Have worked in the identity space for a long time. Authentication isn't a hard problem, but identity is. It will be decentralized because if it is not fragmented, it is literally just oppression. Trusting authentication is not trusting identity, and the origin of identity is the Ur-problem because it comes down to questions of recourse, collateral, risk, authority, and legitimacy - which are all political economy questions and not technical ones.
The technology can change the economics of identity, but identity itself reduces to how you organize to provide recourse to people within your scope. Sure, we can use escrow systems and smart contracts, but these still require a means to organize and provide adjudication.
All the use cases for digital identity are about enforcement and liability, and there are almost none that anyone would volunteer for. In this sense, identity is necessarily imposed, so all products in the space are necessarily aimed at a customer who is imposing identity on a group. It's why I tell identity companies who ask to find some other problem to solve because holding out for some government to adopt your product as their source of sovereignty is a waste of time. There is one other use case for identity, and yes, it is decentralized and bottom-up, because it is about dividing into secure, self-sovereign affinity groups, and the reasons for doing that are on a very short list of uses. Super fun, but basically a weapon.
>It will be decentralized because if it is not fragmented, it is literally just oppression.
The conclusion ("It will be decentralized") doesn't follow from the argument though ("because if it is not fragmented, it is literally just oppression").
It could very well be "just oppression" and keep being that...
Yeah, that's one of my top worries. It's already that way in much of the world. And the "liberal democracy" sector is teetering on the edge. Once we get seriously into the chaos of global climate change, pandemics, mass migrations, war and so on (aka Gibson's "Jackpot"), who knows?
>All the use cases for digital identity are about enforcement and liability, and there are almost none that anyone would volunteer for.
Everything from a LinkedIn or Facebook account to your personal artist homepage with your CV on it establishes identity. People obviously disclose identity voluntarily, because identity is the primary means by which strangers establish trust.
If your identity is not transparent to me, I won't enter a relationship with you that requries me to know who you are, which in practice is almost every one. I don't see how non-fragmented identity is oppression. It can be for sure, but the primary reason why identity is important in our interactions is because it establishes trust and reputation. I've always considered "non-imposed" identity a sort of oxymoron for that reason, because if full control of identity is left to the individual, identity essentially loses its primary purpose.
It's not that simple. My meatspace identity is entirely transparent. But online, I'm mostly Mirimir and other pseudonyms. Even so, I've been Mirimir for long enough, and have written enough about freedom, privacy and anonymity that I have a substantial reputation.
That is, one can have a range of identities, from entirely transparent to stably pseudonymous to fleetingly anonymous.
> If your identity is not transparent to me, I won't enter a relationship with you that requries me to know who you are, which in practice is almost every one.
There are two things about this that don't require centralized identity.
The first is that it's very commonly not true at all. If you want to sign up for an account for an online service (e.g. email, YouTube, gaming), they don't need the name on your driver's license for anything. They don't need to know anything about you. You create an account, set up authentication to prove you're the account holder in the future, and that's it. The identity you use can be created along with the account; it doesn't have to exist beforehand or be associated with anything else.
Second, even where reputation is important, you still don't need a single identity, it's just that an identity without any history would be untrusted.
Suppose you go to the bank to take out a loan. If you tell them your name is Barrin92 and you have no financial history, they're not going to give you one unless you get some more trusted party to cosign it or you post enough collateral that they can be assured to recover their principal if you default.
But then you start off with a small loan with a large amount of collateral, or a cosigner, and build a credit history as "Barrin92" with financial institutions. Now you can get a bigger loan, or one without a cosigner or as much collateral. Until you default. Then "Barrin92" would no longer be creditworthy and you'd be back to square one.
This works fine even if you have a thousand separate identities, because identities with no credit or bad credit aren't trusted and good credit is valuable so that you lose something significant (the creditworthiness of that identity) if you default.
People having multiple identities is effectively just equivalent to the ability to declare bankruptcy. It doesn't really break any good important thing and it does break some important mechanisms of oppression that we should want to break.
Linkedin/Facebook/Email login establish that it is the same "person" coming back. They don't guarantee the identity of the person as in official name or address or date of birth.
It will be decentralized because if it is not fragmented, it is literally just oppression.
I've never understood that way of viewing things. For me identity is a right. The government must provide me with the means to prove who I am and my associated data like birth certificates, academic titles, health (vaccination), real estate and indirectly verifying identity for private contracts that use my national id card number.
In an oppressive state identity surely could be oppression, just like everything else, but in a democratic country? Come on. In the USA goverment and even private entities are collecting massive databases of everybody's data. But there's this panic about a centralized service providing identity. It makes no sense.
"In an oppressive state identity surely could be oppression, just like everything else, but in a democratic country?"
What makes you think a democracy can't be oppressive?
Even in perfect democracies there is something called the tyranny of the majority, where the majority can oppress the minority.
If we're talking about the US in particular, we have to recognize first that it's not even a perfect democracy, and there are many anti-democratic things about it such as the electoral college, and plenty more things that hinder democracy even where it exists (such as poor civic education, money's outsize influence in elections, extremely biased media, branches of government which shirk their balancing and oversight roles, etc).
Then, to get specifically to the oppressive aspects of the US, they range from slavery and lack of women's rights from its foundation, to segregation that existed in law up to the middle of the 20th Century (and arguably still exists in fact to some extent and in some places in the US even now), to the imprisonment in concentration camps of Americans of Japanese descent, to discrimination against people who weren't heterosexual, to the War on Drugs and police brutality which primarily impact minorities, to abuse, killing, and imprisonment of people who come to the US from other countries.
All this oppression and more has happened in what is ostensibly a democracy, and often likes to style itself as the world's greatest democracy.
And all of this oppression has had to do with identity, which required identifying people's race, gender, sexual preferences, or country of origin.
Such identification is amplified and made all that much easier in the age of computers, the internet, and gigantic databases on everyone. It's a data trove just begging for abuse.
I can reasonably change my hardware, software, and habits to avoid being matched with some corporate aglomerated profile of "me".
However, I cannot change my government provided identity.
Right now I can have multiple identities: one for work, one for my WoW guild, one for security research.
With a single centralized identity provider I couldn't do that. They wouldn't just be able, they would by default associate my personal and professional associations.
I feel that the risk of a single central (and especially government run) identity provider is that it can chill freedom of association by disallowing you to anonymously, or if not anonymously then disconnectedly associate with people or groups.
The problem with making government-issued ID easy to verify online is that every website will start requiring it and pseudonymity or anonymity would become a thing of the past, even though it's necessary in some cases.
>I've never understood that way of viewing things. For me identity is a right.
Historically "identity" wasn't a right, but something imposed on people, for better tracking and controlling them by authorities...
>In an oppressive state identity surely could be oppression, just like everything else, but in a democratic country?
Oppression is not about democratic vs totalitarian state. McCarthy and Hoover, to mention just two examples, reigned over others in the good ole democratic US of A.
Not to mention very few (if any) countries have actual direct democracy, or give the people say in how they want to be governed, from the constitution and downwards.
The problem is not that the data is centralized; the problem is that centralization engenders a position of advantage, which incentivizes perversion. This is why the problem becomes political. The amount of privacy one should have is relative to the ethics of humanity, society, to material necessity and fact, etc. This is an unsolved problem. One would need a series of blind oracles to solve it, unfettered by the influence of living things.
> In the USA goverment and even private entities are collecting massive databases of everybody's data. But there's this panic about a centralized service providing identity.
The existence of centralized identity is what enables those databases. They're all indexed by the centralized identity. You give Facebook your "real name" and location and the same thing to your bank and they correlate them in a database. If you were using a different identity for each one they couldn't do that.
On the other hand, creating some kind of national ID authentication system would make it much worse, because then things would require that. You couldn't sign up under a pseudonym, so now even the things that are currently separate or that you can keep separate if you want to would be forced into being correlated with everything else about you in those databases. It's an attack.
It's interesting how different countries treat "names" in different ways. In the UK, for instance, changing your name is super easy. You tell the government your name is now Foo Bar, and you're done. They'll update their pointers and issue new documents.
In Belgium, changing your name is virtually impossible. The king (ostensibly) has to grant permission; you need to provide a "valid reason". This never made sense to me.
Identity federation seemed to promise solutions to some of these problems, but never quite took off. The part I liked most was the ability to verify someone as being over 18 without divulging their age or any other meta data. That was 10 years ago though, and I have no idea what the citizen/consumer identity space looks like now.
Did the industry ever get around the sub-par SAML protocol which had no support for the active requestor profile, and the superior WS-Federation protocol which had to use the technically superior SAML token?
OIDC is just starting to get some traction in instutions, but it's really about federated authentication with trust of the IDP implied. Digital identity itself is still in the context of the given IDP you've federated to, and there isn't much better than whatever their enrolment process is.
There are a couple of companies that are using hyper ledger to federate identity providers like banks, governments, and other institutions, but the scope of that identity is still local to the federation participants who are a walled garden of their own.
> There is one other use case for identity, and yes, it is decentralized and bottom-up, because it is about dividing into secure, self-sovereign affinity groups, and the reasons for doing that are on a very short list of uses. Super fun, but basically a weapon.
A weapon against who? A self sovereign affinity group could just be a community trying to self organize without relying on non-owned infrastructure. Aka prepper stuff.
If anything, my bet is the future of identity is more centralized.
Decentralized solutions, as I've read about them in their current form, require a significant amount of technical knowledge to understand. That is, to understand both what they are and, more importantly, their benefits ("why does this specific solution matter to me?"). Past that, the user experience is extremely poor in comparison to clicking "log in with Google", and I'm not convinced it can ever fully get there.
It is for those reasons that I think centralized identity is here to stay long term. Most people aren't going to spend the time to learn about this because they just want the easiest solution and don't care about their data being sold. I know several people in tech that fully understand the extent of how their data is used by internet corps, and don't mind it because they prefer convenience for free. And I think that's OK--it's their informed choice.
Personally, I try to login with email most of the time, and that's the limit of my drive to care about the security of my personal data. But my email is gmail, so I doubt it really makes a difference from login with Google.
In the US, everyone uses credit cards (centralized identity) to pay for stuff.
In Mexico, credit cards are stolen and reamed for all they're worth by criminals. As a result, everyone uses cash (decentralized, anonymous, difficult to use). Everyone could move to decentralized in the face of significant pressure, even if centralized identity is more convenient.
All central authorities are built on trust, fear, or complacency. Americans are complacent with the credit card system and trust it for the most part. The Experian breach has shown that breaches of trust are easily overlooked in favor of complacency, at least to a point.
Considering how Americans view other Americans (I hear "stupid" thrown around a lot), I strongly doubt that a decentralized authority would ever gain enough trust in the US to take hold today without a strong historical precedent.
For what it's worth, cash is still centralized. It's made "legitimate" by the power of the central government, and is managed & controlled by that authority. Given, it is somewhat "decentralized" because the value of fiat money comes from the people's agreement that the currency has value. On the other hand, the US dollar's global hegemony exists in large part because of global US Military presence, which is absolutely a "central authority".
As much as I'd like to see a decentralized solution, I agree with you. I just spent 30 minutes helping my mom (age 60) and brother (36) set up a microsoft family account so they can dictate and monitor my nephews computer usage because [nephews] are addicts.
I didn't even know Microsoft family was a thing, but setting it up and configuring it (from my perspective), was intuitive and simple. My mother and brother however struggled to follow along, an are stressed that they won't be able to manage it.
Most users (even my spouse who is in her late 20's) readily fall into this category. My point is that if configuration requires any troubleshooting it won't reach mass adoption unless it addresses a perceived necessity without an alternative approach.
When you visit a website that works with it, to login, you just grant the webpage access to one of your profiles. (I just use one profile for everything, but you may wish to keep some things separate). Then any activity you do can be associated with that profile. No passwords or keys or even email addresses to remember.
I dunno, I think the UX for decentralized identity could be made pretty good. The GNUnet project has one that runs locally but exposes itself with an OIDC interface: https://reclaim.gnunet.org/
It's still pretty early, but imagine a more polished version of that with a user-friendly installer. If you had the software installed and running, it'd behave pretty similarly to e.g. Google's OIDC provider. Linux distros could even preinstall it. (I have no hope that MS/Apple/Google would do the same since they all have their own centralized providers.)
That's so so many steps and requires knowledge of so many things. It has the big two fundamental problems, and a major third one:
* Its value prop is poorly explained. As an engineer with a CS degree, I still barely understand what it's talking about (what's an "identity attribute"??) without some digging.
* Even if the value prop was well-explained, it's still very high friction compared to "Sign in with <Service I Already Use>". Why would a user download an installer and deal with managing all of their accounts? There's a secure, anonymous, easy, centralized option that does it all for you (Sign in with Apple). That service does it so well that you only have to click a button to log in or sign up. Nothing else required. That isn't achievable without a central authority managing everything for you.
* (this is the big one) Your local machine is a major point of failure. If you lose your local machine and haven't backed up your accounts, you just lose access, right? The only solution is either set up a server with periodic backup (too much friction for regular users) or a centralized authority that stores them for you, which defeats the purpose of all of this.
This project, to me, falls into the "cool technical stuff category". It's obviously built for "geeks" (lack of a better term) and not for people. That's why centralized tech co's will probably always do this better than open source. They are customer focused just as much as technology focused.
Unmonetized open source projects tend to focus more on technology than user experience. That's why you see regular people using monetized software and developers using open source to build monetized software.
All people still somewhat understand is federated identity, and that's becoming less prevalent.
Though a weird set of coincidences I often get support tickets about people using or enrolling in TOTP escalated to me. These people have never used an authenticator, except for the company-mandated Microsoft authenticator. Not only do they simplify the concept thinking there's just one code for everything (e.g. microsoft token are used for AWS, don't worry these people only have access to some S3 stuff) they also extrapolate that because Microsoft sends them a push notifications, AWS must too, and they didn't get one, so it's obviously broken.
Email is slowly losing this awareness too. The only remaining analogy that's probably not going away is getting your credit card from a bank while they still work on the same network.
It's more about a fundamental design trade-off rather than removing accidental complexity coming from UX. Currently, most of us delegate the responsibility of identity management (other than memorizing id and password) to one of big-techs, presumably much better at this area than 99% of us. In the fully decentralized world, the burden of proof is now up to users. And they usually don't really care about the best practice for security, privacy and reliability. Technology may improve over time so the equation will get better, but I don't expect this dynamic to change that much.
The UX isn't the most looming problem, but it's one that needs to be solved. My question is: How in the world would you convince people to use keys to verify their accounts to one unique, anonymous, identity, as the OP suggests? I just don't see it being something people would spend the time to do. Not to mention, getting to a "Login with Google" level of UX, available as universally as "Login with Google", would be extremely hard without a centralized authority.
The bigger problem is convincing people that it's worth switching. Apple is the closest to doing this with "sign in with Apple". "Sign in with Apple" hides your identity from the client site, the value prop is clear for the user, and the process as close to frictionless as possible. But the solution is still "centralized". Apple stores all of the information to make the system as frictionless as it is.
Yes, but that requires an economic model. UX is often well over 90% of the work for a product and usually includes a ton of work that is not much fun and people have to be paid to do.
Centralized has subscriptions, advertising, and "surveillance capitalism." Decentralized has nothing. I had some hope that cryptocurrency would provide some kind of mechanism, but cryptocurrency was taken over and destroyed by scammers and bad money drives out good.
The lack of an economic model is IMHO why decentralized solutions have not succeeded, not technical challenges.
One possibility would be to abandon the free as in beer part of open source ideology and go back to just charging for software, but licensing and payment add friction and it's very hard to compete with "free" options funded surreptitiously via surveillance.
BTW the fact that cryptocurrency was destroyed by scammers and criminals highlights a second huge issue: it seems to take the efficiency, executive ability, coordination, and direct human guidance of a centralized system to resist bad actors. This is why even the most democratic countries have mechanisms to phase shift into dictatorships during emergency or war. I have yet to see a decentralized system that became popular and was not instantly destroyed by black hats.
Yes, exactly. Attempts to register with an email that's already used will fail, and so adversaries check whatever sites interest them.
However, I believe that would fail for those using Google or Facebook authentication. But I can't test that, given that I don't have an account with either.
In my ideal world, we have a framework for brick-and-mortar businesses to act as internet notary service providers.
If you want a general-purpose open-id style account, you visit a notary, and provide them with a fee and proof of your identity. You tell the notary how much information they can share (in particular, whether they can release your name to the internet, or just the "we verified this account is held by a real person" boolean).
The protocol would cover much more than passport info though. You could have a notary vouch that you're a licensed driver, or have a college degree, visited a certain country, etc.
That might cut through some flavors of online nonsense. It would also allow people to stay pseudonymous, and yet enable law enforcement to subpoena their identity, if they go on a killing spree, or hack a few million dollars worth of bitcoin.
CAcert has a system in place that is close to what you described[1]. Basically already verified users check the identity documents of new users and vouch for their authenticity. Their "Assurer Handbook"[2] is an interesting read. When I became an assurer a few years ago the person that trained me also took their task very seriously and I learned a ton about how to check identity documents for forgeries. That alone made it worth it.
Since we have Let's Encrypt I'm not entirely sure what CAcert's place and purpose is, but I think with an existing network of trusted people they are in an ideal position to pivot into a decentralized online identity system.
Mark Shuttleworth's Web of Trust similarly had so called Thawte Notaries but I think it was discontinued a few years ago.
> You could have a notary vouch that you're a licensed driver, or have a college degree, visited a certain country, etc.
Humans, generally, are very bad at caching document fraud. It wouldn't be a vouch for a licensed driver but instead it would be a vouch for "a bit of plastic that looked like a driving license to me".
There is lots of sophisticated fraud and often automated solutions have a much higher rate of detection than your average person, even with some training against common attacks.
Certificate authorities with brick and mortar locations would be an improvement over the current USA situation of SSN+DOB as master password to all IRL accounts. Checking a drivers license IRL is better than looking at an uploaded scan or photo. They could use those box scanners casinos use.
The main issue is minimizing cost. Dot com companies and banks don't want to pay for this so they peg online identities and account security to SMS effectively pushing off the problem to cellular companies. Cellular companies lack the competence to handle IAM. Opening a branch in every city is very expensive and companies don't want to even pay ~$10 for an offshore script reader to check a SMS code and verify "public information" off a credit report.
Credit card companies that are already liable for fraud usually settle for SSN+DOB, ID scans and aforementioned Equifax data verification because fraud losses are cheaper than in person due diligence.
Absolutely! It would be far from perfect, and, but for the worst-case scenario that the internet currently embodies, not worth pursuing. But there's so much room for improvement today. Just placing a barrier against sock puppet accounts would already be a huge win.
The people who consume the notarized documents. If too much crap comes through they can reject the issuer. Kind of like how Symantec CA got dropped by browser makers.
Public notaries are licensed by US state governments. There is generally a background check, brief training course, and application fee. In at least some states they have strict liability for theft of their stamp.
As a person being notarized it sounds like I have to give that business more personal information about myself than I usually have to do to get an online identity, as suggested by your subpoena statement.
As a service trying to verify accounts I now have to trust a third party. Maybe the notary has a business that sells fake IDs in the back that are then used in the notarizing process. Maybe my competition set up a burner notary node in order to flood my service with malicious accounts. It sounds like an attack vector.
You've never provided any business with ID? How do you get into nightclubs?
The internet is important. When something is important enough, it is worth the risk. That's why people share secrets with their bank, lawyer, doctor, psychologist, etc.
We are squandering most of the potential of social media, because its design limits worthwhile conversation to hypotheticals. Since there's no reason to trust the honesty or motivations of anyone online, discussing actual data or life-experience is pointless.
> If you want a general-purpose open-id style account, you visit a notary, and provide them with a fee and proof of your identity.
This is never going to happen. I will never visit a physical location in order to create an online account. I strongly suspect I'm not alone in this regard.
It would create a small financial (and convenience) pressure to use one identity. Careful design would be needed to ensure that multiple identities are encouraged and accepted.
There is enormous pressure to converge on one identity. IAM has huge network effects. On-boarding customers is an expense so businesses and governments rely heavily on existing rails like email, SSN+DOB, Facebook, SMS, etc. If you don't want to surrender SSN or your whole Facebook profile your only option is to reject the service entirely.
It could also make things like online voting (like, for winners in a contest or features in software) possible which would otherwise be impossible due to multiple accounts.
The system is attribute based and requires an 'authority' to give you the attribute. After that the attribute lives on your phone and you can give it out to organisations or businesses asking for....:
- your name
- whether you are >= 18
- your address
- etc.
What's great about it is:
- you can give out minimal information
- no 3rd party/intermediary required after you've received an attribute
China is already there. At age 16, you get your picture and fingerprints taken. If you get a phone, its ID is tied to your personal ID. Your WeChat account is tied to that ID. If you ride the subway or bus in a major city, or a train, your ID is recorded when you pay. A combination of phone tracking and facial recognition records where you go in some cities. It's even used to shame jaywalkers.[1]
The US is getting there with Real ID. It's been postponed a year due to the epidemic, but soon you will need a Real ID, checked against your birth registration, to board even a domestic flight.
As the article mentions, centralized trust has proven that it reaches a certain maximum before being plagued by political, legal, and corruption. I don't know much about the China's state ID system, but based on other systems they've rolled out, I'm sure with enough money and the right contacts you can wipe, fabricate, or change your ID (which is also true for the US). Centralized systems have to also undertake the same problems as decentralized ones, like ensuring records are kept updated, which is no trivial task when providing identity for millions of people(1)
Real ID is a contract between the federal government and the states about the security of their existing ID issuing processes. It covers things like, don’t leave ID printers and card stock in podunk branch offices where $12/hour staff can let in their friends at night. Use printing processes that are sufficiently hard to replicate. If your freedom relied on stuff like this, you were already an outlaw, the only implication of Real ID is that now you will need stronger technical skills to produce your next convincing fake. It has nothing to do with where and whether IDs are required. Airport and courthouse security have been requiring IDs for many years now.
I think one of the great parts of the internet is that it promotes this identity decentralisation (or, as i have always thought about it, identity fragmentation). You are allowed to isolate online identity from the rest of your life, or from separate online accounts/personae.
Which is why I am confused as to why the author spent so much time worrying about verifying identity. To me, that feels like it's completely missing the point of fragmenting your online experience. Is the author simply concerned with the amount of power associated with their google login?
There's the "European" ID4Me project (https://id4me.org/), which tries to add federation on top of OpenID Connect / OAuth2. The idea is to give users globally valid IDs that contain a domain name. Using a TXT record on that domain you then specify which OpenID auth provider a service should use to authenticate the user. If you have your own domain this enables you to switch ID providers without having to update your accounts.
In general I like the idea but since it's a EU-style project I don't expect it to go anywhere to be honest. And personally I don't think the benefit over e-mail based authentication is marginal. That said there are some extensions in OpenID Connect that can achieve something similar, and that (IMHO) are more likely to actually get widely adopted.
New Zealand had a program called Real Me. It's based on a completely and totally broken SAML2 implementation, that only gives you back a single token, and then you have to query another web service to get more information. Oh and years ago when we had to implement a product using it, their Identity Providers would give us different responses randomly ... and it once went down for two weeks straight.
What does federation bring here? Aren't OpenID identities already collision free?
I'd love to have SSO under my own control, and while it was theoretically possible with OpenID 2 things have gone backwards with OIDC with everyone supporting it but restricting login to just the big names (Google, Facebook, Apple).
I put together a simple stateless OID2/OIDC identity provider: https://gitlab.com/rendaw/oidle but I have yet to find a website I can actually use it on. I still have hope though.
I had a classic OpenID server and every website I use to authentication against using it has gotten rid of OpenID support. Stackoverflow was the big one. I haven't tried OpenID Connect yet.
> Removing the possibility for anonymity could solve the problem of online toxicity.
Except that it's not possible. And worse, it's just hard enough to evade that only those with malicious goals will manage it.
> Large internet corporations like Google and Facebook allow all to create an account on condition that some personally identifiable information is revealed, usually a phone number.
Also Signal, sadly enough :(
> The benefit is that it deters most from repeatably creating new accounts when older accounts have been flagged or banned due to improper behavior. These companies gain the function of "identity provider": they manage your online identity that can be used to login in different locations of the internet. We all know many websites that offer a "Google login" or "Facebook login".
Yes, it "deters most". And mainly it deters vulnerable people, who need ~anonymity to protect themselves from adversaries. It doesn't deter spammers, trolls, scammers, bot operators, and such. There are just so many ways to use multiple phone numbers. Ranging from free websites to SIM banks. And actually, it's easier just to buy accounts, either fresh or old (which probably means stolen).
So even without getting into concerns about corporate gatekeepers, it's clear that this is a misguided approach.
Readit News
The technology can change the economics of identity, but identity itself reduces to how you organize to provide recourse to people within your scope. Sure, we can use escrow systems and smart contracts, but these still require a means to organize and provide adjudication.
All the use cases for digital identity are about enforcement and liability, and there are almost none that anyone would volunteer for. In this sense, identity is necessarily imposed, so all products in the space are necessarily aimed at a customer who is imposing identity on a group. It's why I tell identity companies who ask to find some other problem to solve because holding out for some government to adopt your product as their source of sovereignty is a waste of time. There is one other use case for identity, and yes, it is decentralized and bottom-up, because it is about dividing into secure, self-sovereign affinity groups, and the reasons for doing that are on a very short list of uses. Super fun, but basically a weapon.
The conclusion ("It will be decentralized") doesn't follow from the argument though ("because if it is not fragmented, it is literally just oppression").
It could very well be "just oppression" and keep being that...
Everything from a LinkedIn or Facebook account to your personal artist homepage with your CV on it establishes identity. People obviously disclose identity voluntarily, because identity is the primary means by which strangers establish trust.
If your identity is not transparent to me, I won't enter a relationship with you that requries me to know who you are, which in practice is almost every one. I don't see how non-fragmented identity is oppression. It can be for sure, but the primary reason why identity is important in our interactions is because it establishes trust and reputation. I've always considered "non-imposed" identity a sort of oxymoron for that reason, because if full control of identity is left to the individual, identity essentially loses its primary purpose.
That is, one can have a range of identities, from entirely transparent to stably pseudonymous to fleetingly anonymous.
There are two things about this that don't require centralized identity.
The first is that it's very commonly not true at all. If you want to sign up for an account for an online service (e.g. email, YouTube, gaming), they don't need the name on your driver's license for anything. They don't need to know anything about you. You create an account, set up authentication to prove you're the account holder in the future, and that's it. The identity you use can be created along with the account; it doesn't have to exist beforehand or be associated with anything else.
Second, even where reputation is important, you still don't need a single identity, it's just that an identity without any history would be untrusted.
Suppose you go to the bank to take out a loan. If you tell them your name is Barrin92 and you have no financial history, they're not going to give you one unless you get some more trusted party to cosign it or you post enough collateral that they can be assured to recover their principal if you default.
But then you start off with a small loan with a large amount of collateral, or a cosigner, and build a credit history as "Barrin92" with financial institutions. Now you can get a bigger loan, or one without a cosigner or as much collateral. Until you default. Then "Barrin92" would no longer be creditworthy and you'd be back to square one.
This works fine even if you have a thousand separate identities, because identities with no credit or bad credit aren't trusted and good credit is valuable so that you lose something significant (the creditworthiness of that identity) if you default.
People having multiple identities is effectively just equivalent to the ability to declare bankruptcy. It doesn't really break any good important thing and it does break some important mechanisms of oppression that we should want to break.
I've never understood that way of viewing things. For me identity is a right. The government must provide me with the means to prove who I am and my associated data like birth certificates, academic titles, health (vaccination), real estate and indirectly verifying identity for private contracts that use my national id card number.
In an oppressive state identity surely could be oppression, just like everything else, but in a democratic country? Come on. In the USA goverment and even private entities are collecting massive databases of everybody's data. But there's this panic about a centralized service providing identity. It makes no sense.
What makes you think a democracy can't be oppressive?
Even in perfect democracies there is something called the tyranny of the majority, where the majority can oppress the minority.
If we're talking about the US in particular, we have to recognize first that it's not even a perfect democracy, and there are many anti-democratic things about it such as the electoral college, and plenty more things that hinder democracy even where it exists (such as poor civic education, money's outsize influence in elections, extremely biased media, branches of government which shirk their balancing and oversight roles, etc).
Then, to get specifically to the oppressive aspects of the US, they range from slavery and lack of women's rights from its foundation, to segregation that existed in law up to the middle of the 20th Century (and arguably still exists in fact to some extent and in some places in the US even now), to the imprisonment in concentration camps of Americans of Japanese descent, to discrimination against people who weren't heterosexual, to the War on Drugs and police brutality which primarily impact minorities, to abuse, killing, and imprisonment of people who come to the US from other countries.
All this oppression and more has happened in what is ostensibly a democracy, and often likes to style itself as the world's greatest democracy.
And all of this oppression has had to do with identity, which required identifying people's race, gender, sexual preferences, or country of origin.
Such identification is amplified and made all that much easier in the age of computers, the internet, and gigantic databases on everyone. It's a data trove just begging for abuse.
However, I cannot change my government provided identity.
Right now I can have multiple identities: one for work, one for my WoW guild, one for security research.
With a single centralized identity provider I couldn't do that. They wouldn't just be able, they would by default associate my personal and professional associations.
I feel that the risk of a single central (and especially government run) identity provider is that it can chill freedom of association by disallowing you to anonymously, or if not anonymously then disconnectedly associate with people or groups.
Historically "identity" wasn't a right, but something imposed on people, for better tracking and controlling them by authorities...
>In an oppressive state identity surely could be oppression, just like everything else, but in a democratic country?
Oppression is not about democratic vs totalitarian state. McCarthy and Hoover, to mention just two examples, reigned over others in the good ole democratic US of A.
Not to mention very few (if any) countries have actual direct democracy, or give the people say in how they want to be governed, from the constitution and downwards.
The existence of centralized identity is what enables those databases. They're all indexed by the centralized identity. You give Facebook your "real name" and location and the same thing to your bank and they correlate them in a database. If you were using a different identity for each one they couldn't do that.
On the other hand, creating some kind of national ID authentication system would make it much worse, because then things would require that. You couldn't sign up under a pseudonym, so now even the things that are currently separate or that you can keep separate if you want to would be forced into being correlated with everything else about you in those databases. It's an attack.
In Belgium, changing your name is virtually impossible. The king (ostensibly) has to grant permission; you need to provide a "valid reason". This never made sense to me.
Did the industry ever get around the sub-par SAML protocol which had no support for the active requestor profile, and the superior WS-Federation protocol which had to use the technically superior SAML token?
There are a couple of companies that are using hyper ledger to federate identity providers like banks, governments, and other institutions, but the scope of that identity is still local to the federation participants who are a walled garden of their own.
The prefix "ur" is derived from old high German "ur", old Nordic "ōr" or Gothic "us": "from, out of".
That there's an ancient city of that name is purely incidental.
A weapon against who? A self sovereign affinity group could just be a community trying to self organize without relying on non-owned infrastructure. Aka prepper stuff.
Decentralized solutions, as I've read about them in their current form, require a significant amount of technical knowledge to understand. That is, to understand both what they are and, more importantly, their benefits ("why does this specific solution matter to me?"). Past that, the user experience is extremely poor in comparison to clicking "log in with Google", and I'm not convinced it can ever fully get there.
It is for those reasons that I think centralized identity is here to stay long term. Most people aren't going to spend the time to learn about this because they just want the easiest solution and don't care about their data being sold. I know several people in tech that fully understand the extent of how their data is used by internet corps, and don't mind it because they prefer convenience for free. And I think that's OK--it's their informed choice.
Personally, I try to login with email most of the time, and that's the limit of my drive to care about the security of my personal data. But my email is gmail, so I doubt it really makes a difference from login with Google.
In Mexico, credit cards are stolen and reamed for all they're worth by criminals. As a result, everyone uses cash (decentralized, anonymous, difficult to use). Everyone could move to decentralized in the face of significant pressure, even if centralized identity is more convenient.
Considering how Americans view other Americans (I hear "stupid" thrown around a lot), I strongly doubt that a decentralized authority would ever gain enough trust in the US to take hold today without a strong historical precedent.
For what it's worth, cash is still centralized. It's made "legitimate" by the power of the central government, and is managed & controlled by that authority. Given, it is somewhat "decentralized" because the value of fiat money comes from the people's agreement that the currency has value. On the other hand, the US dollar's global hegemony exists in large part because of global US Military presence, which is absolutely a "central authority".
If a centralized system is not inept, it can do all the same things decentralized things do and better.
Deleted Comment
I didn't even know Microsoft family was a thing, but setting it up and configuring it (from my perspective), was intuitive and simple. My mother and brother however struggled to follow along, an are stressed that they won't be able to manage it.
Most users (even my spouse who is in her late 20's) readily fall into this category. My point is that if configuration requires any troubleshooting it won't reach mass adoption unless it addresses a perceived necessity without an alternative approach.
When you visit a website that works with it, to login, you just grant the webpage access to one of your profiles. (I just use one profile for everything, but you may wish to keep some things separate). Then any activity you do can be associated with that profile. No passwords or keys or even email addresses to remember.
It's still pretty early, but imagine a more polished version of that with a user-friendly installer. If you had the software installed and running, it'd behave pretty similarly to e.g. Google's OIDC provider. Linux distros could even preinstall it. (I have no hope that MS/Apple/Google would do the same since they all have their own centralized providers.)
* Its value prop is poorly explained. As an engineer with a CS degree, I still barely understand what it's talking about (what's an "identity attribute"??) without some digging.
* Even if the value prop was well-explained, it's still very high friction compared to "Sign in with <Service I Already Use>". Why would a user download an installer and deal with managing all of their accounts? There's a secure, anonymous, easy, centralized option that does it all for you (Sign in with Apple). That service does it so well that you only have to click a button to log in or sign up. Nothing else required. That isn't achievable without a central authority managing everything for you.
* (this is the big one) Your local machine is a major point of failure. If you lose your local machine and haven't backed up your accounts, you just lose access, right? The only solution is either set up a server with periodic backup (too much friction for regular users) or a centralized authority that stores them for you, which defeats the purpose of all of this.
This project, to me, falls into the "cool technical stuff category". It's obviously built for "geeks" (lack of a better term) and not for people. That's why centralized tech co's will probably always do this better than open source. They are customer focused just as much as technology focused.
Unmonetized open source projects tend to focus more on technology than user experience. That's why you see regular people using monetized software and developers using open source to build monetized software.
Though a weird set of coincidences I often get support tickets about people using or enrolling in TOTP escalated to me. These people have never used an authenticator, except for the company-mandated Microsoft authenticator. Not only do they simplify the concept thinking there's just one code for everything (e.g. microsoft token are used for AWS, don't worry these people only have access to some S3 stuff) they also extrapolate that because Microsoft sends them a push notifications, AWS must too, and they didn't get one, so it's obviously broken.
Email is slowly losing this awareness too. The only remaining analogy that's probably not going away is getting your credit card from a bank while they still work on the same network.
The bigger problem is convincing people that it's worth switching. Apple is the closest to doing this with "sign in with Apple". "Sign in with Apple" hides your identity from the client site, the value prop is clear for the user, and the process as close to frictionless as possible. But the solution is still "centralized". Apple stores all of the information to make the system as frictionless as it is.
Centralized has subscriptions, advertising, and "surveillance capitalism." Decentralized has nothing. I had some hope that cryptocurrency would provide some kind of mechanism, but cryptocurrency was taken over and destroyed by scammers and bad money drives out good.
The lack of an economic model is IMHO why decentralized solutions have not succeeded, not technical challenges.
One possibility would be to abandon the free as in beer part of open source ideology and go back to just charging for software, but licensing and payment add friction and it's very hard to compete with "free" options funded surreptitiously via surveillance.
BTW the fact that cryptocurrency was destroyed by scammers and criminals highlights a second huge issue: it seems to take the efficiency, executive ability, coordination, and direct human guidance of a centralized system to resist bad actors. This is why even the most democratic countries have mechanisms to phase shift into dictatorships during emergency or war. I have yet to see a decentralized system that became popular and was not instantly destroyed by black hats.
They can find out if you are a user of sex.com or dangerouspoliticalopinions.com
They can do this by trying to register an account with your email address, and being told it was already registered.
Here is a tool that allows anyone to do it:
https://www.quora.com/Is-there-a-way-to-know-which-all-sites...
https://brandyourself.com/blog/privacy/find-all-accounts-lin...
However, I believe that would fail for those using Google or Facebook authentication. But I can't test that, given that I don't have an account with either.
If you want a general-purpose open-id style account, you visit a notary, and provide them with a fee and proof of your identity. You tell the notary how much information they can share (in particular, whether they can release your name to the internet, or just the "we verified this account is held by a real person" boolean).
The protocol would cover much more than passport info though. You could have a notary vouch that you're a licensed driver, or have a college degree, visited a certain country, etc.
That might cut through some flavors of online nonsense. It would also allow people to stay pseudonymous, and yet enable law enforcement to subpoena their identity, if they go on a killing spree, or hack a few million dollars worth of bitcoin.
Since we have Let's Encrypt I'm not entirely sure what CAcert's place and purpose is, but I think with an existing network of trusted people they are in an ideal position to pivot into a decentralized online identity system.
Mark Shuttleworth's Web of Trust similarly had so called Thawte Notaries but I think it was discontinued a few years ago.
[1] http://wiki.cacert.org/FAQ/AssuringPeople
[2] http://wiki.cacert.org/AssuranceHandbook2
https://www.w3.org/TR/vc-data-model/
Humans, generally, are very bad at caching document fraud. It wouldn't be a vouch for a licensed driver but instead it would be a vouch for "a bit of plastic that looked like a driving license to me".
There is lots of sophisticated fraud and often automated solutions have a much higher rate of detection than your average person, even with some training against common attacks.
The main issue is minimizing cost. Dot com companies and banks don't want to pay for this so they peg online identities and account security to SMS effectively pushing off the problem to cellular companies. Cellular companies lack the competence to handle IAM. Opening a branch in every city is very expensive and companies don't want to even pay ~$10 for an offshore script reader to check a SMS code and verify "public information" off a credit report.
Credit card companies that are already liable for fraud usually settle for SSN+DOB, ID scans and aforementioned Equifax data verification because fraud losses are cheaper than in person due diligence.
Public notaries are licensed by US state governments. There is generally a background check, brief training course, and application fee. In at least some states they have strict liability for theft of their stamp.
As a person being notarized it sounds like I have to give that business more personal information about myself than I usually have to do to get an online identity, as suggested by your subpoena statement.
As a service trying to verify accounts I now have to trust a third party. Maybe the notary has a business that sells fake IDs in the back that are then used in the notarizing process. Maybe my competition set up a burner notary node in order to flood my service with malicious accounts. It sounds like an attack vector.
The internet is important. When something is important enough, it is worth the risk. That's why people share secrets with their bank, lawyer, doctor, psychologist, etc.
We are squandering most of the potential of social media, because its design limits worthwhile conversation to hypotheticals. Since there's no reason to trust the honesty or motivations of anyone online, discussing actual data or life-experience is pointless.
This is never going to happen. I will never visit a physical location in order to create an online account. I strongly suspect I'm not alone in this regard.
The system is attribute based and requires an 'authority' to give you the attribute. After that the attribute lives on your phone and you can give it out to organisations or businesses asking for....:
What's great about it is:Dead Comment
China is already there. At age 16, you get your picture and fingerprints taken. If you get a phone, its ID is tied to your personal ID. Your WeChat account is tied to that ID. If you ride the subway or bus in a major city, or a train, your ID is recorded when you pay. A combination of phone tracking and facial recognition records where you go in some cities. It's even used to shame jaywalkers.[1]
The US is getting there with Real ID. It's been postponed a year due to the epidemic, but soon you will need a Real ID, checked against your birth registration, to board even a domestic flight.
[1] https://youtu.be/ectdRsyj-zI
(1) https://www.washingtonpost.com/us-policy/2020/06/25/irs-stim...
Which is why I am confused as to why the author spent so much time worrying about verifying identity. To me, that feels like it's completely missing the point of fragmenting your online experience. Is the author simply concerned with the amount of power associated with their google login?
In general I like the idea but since it's a EU-style project I don't expect it to go anywhere to be honest. And personally I don't think the benefit over e-mail based authentication is marginal. That said there are some extensions in OpenID Connect that can achieve something similar, and that (IMHO) are more likely to actually get widely adopted.
I'd love to have SSO under my own control, and while it was theoretically possible with OpenID 2 things have gone backwards with OIDC with everyone supporting it but restricting login to just the big names (Google, Facebook, Apple).
I put together a simple stateless OID2/OIDC identity provider: https://gitlab.com/rendaw/oidle but I have yet to find a website I can actually use it on. I still have hope though.
https://battlepenguin.com/tech/the-decline-of-openid/
Except that it's not possible. And worse, it's just hard enough to evade that only those with malicious goals will manage it.
> Large internet corporations like Google and Facebook allow all to create an account on condition that some personally identifiable information is revealed, usually a phone number.
Also Signal, sadly enough :(
> The benefit is that it deters most from repeatably creating new accounts when older accounts have been flagged or banned due to improper behavior. These companies gain the function of "identity provider": they manage your online identity that can be used to login in different locations of the internet. We all know many websites that offer a "Google login" or "Facebook login".
Yes, it "deters most". And mainly it deters vulnerable people, who need ~anonymity to protect themselves from adversaries. It doesn't deter spammers, trolls, scammers, bot operators, and such. There are just so many ways to use multiple phone numbers. Ranging from free websites to SIM banks. And actually, it's easier just to buy accounts, either fresh or old (which probably means stolen).
So even without getting into concerns about corporate gatekeepers, it's clear that this is a misguided approach.