DNS is good enough for companies, governments, schools, organizations, military etc. Not to mention that most other identities are tied to a DNS identity of some sort. Sure it’s not ideal as something completely trust less and distribute like PGP, but it’s been 33 years and no one can come up with a decent UX for that because it’s not really possible. $8 a year is a barrier to entry, especially if you consider people in economies where that’s significant. But that’s when you tie your identity to someone else like gmail.com or yahoo.com or bsky.social. When you can afford it, you get to manage your own. it’s good enough.
Yes, DNS is good enough for organizations (though I should note that governments don't rely on DNS registrars, they run their own). The crucial difference is that organizations can hire people to care about those things, or hire lawyers to ensure they can be recovered if accidentally lost. And in fact many of these organizations change domains in the longer run for various reasons. So even there, DNS is often only used as a solution to identity at one point in time, it's not meant as a permanent solution for the entire life of an organization.
For individuals, the cost of losing your domain is far too high if it means losing your identity on multiple services at the same time. And, if nothing else, people eventually die, so domains will be lost by their original owner and then re-used, breaking the notion of identity again in the longer run.
There can be two kinds of identities: your actual legal one and ones you should be okay with losing.
People keep devising more and more involved ways to maintain identities other than your legal one, but if you think about it you can still lose any of those ways (your domain name, your private key, etc.) and in the end no one should use them for anything serious.
Identity also needs to be hard to copy (which is the main reason e.g. you would not want to use your a hash of your DNA as an identity -- it would be hard to lose but easy to copy).
How hard is it to run a registrar? I’d assume there are decent open source components to manage it. It’s basically a key value store. Why couldn’t governments provide a stable domain name for each individual?
No it is not. It is the easiest way for a country to block as MiTM is not only possible, it is the expected way of how DNS operate. I think it is not very common in US (as of now) that the government censors using DNS, but it is very popular in countries like India.
And if you take 1000s of judges of different ideologies who could do it, I would rather put my trust in Google that they won't mistakenly ban my account.
The possibility of being MitM (or really anything else to do with connecting or blocking the site) has nothing to do with the point the parent comment was trying to make, which is that DNS names very much are used as identities by many companies and organizations.
Entire brands are built around domain names, and even when not, they’re extremely common in advertising for most brands. To the tune of thousands or tens of thousands of dollars spent to acquire the right domain name.
Twitter handle could cost 10s of thousands of dollar and it is a part of brand value, lot of times even more so than domain name. How is it worse identity than DNS?
While there's some truth to this, it's more of an incidental problem with DNS than an intrinsic one. There's nothing preventing registrars from simplifying their UX to target average customers, including multi-year registrations and ample warning systems.
No, it's really a fundamental problem with DNS. Owning a DNS name is, by design, a temporary deal. Ultimately the domain name system is meant to help give a user-readable name to your IP, not to establish your identity for your entire life.
Conversely it is a good - or at least adequate - platform for businesses to build their identity on.
But I don't know if this is being imagined as "how businesses will communicate on our platform" or it is being treated as "regular users will totally manage their own DNS".
As someone who worked in e-commerce with high value brands, this is entirely true. If you even slightly infringe on a brand name, they will throw lawyers at you and the simple threat of bankruptcy will have you handing over the domain. I’ve seen it happen too many times to count.
Relevent concept: Zooko's Triangle [1]: it's hard to have a naming system which is decentralised and secure against spoofing without giving you long and random (or hashed) names, like with .onion services
devjab is saying how having identity based on domain names you own is better than identity based on server instances (or centralized social media providers like FB, Google etc). You haven't really refuted their point, which still stands in spite of risk of losing your domain if you don't pay in time.
Btw, do you have a better proposal to mitigate the risk of failure to renew domain registration in time?
The status right now is that you have one identity for each service you interact with. If that service decides to ban you or goes down or you get your identity stolen, you lose that identity, but keep your identity on all of the other services you use. In the worse case, if you didn't tell people about your other identities ahead of time, they may still search for you and find you somewhere else.
If several services recognized your identity by virtue of having the same domain name, the fallout from losing that identity is much worse: you lose access to all these services at once, and whoever gets the domain name next will gain access to all of your followers and have a pre-built history. And if one service decides to ban you, you'll be exactly where you were if your identity was specific to that service.
So, with DNS-based cross-service identities, you are at best in the same place as having service-specific identities, and at worse, much worse off.
Additionally, a service which bans your account will typically not give the same name to a new user, or, even if they do, they will still separate the two identities / cleanup all previous posts. A DNS registrar will absolutely give the same domain to someone else if you stop paying for it, and any services which recognize that as your identity may not even know that a change in ownership has taken place.
The only stable life-long identity system I know of are state-assigned identities (with the court system as a last line for complex cases).
Apart from that, I think per-service identities are the best that can be hoped for. If I choose to engage with Facebook, I have to trust them to some extent anyway, so trusting them with my identity on Facebook is probably good enough. If I want to establish that some Twitter identity is the same as some Instagram identity, I can do so by directly referencing them from one another. I don't think we can do much better than that without involving the state.
PKI can authenticate a message to a key, but can't resolve human name to a key unless it'll be highly centralized, well moderated and not cancellable. Maybe if a user just couldn't choose the ID at all, that could destroy the motive to spoof an ID, and solve the problem?
Blockchain does not by itself solve identity. You can build identity solutions atop a blockchain, sure. But “built as a blockchain” does not at all hint towards your blueprint to solving this problem.
That's the same for other alternative distributed name systems like DHT based naming. For example, how should the DHT be bootstrapped, should there be any universal root zones, etc etc. GNS and IPNS are both DHT based naming systems which make different choices, much like there are various blockchain based naming systems out there.
Anyway my understanding is that Bluesky uses DIDs for exactly that reason, to punt the actual naming implementation and avoid silly internet fights like this.
You can’t ignore the cryptocurrency layer, it’s required to fund the miners/validators who secure and run the chain. Blockchains don’t work without the cryptocurrency.
And there’s already at least one blockchain purpose-built for naming - https://handshake.org/. Worth reading their design notes on how and why it works as it does.
DNS is really not a good platform to build personal identity on.