what distributed database would let you own your identity without any third party party being able to take it away from you?
that's a necessary condition for sufficient decentralization, and the only distributed databases capable of achieving such guarantees are L1 blockchains.
> What distributed database would let you own your identity
Owning a private key file when signing transactions allows to prove your identity to other parties. That is, what a blockchain uses to map identities to accounts/wallets, too.
Having a consensus protocol does not provide identity proving, but the eponymous censensus is based on a share of either state or computational power.
And state is just a database. State that decides what goes into the database is a recursion, voila an example would be Proof of Stake.
Or as censensus protocols go, other names exist for the concept of proof of previously-done-arbitrary-things, which allowed you to mention a share with you cryptographic signature (i.e. hash derived from your private key) in the append-only database. Cases like a "plant a tree" eco-coins.
Also, to see the bigger picture on
> What distributed database would let you own your identity:
from a technically more complex angle: Tim Berners-Lee proposes a DRM system for users to own their content, instead of using this technology against user liberties. That would include owning your identity and enforcing your will on you intellectual property. I found these plans not feasible, yet, but at least people who know about cryptography still research the topics of user rights and P2P networking.
we've also built the first clients for this protocol, which are still in beta. if you have an ENS name and are interested in trying them out, DM me on twitter https://twitter.com/varunsrin
So how do you do it? Who would override the authentication mechanism and reset your key? How would that person authenticate? How would you keep your identity when your public key is your identity? How would you stop someone using your leaked private key to impersonate you?
a simple mechanism is using a smart contract to map your key (0x123) to an identity (@alice). the contract can allow you to transfer that identity to a different key (important for key rotation) and also to set up a recovery key that is also authorized to transfer the key if the primary key is lost.
So it's just pushing the problem a bit further away by hiding your real key. See, you have to be able to recover your account even if you've lost every single of your electronic devices. Every one of them. Including flash drives. No data. No backups. None. Zero bytes.
The fundamental problem with keys is that they are files. You can't exactly memorize one, not without torturing yourself. You have to store them somewhere extremely reliably but at the same time completely secretly.
The point here is that self-hosting is _possible_. Most users are almost certainly going to just let a third party host their keys. But if keys are identity primitive at the protocol level, then the protocol prevents full centralized platform capture, similar to email interop.
The key being the identity still has the problem of not being changeable, no matter how you spin it.
Self-hosting is possible with ActivityPub as well, but without sacrificing the user-friendliness. I can already see someone saying "what do you mean I have to start a new account after my private key leaked".
> See, you have to be able to recover your account even if you've lost every single of your electronic devices. Every one of them. Including flash drives. No data. No backups. None. Zero bytes.
Well 12-word mnemonics help here right? It's imperfect, but certainly is as good as most 2FA implementations use for account recovery.
There are alternative approaches people are trying too. For example Coinbase[1] is trying a MPC approach where you delegate two (or more?) people known to you and if they agree it can recover your account.
But this is done using secure multi-party computation so the unencrypted key is never stored - it is only decrypted by the person doing the recovery when all the other parties agree to provide their tokens.
here's an example that might help -- you can allow key A to own your identity and key B to move your identity to another key. But key B can only move the identity after a time delay if key A does not cancel it. So key B is not your "real key" -- as long as key A is around it is an inferiorly permissioned key. But if Key A is missing then key B becomes the real key.
the key insight is that smart contracts can be used to transmute keys from single points of ownership into a distributed set of permissions.
you can compose a whole set of recovery systems with this primitive - key B could be your ledger or it could be a friend or it could be a third party service that offers "recovery as a service" where you have to call them and prove your identity before they will recover it back to you.
> Ownership remains decentralized because the recovery address cannot make a transfer that the custody address does not approve.
This isn't true though?
If I go out camping for a week and the recovery address transfers my identity, I won't be asked to approve; it'll simply go through after waiting 3 days.
author here - you're right that the average user doesn't care about decentralization as a first order benefit. people typically use social networks to be entertained / informed or to increase their status. we've been building a new, decentralized social network and we've learned this first hand.
but if you've figured out a new social network, building it in a decentralized manner today might give you very strong second order benefits. and its now possible to do this in a way that doesn't compromise the user experience.
I also was reading your post with the mindset "how to regulate social networks". I strongly believe that all big organizations need regulation. It is not easy to regulate social networks, but heck maybe it wasn't easy to regulate telephony or energy.
Are you a user? If so, and you've been such for over a year - have you paid? I've never been charged, and to my knowledge nobody I know has either. I don't get if we should be getting charged but they just don't seem to bother. I get an annual notification saying I've been extended and no more information.
They do price testing, if they believe there is no better option for you, and you will pay, they will charge you.
They will not charge you if, for example, you're someone living in the USA. There is far too much free competition.
For their non smartphone market (don't have numbers but its large), there is very little if any at all competition, and people in places like india gladly pay the $1 fee for a years access on their dumbphone.
Has anyone ever actually paid $1 / year for WhatsApp? I know in several places they claim that is their business model, but I've never come across anyone that has paid for WhatsApp.
Part of that may be due to the fact that WhatsApp grows so fast that most users haven't been around for a year, but I'm under the impression that after a year, if you don't pay, the app continues to work and you never lose access.
Jan Koum actually stated at Startup School that whatsapp started monetizing to REDUCE load because they were acquiring users too fast and that it backfired, ultimately leading to profitability. From a strategic standpoint, whatsapp puts facebook in a great mobile position in a lot of emerging markets outside the US.
I believe Facebook reported in their financials though in their first quarterly earnings report after the acquisition that Whatsapp was losing $100mm+ annually. I'm not saying that won't change, but their business model still needs some tweaks.
Generating revenues is not the same as making profit. If their infrastructure costs more than $1 / user to maintain on an annual basis they could very well still be losing money. To compare their price to something you'd have to compare it to dividends to the parent company or net profits for the division if it is integrated.
take 25+ cents off for cc processing... 700m * .70 = 490 million. Not everyone will do it, but assuming most, maybe $350 million in recurring. Certainly nice, but does that justify $19B? That's something like a 2% return, if my calcs are close.
Not a pedantic distinction at all - on a second read, I completely see the confusion, and I'm going to reword the article to separate the concepts of dynamic range (which is just a dB value) and dynamic ranges across a frequency spectrum more clearly.
You raise some great points - it is indeed impossible to use an MBC to bring sounds back into a user's range of hearing if they have lost all sensibility at that particular frequency. However, the loss of hearing at a particular frequency is not binary - it tends to start with a reduction in dynamic range at that frequency, as the cilia start to get worn out / destroyed.
So if you have loss @ 3 KHz, you don't often completely lose all hearing, but your dynamic range which normally is 0dB -> 100 dB (over-simplification here) might now be 30 dB -> 100 dB.
What an MBC will do here is compress the range at that frequency band, so your 100dB of range is now 70dB of range.
I get what you're aiming at, and I applaud what you're trying to do - I just think that you've over-simplified a complex topic, to the point of creating quite a bit of confusion, going by this thread. To quote Einstein, “Make things as simple as possible, but not simpler.”
There are numerous interstitiated mechanisms in hearing. I don't see why MBC in particular would be valuable, other than amplifying quiet parts automatically, which could in fact have the opposite effect.
However, I think there is potential for many other mechanisms to be developed, such as automatic filtering, to eliminate masking in frequency and time domains.
The question I have is why other companies, such as Apple and Spotify, don't simply add this DSP technology to their software. What can SoundFocus do that can't be copied? Proprietary algorithms?
