There's been too many horror stories of people being locked out of their Google or Facebook accounts by Google and Facebook, even for the most minor of infractions, and that person immediately also losing access to to all the other services they used 'Sign in with...'
Until this problem is solved, I will never switch to a single online Identity for access, and I certainly will never use my Google or Facebook account to register with third party services.
Anyone know if Bitwarden does?
[1] https://www.whitehouse.gov/briefing-room/presidential-action...
[2] https://www.cfr.org/report/solving-identity-protection-post-...
120 year email + static hosting tied to library card.
Start with one branch or small system, scale from there.
Could reasonably be managed per branch with central support orgs. I guess most of them have a server room or colo or similar with a couple U free.
Also, the kind of long term stable online identity you're desiring can already be had by registering your own domain name.
You can have government authentication without too many issues, though. The EU has a digital login system that's federated (EIDAS) and your government should never have to retract your ID unless you die. Some implementations use physical smart cards to sign in, others use usernames/passwords+apps/2fa. The system is currently intended only for official government business, but under the hood most systems use something close to OAuth2 so it should be possible to modify the system to allow generic logins.
The downside of such a system is that the using the same authentication for government grants and your social media makes it very easy to phish people. This increases the security requirements of the system significantly, which in turn make the system very annoying to use. The authentication mechanism also allows the government to track exactly what services you use and when.
Personally, I'd much rather see OpenID return. The ability to pick an identity provider and log in would allow for multiple accounts and the ability to control your own data.
Alternatively, wide-spread use of something like https://irma.app/ would be even better. This allows for decentralised identity that you can take with you, just like a regular ID. It also allows for exposing only scoped data (ie "is this person of drinking age" rather than "what's this person's birthdate").
Part of the fun of the internet is that it is really international so I'd expect it to interoperate with Canada, France, Ukraine, etc. What if people from Barcelona want a Catalan e-mail address?
Why in the world do you want them to host your email?
Whatever email server/system the government created would be so bad no one one would use it.
Advertisers and crooks already have under-the-counter access to our private data (via Equifax, etc.), but we don't get to benefit from it.
Let's get over our misguided ideological fetishization of "privacy" that we adopted when we read a fantasy book by George Orwell in middle school and implement a proper identity scheme for the 21st century.
People are more toxic when they're anonymous, but de-anonymizing people isn't a solution to toxicity.
I don't want to give up the ability for gay/trans/whatever people in oppressive societies to express themselves because someone was mean to me on Twitter once.
There are platforms out there that will enforce real name policies. You're free to leave communities that don't and enjoy a theoretical community where people are held up to standards if these policies work. You could even add your information to your account description if you don't care about your data and want to shape the community to your liking by setting an example for others. Just don't take down the rest of the internet with you because you don't care. I'm not in the Equifax leak or in any other American credit rating provider leak, so leave me out of your weird post-privacy world, thank you very much.
>Advertisers and crooks already have under-the-counter access to our private data (via Equifax, etc.), but we don't get to benefit from it.
We shouldn't throw away the concept just because we haven't executed it well.
The actual problem is our obsession with free stuff and knowing who to trust. Trust should be with family, friends, and the people you know. Then the trust reduces the further someone is from you in the socal graph. That's why I'm big on Web of Trust. You can't (and shouldn't) make people trust those you think they ought to trust. People should choose for themselves.
Posting comments and content should have skin in the game, you're absolutely right about that. Being able to post things consequence free is what leads to more trolling and spam. It shouldn't be contingent on your identity though. Micropayments are a great for this. If you had to stake a tiny amount of money for each comment, I think it would reduce spam and trolling.
This is the popular refrain, but really its about providing tools for HUMINT, signature reduction, and other covert operations of the US government and its proxies.
For instance, this is why the Tor Project is funded primarily by DARPA and the State/Defense Depts -- objectively speaking among the most violent organizations on the planet -- rather than actual dissident groups.
I disagree with this unpopular idea so I'm going to mark it as spam...
If you want to interact with people trusting that they can be held accountable for bad behaviour, you can do that on these platforms.
If you want to interact with people free to express themselves without fear of getting "held accountable" for "bad behaviour" - knowing that there is some disagreement on what constitutes bad behaviour and not trusting everyone who's able to "hold people accountable" - to get them fired - to share your views on this, you can do that on platforms like this one.
This hasn't worked. Not once. Full stop.
IRC continues to be the best place to have real conversations. Discord is pretty great too and even has built in alt support.
These are all opt-in verification mechanisms, likely with the main purpose of protecting the rights of influencers and other content creators so that the platforms keep making money off them.
I'm talking about a single federal government-run identity provider that obsoletes all the above schemes. That's what we need and where we are headed, whether we like it or not. It is absurd that we still rely on SSNs and home address verification in 2022.
We already have a decentralized system of unique identities, and we have since the '80s. It's called the domain name system. They're human-readable, they have strong guarantees about being able to own and control them (so long as you pay a nominal fee), and they have a rock-solid infrastructure behind them that backs everything from Google to the US government to your friend's blog. We even have a (somewhat less convincing) way of verifying that the server you're talking to really is the one that your DNS record points to.
What still needs work is getting from an identity system, which tells you which server to look at for a given name, to a system of authentication for specific tasks. Given that someone controls a given domain name, how can they use that to log in to a service or post messages that are verifiably theirs?
If you're willing to run a server for it, OpenID works. If you only want to send email, DKIM has you covered. The w3c's decentralized identity specs are really cool, and I think did:web [1] has the potential to bring us to a world where you can buy a domain, cname it to some host, and upload your public keys there so that you can sign anything and login anywhere. Making this easy for non-technical users will be important, but I think it can be done. The fact that ICANN policy requires companies to allow you to migrate your domain guarantees that you can sign up with some fancy startup that will manage everything for you and keep your identity if you want to move somewhere else.
* For identity by way of DNS, such as via domain name, see: https://indieweb.org/personal-domain
* For logging into systems by authentication based on controlled domain name, see: https://indieweb.org/Web_Authentication
There are many other related topics on indieweb.org and other related websites. What we need more of includes systems that make implementing such methods and protocols super easy.
* we have fractured identity online
* FB/Google might be going away
* Web3 may protect against that
* Large Language Models might cause the death of the internet.
I'm not really sure what to take away from the post. I found it confusing.
Because these platforms are gamified, they are worth gaming and gave rise to lots of fake automated content. Go search "best tablet" or "best lawnmower" for several hundreds of thousands of examples. Or look at Twitter.
Instead of any of these achieving a plaza of conversations, people are farther apart than they were to begin with.
Thanks for reading though!
I see three requirements:
1. Uniqueness: Exactly one ID assigned to each human
2. Irrevocability: nobody may invalidate the ID except it’s owner in the case of replacement
3. Anonymity: The owner of the ID can use it to prove their singular humanity without revealing anything else about themselves.
#3 is relatively easy to achieve provided #1 is solved. But #1 requires an Oracle [0] and cannot be decentralized to ensure #2 is upheld.
The only practical solution we’ve found is identity assignment by nation states, eg. social security numbers.
Can you explain what the problem is exactly? The infinitely small possibility that the same ID is generated for two different people?
How would you implement a system that issued such IDs?
Also as a joke about how noisy the internet is: Almost every website has 2-6 such icons, usually twitter, github, rss and email. I don't know how most people use the internet but my eyes just glaze over them (Which is sort of sad actually, when I read a blog I like I really should subscribe to the author directly somehow). I think expanding it out to more than 20 is funny, but I may have an idiosyncratic sense of humor here.
Worth having a few anon accounts so you can experiment with different concepts without having your real identity cancelled. I'm not talking about malicious hate speech or harassment, just toying with a new online avatar and toying with new concepts. I've tried tweeting under my real identity, and usually end up regretting the post a week later. With an anon account you can leave the tweet up because no-one knows it's you.
My fear is actually the opposite here. I don't think Google will cease to exist overnight, or something without a ton of warning signs that others using them will have to adapt to. But being squashed like a fly because of some malfunctioning ML algorithm with no recourse? That makes it to HN a few times a month, so I have to assume happens more frequently once you count people without the following to independently draw attention to it.
