple stateless OID2/OIDC identity provider: https://gitlab.com/rendaw/oidle but I have yet to find a website I can actually use it on. I still have hope though.


I had a classic OpenID server and every website I use to authentication against using it has gotten rid of OpenID support. Stackoverflow was the big one. I haven't tried OpenID Connect yet.

https://battlepenguin.com/tech/the-decline-of-openid/


By the way I wanted to say I read that blog post a bunch of times while trying to put together that software! OpenStreetMap and GnuSocial may really be everything on the internet now.

I'd almost sign up for a website at this point just to get a chance to use my OID provider...


> Removing the possibility for anonymity could solve the problem of online toxicity.

Except that it's not possible. And worse, it's just hard enough to evade that only those with malicious goals will manage it.

> Large internet corporations like Google and Facebook allow all to create an account on condition that some personally identifiable information is revealed, usually a phone number.

Also Signal, sadly enough :(

> The benefit is that it deters most from repeatably creating new accounts when older accounts have been flagged or banned due to improper behavior. These companies gain the function of "identity provider": they manage your online identity that can be used to login in different locations of the internet. We all know many websites that offer a "Google login" or "Facebook login".

Yes, it "deters most". And mainly it deters vulnerable people, who need ~anonymity to protect themselves from adversaries. It doesn't deter spammers, trolls, scammers, bot operators, and such. There are just so many ways to use multiple phone numbers. Ranging from free websites to SIM banks. And actually, it's easier just to buy accounts, either fresh or old (which probably means stolen).

So even without getting into concerns about corporate gatekeepers, it's clear that this is a misguided approach.


"Built for individuals, I recently launched Keyoxide which uses cryptographic keypairs to accomplish decentralized identity verification."

So this is about the introduction of a new identity service. From what I get looking into Keyoxide it basically strives to be what Keybase originally intended to be.

From their Keybase migration guide [1]:

"Keyoxide as a partial replacement for Keybase

It's important to moderate expectations and state that Keyoxide only replaces the subset of Keybase features that are considered the "core" features: message encryption, signature verification and identity proofs.

Message decryption and signing are not supported features: they would require you to upload your secret key to a website which is a big no-no.

Encrypted chat and cloud storage are not supported features: there are plenty of dedicated alternative services.

If you need any of these Keybase-specific supports, Keyoxide may not be a full Keybase replacement for you but you could still generate a profile and take advantage of distributed identity proofs."

[1] https://keyoxide.org/guides/migrating-from-keybase


The key difference is that instead of the Keybase server storing verifications, it looks like they tell you to add the link to the proof directly to your key as a notation.

This means the proof isn't dependent on a central server, which seems like a significant improvement.


Yes, I noticed that too. So yes, I believe that this improves on Keybase. Even without the Zoom fail.


I have always felt identity, including online such as domain names, should be decentralized — it’s too much power for a central authority to dictate who gets (and doesn’t get) a name. Further, it’s too easy for people to impersonate others online. It even happened at reddit where the CEO masqueraded as users by modifying their comments [1].

Handshake [2] is a great project that helps decentralize online identity. Not only is naming distribution in the hands of the people with Handshake which ends the deplatforming/censorship debacle the world has been facing recently, but also, anything a name does can be verified with signatures verifiable against the blockchain.

[1] https://www.theverge.com/2016/11/23/13739026/reddit-ceo-stev...

[2] https://handshake.org


The future is Decentralized - you have very large actors working to deploy systems based on the Verifiable Credentials (VC) Data Model (W3C Standard) and the Decentralized Identifiers (soon to be W3C Standard) extensive work is being done on how the data is exchanged (Credential Handler API, OpenID Connect Self Issued Identity Provider (OIDC_SOIP) <- so any installed openID can accept VCs and DID Communications (spec under development at the Decentralized Identity Foundation). Actors supporting this work include wester liberal governments, MSFT, IBM and many many others many cool small startups. We gather twice a year at the Internet Identity Workshop. Our archives for the last 10 years are online.


I support this view.

The DID and VC specs are the most advanced tools we have now to implement decentralized identity, plus there are many startups applying these in real world, solving problems and generating open source implementations.

Btw, I joined the Internet Identity Workshop last spring and it was an incredible experience. (https://internetidentityworkshop.com/)


I hardly ever use any OAuth logins. I use my GH login in a couple of places, but I usually create an email/site-specific ID. 1Password is a nice tool.

That said, the last couple of years, I have gone to great lengths to create a "digital personal brand," which is deliberately designed to help people find me, and tie all of my digital artifacts together.

I think that OAuth logins actually work against that. I want to leave "pointers" all over the place, that point to each other in a public manner. OAuth logins "bury" these pointers, so only "gatekeepers" can see the information.

It definitely means that I have to be a lot more careful, these days, than I used to be, in choosing what I write or expose online, but I don't feel it's too difficult. I like to think that I live a lifestyle that has very little to hide.

I was reading about that Fox writer that just committed career seppuku. I think that is a visceral example, showing that we can't trust the old cloak of anonymity to hide our trail, so it might not be a bad idea to, as Twain said, "live that when we come to die, even the undertaker will be sorry."

It's part of a strategy that seems to be working.

Works for me. YMMV


Your identity is going to come down knowledge of the private key from some sort of public key system. Why not just standardize that?

An excellent example of something perversely non-standardized for identities can be found in messaging. Signal, Matrix, Whatsapp and OMEMO are even supposedly based on the same protocol. In terms of identity they are all complete silos. All the things you establish about an identity on one system is completely unusable on another.

Creating systems to kludge this mess together seems to be a way of avoiding the root problem here...


Keybase kludge's it together, and yet still, no one seems to care or use it.


What happens when the private key is lost? We can either have certificate authorities issue you a new one, or you would need to approach your peers and have e.g. three of them confirm that you've changed keys.


One could also use Shamir's Secret Sharing algorithm to have a number of your peers hold your secret key without them being able to access it. When you've lost the key, you have a subset of the peers reproduce it for you, by sharing their portion of the secret. Cryptography is pretty great.


Then you have lost that particular identity and would have to start over with a new one for that particular aspect of your online life. If you lose it and can get it back somehow then it wasn't really yours in the first place.

You can have as many passphrase protected backups of your identity in as many places as you like so in practice the more likely issue would be where someone else gets access to your private key. So that means some sort of revocation contingency.


Yeah, that is a huge problem. Most people just don't do well at managing keys and credentials. As much as I hate Signal's phone number requirement, I appreciate the reason for it.


I feel like a domain is a nice way to link identities, with a small nominal fee being a nice deterrant to botting. Not the most user-friendly for those not tech savvy, but third-party services could help with setting up such sites.

Make a page on your domain with rel=me links to your social media profiles, have the social media sites link back to your site with a verified symbol next to the link when it scans and validates the rel=me link.

This puts you in control of your verification instead of federating it to a service like Keybase or Keyoxide.


Do you work for a domain registrar?

$10/year * 4 Gigapeople online.

Mandate that much free revenue to the likes of godaddy? No thanks.


The future of online identity is indeed decentralized and not distributed, meaning that users will always have some super nodes to handle their identity on behalf of them. In my opinion Facebook/Twitter/etc are not identity providers, they are silos. Sure they are very successful ones and can even used as identity providers at some places, but as long as they don't open up they can easily die anytime.

The author suggests that services built on top of these Silos that provide proofs of connection between all the identities. I welcome such initiatives and but I doubt they will lead anywhere, cause they are built on top of silos. And a silo, as soon as it figures out it loses money, it will cut down that connection.

What won't die is decentralized published standards and protocols that handle the Identity management through the internet. Starting from plain DNS, we can get AoR for SMTP, SIP, XMPP and on top of that we have frameworks that facilitate the identity management like Oauth2, OpenID etc. All open and standardized. We are getting there, we just need some more time I guess.

That's why I always thought that, Google, who owns emails has much more value than Facebook, that asks for your email. If facebook dies, you lose one aspect of your digital social part. If you lose your email though, you almost lose your online identity. I really can't get how Zuckerberg has missed that.


They did offer @facebook enails once, and it would integrate with your messages app.

It didn’t really take off though, and I guess was quietly withdrawn.

https://techcrunch.com/2010/11/15/facebook-messaging/


yeah I remember that but it was never really pushed forward properly


I believe that in this day and age we probably all need at least two identities: the birth/official transparent, trusted one for official/professional use and an anonymous one for unofficial/online things.

But this is because I think nobody should be fired, de-platformed, banned or "canceled" for opinions/thoughts outside of those contexts.

Sure you could be fired from your work if you started shouting your opinions on your workplace. No you shouldn't be fired from your work for anything that happened outside that work.

Anonymity is needed for the sake of free thinking as a shield to any current/future mob that could ruin your life/career for just any reason at all.

In 10 Years you might find yourself ostracized because someone found some 20yo old snippet of code you wrote with "banned words" in them.

I used to think it was an acquired thing that you could have free opinions with your official identity (political or anything) and not risk your livelihood for opinions but the thought enforcing mobs are now everywhere and most companies will bend the knee to their bidding.

And obviously this identity needs to be decentralized to also protect that identity itself from being ruined by the various de-platforming attempts.

These days, I'm genuinely more concerned about the current mob rule mentality than government oppression.


Reading the comments, I learned that OpenID is not centralised but rather provides federation support. I wish I'd known about this sooner before it died, because it would've been fun to try and use.

I'm sure decentralized authentication won't come on commercial platforms though. Maybe some developer-centric services will add support once the Next Big Thing in authentication and authorization comes along, but companies want to keep as much of their account system under their control as possible. It might be because of data mining, it might be because of bot prevention, it might be because of fear of trusting external providers, but I just don't see any reason why companies would accept such an authentication system.

The closest thing I can see happening is a federated authentication platform like the EU is implementing with EIDAS. Authentication with your home government for EU-wide services, tied to your ID card. I don't think something like that will be implemented for much more than government institutions and banking, despite the idea having been proven to work.

Simply put, as long as it doesn't make business sense to trust another provider, businesses won't offer any decentralized authentication methods.


I’m happy to support IndieAuth (a decentralized identity protocol built on top of OAuth 2.0) on my site and give people the option to use their personal site, if they have one, as a way of identifying themselves and performing authentication.

I described the motivation in more detail at https://github.com/shurcooL/home/issues/34.


"A Truly Self-Sovereign Identity System", our academic work with Tor-like privacy[1].

This goes beyond owning your identity. Has government sponsorship. The EU is currently taking the lead in this area, search terms: "ESSIF: The European self-sovereign identity framework".

[1] https://arxiv.org/abs/2007.00415


Agree.It is decentralized. You need to be able to maintain your identity as a currency whereby you get compensated for access to it vs. others who get to monitize your persona. Google, LinkedIn, FB all do this. If you grant specific rights you maintain your identity and get compensated directly for a business to gain access to market, contact, or interact with you.


A post on decentralized identity without talking about the Decentralized Identity Foundation (https://identity.foundation/), right there on the first page when you type "decentralized" and "identity" in Google?


Huh. Do they do more than establish standards?



I'm surprised that BrightID or 3BOX aren't mentioned for decentralized solutions:

https://www.brightid.org/

https://3box.io/hub


It won't be 'decentralized' like 'blockchain' it will be 'decentralized' like 'a hundred different versions of tech, standards, identity providers and use cases'. Big Corps, startups, banks, and probably the slowest mover - government.

And it'll continue to mostly be 'account management' and not 'identity management' proper. We are going to want to 'share less' in a way, as the only real means really to keep our privacy.

Your bank account info is effectively secure, so are your medical records. So are your images if you store them with the right provider. The rest ... not so much.

It's neither utopian, nor dystopian, just 'what it is'.


> The solution is relatively simple. When you create a new account and get to choose between "Google login", "Facebook login" and "Email login", pick "Email login".

Sorry, but no. I do not trust Random Website where I create an account for occasional usage to keep my email and password combo safe. I do trust Google and Facebook to do that. I also enjoy the great experience they offer when I have to delete said account: just go to google account page and delete the website from "my logins" or whatever they call it. Most websites don't even have a procedure to delete account.


Identity as a noun is problematic and IMHO usually reflects miscomprehension. Identity is a relationship. The identity function maps something onto itself. Authentication checks if the current entity is an entity you remember.


This makes tracking slightly more difficult, but does it really make significant difference when you consider all the tools at tracking companies' disposal?

How does it prevent linking those identities with real identities by using tools like browser fingerprinting, tracking preferences and stylometry?

I don't really see a way to keep my commenting (and even browsing to some extent) user friendly and disconnected from my real persona, so I act accordingly.

However, I'd like to be proved wrong.


> Built for individuals, I recently launched Keyoxide which uses cryptographic keypairs to accomplish decentralized identity verification. While it doesn't (and shouldn't!) link an account to a person in the physical realm, it links accounts across platforms.

I'm glad to see this! Although it seems to be hugged to death right now :( I had been using KeyBase for this, but after the recent sale to Zoom, I've backed away.


Working on something like this:

https://github.com/Qbix/auth

The DID spec has been the one big success so far, but implementations matter. Our implementation has been open sourced, and is compatible with oAuth and other specs like DID:

https://github.com/Qbix/Platform


> On today's internet, the best we can do is make fully separated accounts, link them using technologies like decentralized online identity proofs and create our own online personas, with our own open tools that ensure we maintain ownership over them.

That's for sure how I see it :) It gives everyone the choice of what mix of real names and ~anonymous personas to use, and how to link them.


It is tragic that Mozilla killed Persona just when it was starting to take off. Sadly I didn’t save the link to a retrospective written by the project lead, in which it was explained that they gave up because it was taking too long. But internet standards aren’t like a Megabar that you can foist on everyone within 6 months, they take years.



Feels like you'd have to lean significantly away from anonymisation to want to leave public proofs of cross account identities lying around. Maybe that's a more common use case for businesses and high profile people though than wanting to link, say, a pseudo-anonymous forum account with a payment account.


"As tempting as the alternative is, making these changes will improve your life"

I know most people on HN believe this, or want to believe this, or especially want everyone else to believe this, but I still think the statement needs support. Or at least a qualifier like "in my opinion."


This paper on a "Decentralized Information Sharing Platform" from some Hong Kong university students is interesting. https://arxiv.org/abs/2002.04533


We literally had this with OpenID. If I remember correctly, it pre-dated Facebook and the flurry of "Login with XXX" type authentications. But the corporations like their walled gardens too much and OpenID fell out of favor.


OpenID was replaced by OpenID Connect and SAML.

They mostly operate in federations, which is neither centralized nor decentralized.


Sounds a lot like IndieAuth, but with keys and math instead of "centralized" DNS.

https://en.m.wikipedia.org/wiki/IndieAuth


Correctly identified problem.

Far too technical and obscure a solution for 99% of the world.

I think Apple, while not a complete solution, shows a path forward with Sign In with Apple allowing you to generate a relay email.

As always, whoever nails the user experience will win.


Fully agree. I've had the opportunity to work on identity at 2 former employers. We tried to push things in this direction as part of exploration work including discussions with Mozilla around Persona and much more. Unfortunately every time, we met a fairly insurmountable problem - most users just don't get it, and even if they get it, they don't care.

I agree this is where things need to move, but we need to make it so simple that users who don't care can still use it and those who do can get the most out of it.


The early internet was all about anonymity. People were actually enthused about the lack of censorship. These days we want to connect your username to your identity, and jail you for impure thoughts


Identitfier systems will always be distributed in that even in a world where it is entirely centralized, someone can create another one. Now it's distributed. The power is in your hands.


Maybe I’m missing something but the author mentioned using email instead of Facebook/Google login. Why come up with a complex crypto protocol instead of using email as the identity key?


Because email alone is vulnerable, without two-factor authentication. And keys are a great second factor, except for the risk of losing them. Phone numbers are commonly used, but that's more PII to share, and it can be bypassed. Also, with something like Keybase or Keyoxide, you can still use multiple email addresses.



I've been advocating online ~anonymity for many years, and exploring relevant methods. But I also can't ignore the downsides, particularly the role of authentication.

I'll have more to say here. But for now, I'll just invite any who are interested in further discussion to a Podaero group: https://podaero.com/dashboard with invite code "44e5576d".


why isn't there an OAuth system that is purely GPG keys based. For example I could sign some custom message from the server using only my keys, without ever having to deal with emails.

This way sign-up is as seamless as login. Is there anything like this I can use? Are websites not doing this because of spam and other issues?


You may be interested in https://indieauth.com/pgp


exactly what I was looking for. thanks!


Isn't identity already centralized? Just about every website with a login system has self-asserted ID.


decentralized


Nothing will be decentralized in the future. It's going to be Amazon all the way down.


There are quite a few ideas and implementations on top of Ethereum for decentralized identity that are interesting as well. [1]

1. https://docs.ethhub.io/built-on-ethereum/identity/identity-o...


TL;DR advice is to use email as your account ID method on various sites, and author's new service to 'verify' the accounts in a central place so people will know they are the same user between sites.

This isn't really decentralization is it?, it's a new kind of account linking which requires one to trust the central verification authority.

Maybe I'm missing something.


You wouldn't need to use your email as account id. The account id could even be completely random, as long as you manage to link back from that account to your key (in case of twitter, a tweet with the key fingerprint), anything works! Just add a link to that account to your key.

With regards to decentralization: keyoxide doesn't hold the proofs. Your key does. You can take your key to any verification system, whether it is keyoxide website or some CLI tool or an app, and have that verify the proofs. Yes, you do need to trust the service. But that's where the open source and hopefully one day, network effect comes into play. If enough knowledgeable people trust it and talk about it, then less-techy people might one day too.

In the end, what is important to note is this: keyoxide is just an implementation detail. If soon a different service becomes much more popular and used, the "decentralized identity proofs" ecosystem still wins! I would love to see apps get developed where anyone can at the press of a button verify online identities. That will be the next big milestone.


I agree with a lot of this post. A lot of the left-leaning intellectuals that are now criticizing the harder-left stances in academia; people like Brent Weinstine, Jonathan Haidt, Sam Harris, et. al. ... I've heard all of them say they want less anonymity and more accounts tied to real identities.

Whenever I hear this I think, "What? No! That's the opposite direction we should be going." Identities that are hard locked to real people makes it so easy to harass, mob, cancel and abuse people. At least in the US, most employers are at-will, allowing for Viewpoint Discrimination.

Anonymity does have its issues. It also does allow people to harass with more impunity. But in many ways, it also exposes more of the deep self and the controversial ideas people have that they are less and less likely to discuss outside of anonymity.

Even semi-anonymous platforms like Reddit are going back on previous commitments to free expression of ideas; and the effect is that Reddit is becoming more one-sided/one-direction, just like the platforms everyone is fleeing into.

Always use your e-mail to sign up for things. I rarely ever allow applications to connect via social media/OAuth. There was a time on the Internet where we thought all identity providers could be interchangeable. I ran an OpenID IDP for years, but fewer and fewer sites allow OpenID logins:

https://battlepenguin.com/tech/the-decline-of-openid/


how about we have a whole range of options so that we can express our full selves via the various venues made available?

sometimes you want (pseudo-)anonymity and sometimes you don't. being able to pick and choose seems to offer the greatest freedom, rather than pigeon-holing everyone into one option.


This! While sometimes I want to use a pseudonym, there are many times I want to say "I am the human who I say I am," and currently, that means hoping a platform will magically verify me (if they even verify anyone) or, I suppose, posting a copy of my ID to the internet, and even that doesn't work so well.

While there are many routes to be semi-anonymous, there are very few to being verified (or maybe I just don't know about them)


On the contrary, I advise everyone to use real-name identities wherever they can. I understand that pseudonymous and real name accounts have fundamentally different approaches, but I think, for the majority of people, pseudonymous accounts are a mistake.

The reason is simple. In 2020, everybody is a brand. Things have become competitive to the point that the inevitable happened: business has occupied free time. We could lament that, or we could accept it, because it's the reality today, and I don't think we're ever going back.

Personally I think pseudonyms are a legacy of a time when the Internet was not taken seriously and whatsupdoggg69 was a perfectly valid username in a place where nothing mattered and Internet work had no monetary value.

That's changed, a lot. That viewpoint - which, to be honest, was probably questionable, even then - seems definitely wrong now. It seems more and more like the wrong path, and you don't have to go down it.

You need to start posting under your real name, and then keep doing that, so people know they can go to your advice, expertise, friendship, a place to pay attention, etc. That has a lot of monetary value.

My philosophy here is: unless you intentionally chose to leave money on the table, you should never leave money on the table.

So if you're working in 2020 at a prestigious or a first-mover startup (which covers a lot of startups), don't go on reddit and post memes under some name that will always be worth $0.

Instead, go on Twitter, post under your real name, and start becoming known as the go-to person for your niche of the industry.

If you are working at a startup, and building a name launched out of a startup (no lawyer is going to attempt to claim your real name social media handle), you can launch a consultancy, just off that.

Assuming your consultancy brings in 100k a year and businesses often sell for 10x revenue (a pretty reasonably assumption), then doing that over 10 years can build you a $1,000,000 consultancy.

Given those numbers, I think it's positively stupid to turn down $1,000,000 for the sake of a few forgettable jokes and political opinions that, let's face it, in the case of the average person, are not changing anything.

Instead, do the smart thing, claim that $1,000,000, and get used to using real names & real name content for everything.


Why not do both?

As you say, using your real name builds your brand. However, you must then be very careful to avoid saying stuff that damages your brand. And as you basically say, you must therefore censor yourself online.

So why not do other stuff using pseudonyms? That's exactly why I started using them. I'm retired now, so there's really nothing about my meatspace identity to protect. But when there was, having the freedom to express myself honestly online was important to me. In particular, because I had to police my meatspace behavior so carefully.


I've given this a lot of thought (I also practice what I preach - I 95% post under my real name).

I advise against that, because in my experience, when you have a real name and a pseudonym account, there's a strong temptation to post all your edgy, attention-grabbing content to the alt, and all the boring content to your real name account.

Which is really bad for your main account, actually.

Note that some of the most popular personalities on Twitter - Elon Musk, Balaji Srinivasan - take this "carefully moderate your opinions unless it's a pseudonym" approach and stomp all over it. They are the total opposite of that. I think there's a lesson there, too: to really reach the stratosphere (including fame and wealth), as an unknown person, you probably need to take some risks and post risk-taking content, and associate it with a name+face where people can rally to you.

To be clear, I'm not making the moral argument that pseudonyms are cowardly or a moral failing, so don't use them. I'm making the purely self-interested argument that your content is worth money and you should monetize it under your real name, because it's the best vehicle for that.


That works for some, but for others it's been disastrous. And sometimes, it goes from popularly edgy to canceled in a flash. But yes, I agree that keeping a real name account totally boring is also risky.


...left-leaning intellectuals...

Didn't you get the memo? We're supposed to like government surveillance now. After all, now FBI/CIA/NSA are on our side and we can totally trust them forever.


How would people who want to be the next Haidt or Harris build up authority (i.e. a reputation/brand) if identity becomes decentralized and ephemeral?


Urbit already done it.


Can someone point me to a resource that cuts through all of the jargon that Urbit uses and describe what it does that is new? I've browsed through their website and Hoon, the programming language, and can't find anything intriguing besides a bunch of new names and glyphs for existing terminology.

Is it just new age cabala of decentralized tech to generate hype and intrigue? I've seen a lot of projects fall into this techno-wizardry naming trap, and enjoyed it myself, but I'm starting to get tired of the overhead of such abstractions.


ah, the TempleOS of decentralization.


Is it possible to add proofs for phone, credit card ?


[flagged]


I 100% agree with you, but generally I find "in before..." comments to be unhelpful at best and harmful to the discussion at worst. In the latter case, it's typically because it's not only attacking on a straw man, it's actually announcing, "Hey, I'm creating a straw man!" at the beginning of the comment.

If you do want to head off the crypto founders before they show up, perhaps you could write a comment along the lines of, "In case anyone is wondering, here are the reasons cryptocurrency/identity makes no sense when solving this problem..."


or

"I predict from prior experience that a bunch of cryptocurrency identity bagholders from 2017 will show up to shill their useless project not realizing it will never catch on and that product's adoption will never buoy their bags even if it did catch on"



I see that they've updated their website since I last looked at it. They still use some abstract art and meaningless pictures of nature to explain their concepts, but at least the description makes sense now.

Sadly the system cannot be used easily for any applications storing personal information since your identity is tied to a blockchain and the GDPR requires companies to make information deletable.

The reliance on abstract art for trying to make their points come across are still to vague for me to give the project a try, but who knows, maybe in another year or two the project and its concepts will actually be understandable enough for me to give it a shot.


Urbit does seem to have an over abundance of weird jargon and glyphs that reinvent existing technologies, it just reeks of techno-alchemy.

As to your second point, I'm curious if any decentralized system will ever allow for full deletion of information once it has been replicated by another client. Any gossip protocol, or decentralized CRDT document system has to take into account that a client will go offline and retain information once it has been released into the wild. Whether or not a request to "delete" or hide that information is followed through with is almost impossible to regulate. It's perhaps more important to realize that what we publish, may always exist out there.

That being said, clients could randomly ask for "tombstoned" information to verify that other clients comply to a delete request, but it will likely always exist somewhere.


Yes, it might be de-centralized, but in a different way. It will simply be distributed to different bureaucracies/aristocracies/warlords/agencies/etc. with each jealously holds their part and tries to grab the rest from other players.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: