We desperately need to break the assumption that email is your identity. It’s like saying your postal address is your identity and if it changes everything gets messy. It doesn't work: it’s not universal and some people don’t even have addresses.
The problem is not that email is privatized (though I agree I’d love to see ssn@id.gov as a usable recovery address), it’s that we’re tied to it as the only way to identify people online. Hopefully webauthn will change this and as long as services accept any signature, we aren't tied to blessed identity providers. So in my book, legislation and political effort need to focus around the “right to self-sign”.
Less abstractly, we cannot allow Google, Apple, and Facebook to become the de-facto blessed ID providers. It’s silly and there’s no meatspace equivalent because it would be absurd like the article points out. We need to require that services accept any email (side rant and any oauth provider url so you can run self-hosted oauth) and, as webauthn proliferates, any signature.
Finally, we need a political solution here because this is not behavior that has or will come naturally. Platforms want to own identity for profit and lock in. Other companies using identity want to only trust certain platforms/oauth providers/vendors for “security” and product simplicity. Nobody is thinking about protecting users’ rights so we must take that upon ourselves.
Nobody really wants government-run auth, but we need it nonetheless. For extreme cases like having your identity stolen, the solution of last resort is "go to a place and talk to a human." No tech company will pay all those salaries to run a free service, so realistically that place is going to the be the DMV or similar.
Speaking as a application developer (digital signatures solution) which has to integrate with government related entities, i'd love an official government-run authentication. Just give me an OAuth endpoint for the government solution which allows me to authenticate users and it will make the life simpler for everyone.
> Nobody really wants government-run auth, but we need it nonetheless.
We really don't.
The most important thing about authentication over the internet is that it enable people to create multiple separate accounts that aren't tied to each other in any way. You can get more than one email address or even phone number. You only get one social security number. If you're required to use that on the internet, it becomes a universal tracking ID. That must never be allowed to happen.
Meanwhile the US government lacks the competence to do this. All of their existing identification methods are either fully insecure (e.g. social security cards) or no better than anything corporations use (e.g. ID cards that can be lost or stolen or hacked). They don't have some special magic that allows you to prove who you are in a unique way. And trying to centralize everything into a single ID only makes it that much worse if you lose access to it or someone else gains access to it.
The actual solution to identification is redundancy and decentralization. You have e.g. a password, an app and an email for any given service. If you lose one you sign in with another and update the one you lost. If all of that fails, you lose access only to the service where it failed, instead of losing your whole life at once.
I empathize with these concerns but think they're outdated by a decade or two. We already have universal tracking IDs, we just don't see them because they're opaque and proprietary. We already use government identification online, we just do it in the dumbest way possible: "please upload a photo of your driver's license." We've got the worst parts of centralized identity and none of the benefits.
> They don't have some special magic that allows you to prove who you are in a unique way.
Yes they do, the magic is called "losing money." FaceGoogAzonRosoft have done everything related to auth that's profitable, but the one thing they will never do is build an office in your hometown and staff it with a person who can do deal with you as an individual and physically hold your two recent utility bills when corner cases or fraud or whatever require it. The government has already built that office and hired that person, and you've already paid for it, so you might as well get some value out of it.
> We already have universal tracking IDs, we just don't see them because they're opaque and proprietary.
This is simply not true. I can go to a public library, sign up for a free email account, sign up for Google or Twitter without it being tied to my name or face or work email etc.
If signing up for any of that required giving them something tied to your social security number, that wouldn't be possible, and that must not happen.
> We already use government identification online, we just do it in the dumbest way possible: "please upload a photo of your driver's license."
The vast majority of websites don't require this, specifically because it's a pain in the butt. It needs to continue to be a pain in the butt so they continue to not require it. Ideally we should create new ways to make it even more difficult.
> FaceGoogAzonRosoft have done everything related to auth that's profitable, but the one thing they will never do is build an office in your hometown and staff it with a person who can do deal with you as an individual and physically hold your two recent utility bills when corner cases or fraud or whatever require it.
That has just no security value whatsoever. A utility bill is a piece of paper. Anybody with a printer can forge one in five minutes.
On top of that, who still gets a utility bill in the mail?
First, I don't think you're being realistic about how tracking works nowadays. Google will will link your new "anonymous" account to your established tracking profile as soon as you access it from a device or geographical location associated with your existing account. This is true even if you never visit any Google owned domain, through the magic of shared tracking IDs.
Second, your position rests on the assumption that this hypothetical federal ID will be mandatory. How will it be "required"? By whom? If the government makes a federal oauth, and it works well, sure, some webapps might require it, but they can also just require your identity today. I think you haven't wrapped your mind around the idea that any big tech company that doesn't already have your identity doesn't want it. Google doesn't care about your SSN, they care about your browsing and shopping history, but the day they decide they want it, they'll demand it, and you'll comply or go without Google services (and they'll probably get it from data sharing partner anyway). None of that would change due to what I'm proposing.
> Google will will link your new "anonymous" account to your established tracking profile as soon as you access it from a device or geographical location associated with your existing account. This is true even if you never visit any Google owned domain, through the magic of shared tracking IDs.
A separate device is <$50. Local VMs are ~free. VPNs hide "geographical location" and anyway they were never unambiguous because there can be arbitrarily many people in the same place.
> Second, your position rests on the assumption that this hypothetical federal ID will be mandatory. How will it be "required"?
If you make it easy to use and use of it allows you to be tracked more effectively then websites that want to track you more effectively will require its use.
> but they can also just require your identity today.
That is more difficult to do now and so they do it less. Making it easier would allow them to do it more, which is bad.
I mean there are two options. One is nobody would use it, and then it shouldn't exist. The other is that people would use it, which is bad, and so it shouldn't exist.
I’ve read all the subthreads and want to cut to the chase here (because I think you’re being hyperbolic): you need both.
You need a decentralized philosophical and technical concept of identity. Nobody owns who you are except you. Self-sovereign ra ra yay.
But we also need to be able to integrate this self-sovereign identity with organized systems of shared sovereignty (gov’t). It’s silly that in 2023 I can’t oauth against id.gov using webauthn and obtain a signed assertion containing my SSN, or that I don't get a digital certificate alongside my physical drivers license, for instance.
The advantage of the government is that it is rather difficult for it to ignore you. If you exist, you pay taxes type "you won't be ignored."
However, if you are fraudster and get to the point where Apple and Facebook and Google all cancel their accounts with you for non-payment or use of stolen credit cards of whatever other reason that a company would decline to do business with an individual...
Well, now you don't exist since the big IDPs won't auth you.
Or, are we suggesting that we legislate so that companies are required to do business with individuals who are making fraudulent use of their services?
The only reasonable organization to do this is the one that has an inherent obligation to do it and for better or worse, that's the government.
> The advantage of the government is that it is rather difficult for it to ignore you. If you exist, you pay taxes type "you won't be ignored."
No, the Government has a long track record of successfully ignoring people who have hard to solve problems.[1]
> ...we legislate so that companies are required to do business with individuals who are making fraudulent use of their services
I suppose instead of just canceling your account and you losing your email, you could get arrested and charged. Or more likely end up having to use facial recognition[2] administered by a third party which is incapable of verifying people. If you think going to the Social Security Administration to have a paper card printed for you is bad, wait until you have to go to have your password reset...
Or we can legislate Google, Apple and co that if someone holds an account with them and is banned they are entitled to a human led review process, possibly by a third party or other group. We can legislate that if you're a customer in good standing, they have to have human support available. Does this mean they might be more stingy with "free" services? Probably - that isn't a bad thing. Most people take offense to Walmart moving in to areas, taking a loss for a year or two to steal customers and close local stores and then jacking up prices. I don't understand why we're ok with big tech getting a pass to do the same thing digitally.
The Kafkaesque solution! This is the sort of stealthy approach that puts the auth in authoritarianism. It is not appropriate to make a person's personhood the call of some bureaucrat. The scope for abuse is staggering.
FWIW, an ID, digital or otherwise, is not your personhood. It's a number that allows service providers to keep track of your use of those services, which ultimately is required for them to be sustainably provided.
What you're saying boils down to: we cannot allow service providers to enforce any quotas, limits, or payment requirements, on the services they provide.
It could be a network of companies that safeguard your keys. You give five parts of a key to five agencies and you need three to replace the lost/leaked keys.
The hard part isn't storing it, the hard part is updating it. What do you do when the automated process fails due to a corner case, like your angry ex using your phone to reset your credentials? The government solution might be annoying or time consuming, but the private sector answer is "Go fuck yourself."
Exactly. A government system providing the last line of authentication defense would be ideal. A single point of access where you can say "my credentials have been compromised please shut down those credentials and help me create new ones", and where businesses can check "hey is this person linked to a real account? Can I get a hash to confirm that the account is unique?".
The government solution is the one that enables identity theft. Right now that means taking out credit in someone else's name etc., and we put the cost of that on some large organization or insurance company and just eat it.
Start using that identity mechanism for everything and that vulnerability spreads to everything. Someone compromises your ID and then starts trying it against every service on the internet. They get your bank and retirement savings and drain your accounts, ransomware all your files and your employer's files, read through your messages on every platform to find something to blackmail you with so you don't go to the police, sign into your router and use your IP address for criminal activity etc.
I'd much rather be told to go fuck myself by one service than have my life wrecked because a low level bureaucrat issued someone else a universal ID in my name.
> The government solution is the one that enables identity theft. Right now that means taking out credit in someone else's name etc., and we put the cost of that on some large organization or insurance company and just eat it.
How do you get back a compromised Google or Facebook or Twitter account?
If your former spouse changes your password on google and is able to answer every security question you've set up just as well as you can... what can you do about it?
On the other hand, when the change of address form at the post office goes in you can walk into the post office and say "this is my government issued ID and I still live at this location. Change my address back to my proper residence and put a hold on future address changes for that address without verification."
> How do you get back a compromised Google or Facebook or Twitter account?
If you had 16 followers, create a new one. If you had 16M, you get on the front page of HN etc. and they fix it.
> If your former spouse changes your password on google and is able to answer every security question you've set up just as well as you can... what can you do about it?
Have them prosecuted for fraud so they have to change it back. You don't need centralized identity for that.
> On the other hand, when the change of address form at the post office goes in you can walk into the post office and say "this is my government issued ID and I still live at this location. Change my address back to my proper residence and put a hold on future address changes for that address without verification."
So instead your ex files the ID renewal form with an "updated" picture of their friend instead of you, has the new ID sent to your old address (i.e. their address), and then prevents you from filing a change of address form or getting a new ID.
You can't rely on either, not for auth, not if you want to actually own it. People fall through the cracks everywhere, so there shouldn't be any cracks to fall through.
I was also about to mention SSI.
The Decentralized Identifiers (DIDs) [1], and Verifiable Credentials [2] are W3C Recommendations for solving this exact problem. There are implementations of these also - check Hyperledger Indy and the Identity Foundation projects [3].
I along with IBM Research folks wrote a paper on even more interesting ways of exchanging identity information between two entities called Private Certifier Intersection [4].
"Self-sovereign" means each individual is their own identity provider.
"Identities" must be uniquely identifiable, otherwise... they're not identities, they're just bits of data.
Practically, that means there must be a centrally-managed namespace of identities that is tightly regulated, ACID-compliant, etc. Federation is practical here, but it will all tie back to the central entity (e.g. government).
PKI can be both self-sovereign and unique. Look at crypto currencies- wallets are uniquely yours and also free from a central identity provider (since you only need the private key). You don’t need a blockchain. Self-signed certs are enough for people to auth their candy crush accounts.
I think you're conflating two things. Creating infinite identities is known as the sybil problem is cybersecurity, or sybil attacks. Indeed you need a way to verify identity in the real world with trusted parties to defeat this.
(In my interpretation 'uniquely identifiable' should be satisfied by your unique ability to sign data -- actions, statements, etc. associated with that key. there's a problem of making the identity itself human readable, which essentially needs a name system on top)
That said, I think the government de facto already has many useful functions around identity verification, I think making it more accessible, modern and useful is a good idea. Also with good design practices of digital systems, we can also make things more transparent, auditable, etc.. The downside I would say is the possibility of some kind of catastrophic breach or denial of service event having a large impact (any of our usual web services are subject to that though), and having a fallback offline infrastructure should be worthwhile.
Yet despite that, only one of those certs will work for my account. In fact, it's better for me - I can create a different cert for each service and I can't be tracked.
Philosophically, identity is not "a centrally-managed namespace of identities that is tightly regulated, ACID-compliant, etc.". The government or a bank or airport or certain business might want that level of book-keeping and verification, but that's not inherent to identity. Identity is self-sovereign. I think, therefore I am.
When I go get a drivers license, I'm issued a physical "certificate" by my local government that says I qualify to drive a motor vehicle. It has some useful properties like being hard to counterfeit. A drivers license is not my identity. It's a document that asserts claims about my identity like "I passed a test", "I showed up in person", "I have a utility bill for this address", etc. Meatspace identity is self-sovereign but also sometimes assertions about an identity are made are verified.
All of this is possible with a self-sovereign digital identity system. It's how the CA system works. I make an identity, I get it certified for a short period of time. The CA issues me a digital certificate with useful properties like being hard to counterfeit. It's a document that asserts claims e.g. "I manage this domain". CA system is self-sovereign and also sometimes you verify the authenticity of my certificate.
But the signature on my certificate is not a stable identifier. That's my public key. The pubkey is the identity. The certificate authority just issues and signs a document vouching for it.
So the appropriate digital analog to the present day identity system is one where we create keypairs and then sign assertions about their owners. The thing you're looking for is a modern social security office that looks at your birth certificate, requires you to digitally sign your name, and then issues an assertion along the lines of "a human in possession of this birth certificate showed up before me, a truthful government agent, an signed their name like so". And thus, you have bound some human assertion to a pubkey. (And if your use case cares about a country-unique birth-certificate verified human, then you require the pubkey owner present you the certificate and you verify it.)
Or maybe you're looking for a novel digital email verification service that verifies a given pubkey controls a specific inbox. The email verification service periodically sends you a secret via email, you sign the secret and reply, and in response the service issues you a certificate stating that your pubkey is associated with and in control of the email address it just verified. You re-verify every 3 months. In fact, your email client automatically does it for you as you login via webauthn every so often.
Just like I can wear a mask, have a twin, have my license stolen, copy the data on my license, or use someone else's drivers license in places that don't care about the picture or credit cards in places that don't check the signature, the same can happen with a private key. Identity is not as sophisticated as you are making it out to be.
I agree, but this sounds like it was written in 2000,
Google Apple and Facebook have been the defacto ID providers for years and I don't see that changing without some form of goverment enforced protocol. This won't happen because the goverments just see the power of platforms and want it for themselves.
I'm talking about in a webauthn world. Luckily email being self-hosted is totally normal right now and thank god platforms don't lock that down. However, with webauthn platforms has the chance to nefariously lock down who can sign webauthn challenges. I hope to God they don't or we prevent it.
Falsehoods programmers believe about digital identity: it exists.
Attempts at creating digital identity will invariably be gored by one of the two horns of the bull: either it is recoverable like a password-protected account and therefore anyone who can pass the recovery check can steal that identity, or it is non-recoverable like a crypto wallet address and therefore it can be lost due to carelessness.
Our philosophical concept of an identity is not stealable (you cannot actually become someone else, you can only pretend to be them in some way, and they don’t stop being themselves when you do) nor is it losable (you can’t stop being yourself).
Note that “recoverable” and “non-recoverable” are mutually exhaustive. There really is no third way here.
You might think you can asymptotically approximate a digital identity by making it exponentially hard for anyone except you to pass the recovery check; if you do, you’re also making it harder for you to pass the recovery check - you’re just offloading into the “non-recoverable” failure state (loss).
Likewise, you might think you can asymptotically approximate a digital identity by making it extremely easy to keep the access code so it won’t get lost; if you do, you’re also making it easier for anyone else else to steal the access code - you’re just off-loading into the “recoverable” failure state (theft).
It fundamentally cannot be done. Instead, everything must be built to work without a Single Source of Identity Truth.
> either it is recoverable like a password-protected account and therefore anyone who can pass the recovery check can steal that identity,
That is equally true for physical identity documents like passports and various id cards, and yet it isn't nullifying completely the utility of such documents.
To “log in” to a government service in person (i.e. for the person at the desk to accept that you are you for the duration of your appointment), you have to present at least 100 “points” worth of documents attesting to your identity. A passport is 70 points, a driver’s license is 40 points, and various other documents are 25 or 20 points. In practice the most common way by far is showing your passport and drivers license*.
Both your passport (federally issued) and your drivers license (state issued) have an individual biometric authentication process required for them to be valid: they have a photo on them, and the official checks to see that the photo matches your physical appearance.
So an equivalent digital version of this whole process might be: present a Yubikey (federal) security key (passport) with a successful thumbscan (picture matches), and then present another non-Yubikey (state) security key (drivers license) also with a successful thumbscan (picture matches as well). This logs you in for a single session that expires when you leave the page (valid for just the duration of appointment).
By digital standards this is an onerous authentication process, and it only gets you a short-lived session token at a single service/vendor. Clearly, physical identity documents are grappling with this exact same dilemma.
*: Second most common is showing your drivers license, Medicare card, credit card, and a recent utility bill/bank statement - four pieces of attestation!
Real world licenses and ID's have the added secondary (or primary) benefit of enabling greater economic activity. One can leave the country with a passport, drive a car with a drivers license, grasp medical services with a medicare card, ect. These licenses and IDs are an advantage that lift you up in society.
Digital IDs offer the ability to go 'off-grid' and hide in humility and also to be tracked and seen everywhere you go, without public awareness of it. It has the strongest cultural implications in the US, without a clear advantage to foreigners.
An e-commerce license or a software engineer's certificate based on a paper test that you must upkeep every 5 years or so, would be a largely unpopular, but basically effective way of getting just enough identity out of the people who are paying for stuff and making money on the internet to ID them, when required. You would have to show it makes the user more employable and grant them better access to domestic internet services, as part of the benefits of becoming 'vaguely certified'.
Do we really need more online identity though. The five eyes see it all. Personally, I don't want to hide and I don't want to see what everyone's doing. Let's just get on with trading code and making this whole internet work better.
What you quoted was not a conclusion, it was the statement of a problem. Two options for solving the problem were presented very soon afterwards, and there was a claim that both present contradictions which create difficulties. It was very clear.
> yet it isn't nullifying completely the utility of such documents.
I don't think that anyone is claiming the absolute uselessness of any means of identifying anyone for any purpose, so "complete nullification" shouldn't be the standard. The standard should at least be "more benefit than cost."
I'm pretty disenchanted with blockchain-related things but I am curious about some kind of identity based on real-world reputation, that I suppose blockchain might facilitate more easily than anything else. There are a zillion gotchas with every approach, but the idea could be some process where x amount of people are verified to verify others, one needs more than one real-world verifier (3?), the verification happens but doesn't require public disclosure of any information including who verified, and it can spread out at the speed of actual human connection.
If you use the same ID with multiple websites then it can easily be used to connect them, for better or worse.
Meanwhile, even if you somehow had secure, irrevocable ownership of some kind of identifying name or number, websites could still cancel your account with them for any reason and keep you from logging in with that ID. They can use the ID to more easily share reputation information, similar to credit scores. Your ID could be put on a list, similar to what happens with ad blockers and lists of spammers.
By itself, ownership of a name or number doesn’t get you much. If you use Google to log in to a website, what it’s really providing is a minimal kind of reputation, sort of like how a captcha vouches that you’re probably not a bot. For an ID to be useful, there needs to be reputation attached, and that isn’t something you can do yourself; other people or entities need to vouch for you. It’s also not permanent. Good reputations can go bad if people decide they don’t like you anymore.
Instead of centralizing using a single ID, there’s a lot to be said for having having multiple identities (alts) for when you don’t need reputation and you don’t want what you’re doing to affect unrelated activities.
That's a good point. I think maybe in that case you should just not use their service (if they require you to give your identity for a web service?). I have used a few services like online banking that require me to upload documents that effectively serve as uniquely identifying me individually. This situation doesn't seem to change with a digital id of sorts. I definitely would avoid using a digital id unless absolutely necessary, such as when dealing with banks, or the government itself. In this sense I think digital id is fine (and at least in my country already exists in some ways without any of those issues).
I think at the core digital id is just having a form of asking your government "Can you verify this is me to someone else?" (which is already something you do with id photos, passports, etc.). I wouldn't want to use it everywhere.
I think consumer protection laws that restrict denying digital service to a customer (without something like a criminal or legal basis) or indiscriminately requiring digital ids could be useful in reaping the benefits without the downsides.
> If you use the same ID with multiple websites then it can easily be used to connect them, for better or worse.
This. While I avoid creating accounts as much as I can, when I do, I do not use the same "identity" for each of them. The ability to have multiple independent identities is, in my opinion, essential.
What I don't want about any kind of identity system is that I can only have one.
> What I don't want about any kind of identity system is that I can only have one
The globalist types[0] are looking to implement such a system. From what I have gathered, they want a social credit score. Unvaccinated? Good luck getting a loan. Posted something 'wrong' on an online message-board? You can't travel. And the list goes on...
My argument to all of this, at least in the US, is you don't need the internet to do things or be a person. Yes, it's 1000x more convenient (and cheaper) but you don't need to be online to do things with the government.
Maybe that changes in the near future but the internet is only as real as you make it.
You're going to struggle to get a job or rent a house without using the Internet. That job will almost certainly require you to use the Internet for things like email, while the utilities on that house will send you increasingly absurd volumes of mail about switching to paperless. Some of them may not even have alternative payment that allow you to avoid the Internet.
Exactly and in the US you don't need a drivers license (generally a government-issued ID) to be a person. It helps but it’s not mandatory. The digital equivalent is signatures so digital society needs to be coerced to allow any signature. That doesn't preclude having certificates issued to you when you pass a driving test or meet residency requirements, but those aren’t sources of truth. Your personhood is.
> you don't need the internet to do things or be a person
The new paradigm is that everything has shifted online. The Internet is the proverbial town square. If you don't participate, that's on you, but all manner of discourse happens online now, and most importantly; that discourse shapes public opinion, and can have real lasting change in the world.
[Post author here,] thanks for nailing it! I want anyone to be able to choose any of these two extremes ("right to be forgotten" and "right to be remembered") or anything in between.
I want to be able to configure my Discord or Slack "profile" to have all my messages automatically deleted after say 2 months. But at the same time I also want my email address to be permanently available (even after I die) because it's registered in so many places, tied to so many important things, so that if Google decides to erase me I'll be in a lot of pain...
And although I do use a *payed* GMail account, I do it mainly because I trust them more from a security point of view than I trust myself. However I don't trust them not even 1% not to screw me over if the accountants say it's more profitable to drop GMail...
At the same time I don't trust the government not even 1% not to screw the security of such a system, or not try to misuse it for political gains. But, I also don't see any way out of this situation with the technology, society, economy, and judicial system we have right now...
What do you think about Decentralized Identity (DIDs - https://www.w3.org/TR/did-core/)? With it, you can have several identities and easily generate new ones when needed (but you probably need to have a single, government-recognized identity for the real world).
Unfortunately no purely technical solution works. As I've said in the end of my article:
> We need to support the case when a person wakes but-naked in a corn field, suffering from complete amnesia, and remembering nothing about himself. Today, such a person has a chance of getting his identity back, but in a pure technological world, "the computor just says no!"
----
Regarding the various European ID initiatives: they might seem a good idea, but they don't actually work in practice: for better or worse, our internet solutions seem to have settled on email as the de-facto identification system. Are any of these EU ID initiatives completely interoperable with the email system? If not, they are useful only for purely official interactions with the government, and solve nothing outside of that realm.
Also, because most such ID initiatives are actually X.509 tokens that work solely on Windows, with Adobe products, they are beyond useless...
(Let alone that one costs ~50 EUR per year in my country, Romania...)
I am sorry to be blunt but you seem to be misinformed.
> We need to support the case when a person wakes but-naked in a corn field
DIDs can have a controller, and the controller can be your "real-world" identity... If that is government-issued, you can recover it the same way you recover your identity today in case you lose all your documents. After that, you regain control of all your other DIDs (which you keep to ensure anonimity, e.g. you can have a different DID for each service you sign up with).
> Are any of these EU ID initiatives completely interoperable with the email system? If not, they are useful only for purely official interactions with the government, and solve nothing outside of that realm.
That's plain wrong. It's already possible to use DIDs to sign up with any business you want, though admidetly as the specs are still in flow, there's no much out there other than lots of PoCs - but those already show it's absolutely possible and desirable to use DIDs instead of email addresses... private accounts are an actual liability for most businesses (except those selling your data for marketing purposes, of course).
> Also, because most such ID initiatives are actually X.509 tokens
Where did you get that impression?? There are several DID methods and the most popular so far have nothing to do with X.509 certificates (I think that's what you meant by "token"?). Many are using JWKs (JSON Web Keys) as most alternative solutions do. Check the current registry of DIDs here: https://www.w3.org/TR/did-spec-registries/#did-methods
FWIW, ironically and counter intuitively, "the right to be forgotten" achievement is unlocked with the combo of RealID (or equiv) and "translucent database" techniques.
(Over simplifying: just like properly salted and hashed password files. Lose the password and you cannot retrieve the encrypted data.)
Using your essay as a starting point, I'll start pondering what a future "right to be remembered" system might look like. Both technically and legally.
I put lot of blame for the current situation on the shortsightedness of turn of the century internet activists (cryptoanarchists and hackers and whatnot) who were extremely vocally rejecting any sort of government involvement on the internet
The USA is approx. 250x larger than Estonia, so there's that. Also, there are vested interests that would fight a USA federal ID, due to politics and etc.
The population of Maine is about the size of Estonia. Why can't an individual state try to implement it? Surely that small scale is not a show-stopper.
OK... so at best you wind up with 50 independent state ID systems (although probably fewer, some states will absolutely refuse), none of which have any value outside their respective states (although more likely some do and some don't,) and no political will to integrate them into a single Federal system, out of unreasonable fears the US government will hunt down gun owners and put Christians into re-education camps, and more reasonable fears they might do those things to anyone else. Then what?
It would be trivial for governments to create email addresses for their citizens, and it would be a good idea for general digital enfranchisement.
The problem is that there needs to be laws preventing private companies from requiring this identity, otherwise it would devolve into yet another unique identifier for the surveillance industry to abuse. And in the US context, we don't even have basic privacy laws. So until the abuse of basic identifiers like social security and driver's license numbers gets reigned in, having the government create digital structure just feeds into the surveillance industry.
Personally I think it would be pretty badass to have a system where you could get your stuff signed by government. Rather than a digital identifier you have, what I kind of want is a website where I can go & get a trust-token stamped on something I put out, at whatever level of identity I choose:
"This post is authentically produced by Ged Sparrowhawk, born in Gont, living at Roke Island, a student" or
"This post is authentically produced by a student" or
"This post is authentically produced by someone living in Gont" or
"This post is authentically produced by someone born in Roke" or
"This post is authentically produced by Ged Sparrowhawk"
Giving the user the ability to have an authenticating government stamp their items with whatever level of identifiers they want seems like a far preferrable solution to me than creating a strong identity system. Users can pick whatever fits their desire: residing on the planet Earthsea, the island Roke, the town Thwil, or the place the School of Wizards, or the room whatever there-at. Nation/state/county/town/area/street/address, whatever. Government can let us say what we want about ourselves. This is a far more interesting & flexible proposition to me than creating an identity system.
An authoritative digital address increases the power of the private sector. At present, I think it will always be easy to find a new ID-card provider if your current one locked you out for your cat-video-hating ways. Having a permanent authoritative ID could actually make it harder to get services because it would be easier for the private sector to share information about you.
Imagine you got that address assigned, 42@id.tld. Now, every private company you want to do business with wants you to register using that ID. Now, when you get banned, they can share that ban throughout their network. Because every company requires you to register using your national email address for password recovery, you've created a system that radically expands the power of the private sector to profile you and control your reputation, if not your identity.
Maybe very careful regulation could prohibit companies from asking you for your government email address, but I recall the (apocryphal?) quote by LBJ, "You do not examine legislation in the light of the benefits it will convey if properly administered, but in the light of the wrongs it would do and the harms it would cause if improperly administered."
I prefer your proposed solution of some regulation that treats email like phone or utilities so there are a few protections before services are terminated.
In my country, Italy, all online public services already must accept government-issued digital IDs only, by law.
They come in two forms: SPID (which is just username and password + TOTP, issued by private companies on behalf of the State, but allowing you to change your provider without becoming "a completely different person" [1]), and CIE (which is the new national ID card, and can be used as an electronic ID using any NFC reader).
Additionally, some services allow to log in using equivalent eIDs from other EU countries [2].
The article completely ignores domain name registration. I own a myname.com domain and email address with that domain that I use wherever I need real ID. I also maintain the home page with my latest contact methods. My contacts only need one thing to put in their address book, https://myname.com. I can move registrars easily if needed. I am also not dependent on platforms since people can always find me here if I leave a platform.
Edit: It does not completely ignore this option but frames it a bit restrictively. I set mine for auto renewal and use my domain at an email provider. It is not necessary to run your own SMTP.
> What can you do?
Register your own domain and run your own SMTP server?
Better make sure you renew your domain each year, else...
--- You are no more.
Don't have $5 per month to lease a VPS and run your SMTP server?
--- You are no more.
Has your domain gotten on some mail blacklists?
--- You are not more.
Thinking somewhat along the same scale, I'm planning for having 2 years+ of domain name registration, Fastmail payment & (I should) have Thunderbird constantly syncing the full IMAP to the disk.
In the name of efficiency, it won't be the state doing it until someone, or groups of someone, get sufficiently pissed.
EDIT: passwords & other secrets must be shared with someone of trust.
>What if you fail to renew the domain or to pay for hosting? What if the registrar wants to shut you down? What if your hosting facility catches fire
What if you[1] fail to renew your driver's license, passport, professional certification, homeowner's/renter's insurance and/or refilling your prescription for a life-saving drug? If so, you screwed up. Not paying your bills or maintaining your person-hood and infrastructure is your fault.
Unless (in the US at least) you are a member of a "protected group/class"[0], no one is required to do business with you. And even if you are a member of such a group, good luck proving that you're being discriminated against because of your membership in such a group/class even if that is the case. And even then, there is more than one registrar on the planet.
If my "hosting facility" catches fire, I have much bigger problems (i.e., finding a new place to live and replacing all my belongings) than not getting email. And since there is more than one "hosting facility" (including your own premise), just move to another one.
It's not clear to me what, exactly, you're railing against. Each and every potential issue you mention has a "meat space" parallel that, I imagine (please do correct me if I'm wrong) you are a responsible human who makes sure to do what's necessary to maintain your life/person-hood/place in society.
If those digital things you mention are so unimportant to you that you don't/won't take responsibility to manage them, that's on you, not the rest of the world.
> What if you fail to renew your driver's license, passport, professional certification, homeowner's/renter's insurance and/or refilling your prescription for a life-saving drug?
You just renew them late. There's a risk that you'll need them right then, sure, but generally those mistakes don't lock you out of fixing them for the future. However, a domain is easily irrecoverable.
Same is true for domain names. At least with the registrars that I've used and accidentally allowed my domains to lapse with, the domains stop resolving right away but the registrar doesn't just sell the domain to someone else immediately. You have a grace period to renew it late.
Auto-renewal is a standard feature. You normally don’t have to do anything to renew (other than continue paying the domain fees). You can transfer your domain to a different registrar at any time (for the standard TLDs). If your hosting facility catches fire, you can point your DNS (which should be a different provider, at least for one of primary or secondary DNS) to a new server restored from your backup, at a different hoster. This is usually possible in less than an hour. Email is robust, sender MTAs typically retry for days when your MX is down.
There are plenty of TLD's (top level domains) available. You don't need to use yourname.TLD, but it should be something easy and memorable for your contacts.
Our contribution to solving the digital identity problem is Coze, an open source
and cryptographic messaging specification. [https://github.com/Cyphrme/Coze]
We use Coze to sign messages that authorize user actions, such as uploading
images, logging in, and leaving comments.
If you think government is a purely coercive entity, dedicated to enslaving humanity, why would you want the id that it provides? The reason is to access the services it licences.
Government and its ids, licenses, laws and monopoly on force, is not there to help. And yet, despite all the examples of how government is by far and away the cause of most problems we experience, on hn you will find endless discussion on how to best assist it. Eg here - 'what type of id is best?'. It's amazing.
Programmers, technologists, etc seem to be hardwired to develop the enslavement structure of everyone, including themselves, for the sake of some perceived comforts, such as a nice holiday, better car. Its literally turkeys voting for Christmas, as we plan and develop the hardcore enslavement of the future.
Just think - do woodland creatures need id? Does any individual need an id? No. It is only useful if you want to control access to this or that for others. Ie you want to force your control on others who are doing you no wrong.
Completely agree. The real problem is these services demanding IDs to begin with. They should just accept some random identifier without complaining. That's how it used to be on the internet and it was great. The more the web strays from that, the more painful it becomes. I don't even have to register a nick on IRC but Discord pesters me for my phone number. Why?
Spam is the reason. Phone numbers are a costly resource to spammers. Having them permanently banned from Discord after spamming is a way to keep spam down quite a lot.
I've been working on this exact problem for years, and have solved it differently. If anyone is interested, here's the draft whitepaper on my solution: https://www.stampchat.io/whitepaper.pdf
Not quite sure what's wrong but the FAQ on your site doesn't expand when you click the questions. Debugger says `__webpack_require__` is undefined. (no adblock or scriptblock)
I would offer that Web3 assumes that there are digital identities owned by the user, typically by proving control of a private key.
It doesn't really solve any of the traditional usability problems of maintaining a private key, which is why so many users end up just signing up for a website that will handle it for them.
Specifically the issues that come to mind are key recovery and rotation.
What amount of personal hardware resources does a person need in order to have "full control?"
Is there a way to guarantee that a user maintains "full control" over their identity as opposed to having it be stored on a 3rd party site?
What would a 3rd party site that is operating less than trustworthy (a not uncommon situation in the web3 world) way be able to do with an identity that they hold in trust for someone who doesn't possess the consistent access to the previously mentioned hardware resources?
If your only computing device is your phone and someone steals it, do you lose your identity?
In the event that your house burnt down and all of your computing resources have been destroyed, is there a way to attest to be able to recover your identity?
In the event that your evil twin decides to burn down your house, what mechanisms exist to prevent them from claiming your identity?
"Full control" by being forced to engage with a protocol they never designed in order to authenticate their own existence? That sounds more like full submission to me.
Yeah I am bearish on the web3 identity space because it’s chain infected. They are attacking the right problems but IMO not deploying the right solution. Just allow self-signed identity not backed by a chain.
If DIDs are just a self-signed document format/spec for what the fields look like and how to handle/process one and how to attach signed assertions then great! That's all we need. I thought the idea was you'd publish your identity to a chain and the chain would "ratify" it or something. That part seems unnecessary.
How does putting your ID on a chain or even having an identity provider vouch for it change anything? By your logic being a human is meaningless because anybody can do it.
Self-signed identity means you own a private key. Being a human means you own a body. You can call yourself whatever you want in meatspace. People deal with it. You can sign whatever statements you want in cyberspace. If you need to verify that someone has passed a driving test, then yes you need an authority to issue a certificate (or whatever better tech you choose) saying this private key met these requirements.
There's no inherent problem with the identity being self-signed if you just need a user-id.
Identity cannot be self-signed. "Self signed identity" as you call it is just a pseudonym. Anyone who has access to your private key can post with your "identity" and there is no way for checking fraudolent usage. If you see two instances of an account signing something with the same private key you cannot say that those two actions belong to the same person. You can only say that those two actions were performed by some entity which knows the private key. It could be the righful owner, it could be a hacker, it could be a bot.
On the other hand, a real ID check makes sure with a high degree of certainty that the person is actually the same one who performed other actions (was born, purchased a home, has money, etc.)
I can use a pseudonym in real life. Nobody is "hard checking" my identity 99% of the time. Not even the government. They don't care if someone else does my taxes. It's up to me to share details about my identity with my tax accountant as I see fit. About the only institutions that actually care are banks because they don't want to give my money to someone else and airports because they don't want 9/11.
So yes, you can have self-signed identity. And you can use it 99% of the time. If you need government-level identity verification, you can build that, do the hard check, and link to a self-signed identity by issuing a certificate for a reasonable amount of time until a re-check is desired. Your drivers license is exactly that in physical form. I'm not saying we shouldn't have a digital DMV that issues digital drivers licenses. I'm saying you don't need that as the foundation of your identity system. Identity is self-sovereign by nature. Don't fight it.
We desperately need to break the assumption that email is your identity. It’s like saying your postal address is your identity and if it changes everything gets messy. It doesn't work: it’s not universal and some people don’t even have addresses.
The problem is not that email is privatized (though I agree I’d love to see ssn@id.gov as a usable recovery address), it’s that we’re tied to it as the only way to identify people online. Hopefully webauthn will change this and as long as services accept any signature, we aren't tied to blessed identity providers. So in my book, legislation and political effort need to focus around the “right to self-sign”.
Less abstractly, we cannot allow Google, Apple, and Facebook to become the de-facto blessed ID providers. It’s silly and there’s no meatspace equivalent because it would be absurd like the article points out. We need to require that services accept any email (side rant and any oauth provider url so you can run self-hosted oauth) and, as webauthn proliferates, any signature.
Finally, we need a political solution here because this is not behavior that has or will come naturally. Platforms want to own identity for profit and lock in. Other companies using identity want to only trust certain platforms/oauth providers/vendors for “security” and product simplicity. Nobody is thinking about protecting users’ rights so we must take that upon ourselves.