"Is 'acceptably non-dystopian' self-sovereign identity even possible?"
An essay about self-sovereign identity, decentralized identity, verifiable credentials, soulbound tokens, and all those other terms that have been flying around lately.
The title comes from the May 2022 paper by Weyl, Ohlhaver, and Buterin titled "Decentralized Society: Finding Web3’s Soul", where they describe "soulbound tokens" and their vision for "Decentralized Society (DeSoc)". https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4105763
my hopes for them coming up with a reasonable definition for "acceptably non-dystopian" are not high given this part of the paper
@molly0xfff "Like the amniotic fluid is filled with the feces of the fetus as it enters the 4th quarter, you wallet will be filled with..." is how i'd go 🤣
I've posted this on HN, will replicate here.
1) The trilemmas do not need to be *solved*. They just need to be *acknowledged* when you are designing your application so that people can understand the types of trade-offs being made. When sybil-resistance is not a required, you focus on privacy and decentralization. When sybil-resistance *is* required, you choose if you'll sacrifice privacy or decentralization.
Depending on the use-case, one might be preferred over the other.
2) "Security practices are hard, no one will do it properly, they will rather have some expert that can do it for them".
Well, if you don't want to deal with security hygiene, you delegate. Just like the majority of people will rightfully prefer to have a bank to manage most of their funds, one could still envision a future where service providers will act as a proxy to anything that requires "your" identity(ies).
In general, what upsets me with anti-web3 people is that they fall into the *same* trap as the maxis: they start from this ridiculous notion that "web3" is about creating a Highlander solution (there can be only one!) and that this solution needs to satisfy all constraints, otherwise it is rubbish that needs to be discarded.
The important thing by having decentralized identities is that it gives new *options* for whole new classes of applications that do not exist. No one is being forced to adopt a system just because it is now possible to do it on a blockchain, and we do not need to destroy the current systems if they work well - or at least if they work better than any alternative. There will be even plenty of cases where the status quo is totally fine.
@Sandra @molly0xfff I've been toying with the idea of verifiable credentials myself, for a good decade and a half, actually, and I genuinely think there is potential there. There are a couple of things the blockchain world gets very wrong, though, the first of which is that it needs to involve any kind of blockchain/record.
But the far more worrying thing is that they all seem to want to enforce things computationally about people. That's the dystopian bit.
@Sandra @molly0xfff Privacy and centralization is really more of a question of which data you reveal to whom. Let's say you do want to receive money to your bank account. As Swiss numbered bank accounts show, you really just need to provide an opaque identifier of sorts to achieve that.
You want to verify that it's at a particular bank? Have that bank sign it. You want to verify that it's owned by some person? Have the bank sign a hash over the person's id...
The problem I see in most approaches is that they're inflexible; they try to prove some global truth, and in order to capture enough use cases, they include and leak more data than is necessary for each individual use case.
Implementors should focus a lot more on how the offline world already operates.
As another example, in...
@Sandra Of course it is. That's the whole point.
You don't need to prove identity in the vast majority of use cases, you just need to prove that such proof exists. You need to be able to trust that proof-of-proof, which means you need to trust someone else to issue trustworthy proof-of-proofs.
In the banking case, the obvious issuer is the bank; they have a vested interest in it after all. In other use cases, less centralisation may be better.
@Sandra The bank may wish to be a root of proof, or request a proof from the state. In either case, since the whole thing eventually ties back to the real world, it'll involve some real world ritual. Once per root. And only that root needs to know anything at all about you, the person.
This isn't even centralization in a lot of senses, because proofs can be issued such that the root doesn't have to be consulted, or any intermediary. It centralizes identity proving, yes.
@Sandra OK, but... that's different in every legislation and has nothing at all to do with verifiable credentials. That's entirely in meat space.
Hereabouts it goes back to birth certificates. Your community registers each birth, and issues birth certificates from the data it registers. If you want an ID, birth certificate is the proof that you should get one.
You could bootstrap the digital ID by presenting one and a public key, and receive a signature over the pubkey.
@Sandra OK, so meatspace identities have problems, true. Why should we expect digital identities to be *less* problematic? If they're bootstrapped off meatspace identities, they're "good enough" pretty much by definition. Yes that does kick the can down the road to meatspace, but doing anything else seems to ask too much, so I'm content with that.
The trilemma Molly presents relates to self-sovereign identities. In order *not* to bootstrap off meatspace, you have to...
@Sandra ... include enough data in an identifier to be verifiable as belonging to an individual by anyone, which means it's essentially public information (even if you do not share it with the world on a blockchain). And that is how centralization preserves privacy by bootstrapping (doesn't have to be meatspace).
@Sandra But equally, it's perfectly fine to have non-overlapping proof roots. It's the use case that needs to determine which root or roots are acceptable.
Voting may need a state operated root. You show your ID at the voting booth, after all.
Shopping does not, as a rule. I don't tend to show my ID at the checkout.
The big issue I see with most proposals is that they treat all identification issues as the same, and as the initial root proof.
@Sandra I'd be happy to phrase it differently, but I'm not sure what you're asking, then. Because the original proving of identity, the root I am referring to, is a solved problem. We've been doing variations of it long before the digital realm got involved.
@Sandra @molly0xfff ... order to gain entrance to an adult-only event, maybe an identifier needs to include something the person can show as proof they're the subject, and a birth date. Actually, you don't need a birth date, you just need a boolean flag and a signing date. If the flag was true at the date of signing, it'll be true later.
The system really needs to be focused on providing just the bare minimum for a use case is my point.
@jens @Sandra @molly0xfff I agree, that's the creepy part. Like, what would happen if a criminal record was mistakenly delivered to my address? What if someone acquired the key that a PD uses to issue such records? What if your university mistypes your address when sending out your degree? Normally you could solve this type of errors, but kind of the whole point of blockchains is that you can't. Users need flexibility, you can't blame them if a system fails, no matter how brilliant it is.
@molly0xfff Even giving blockchains the benefit of the doubt, that someday they might become reasonably scalable and be applied to implement systems that are actually useful, it's crazy to see how far people have to take things. I mean, as of now this stuff just barely works as a way to send meme tokens around and they're discussing putting people's life on there?
@molly0xfff With every new development or promise in the crypto world, the "hell" in my "hell no" response becomes more emphatic.
@molly0xfff I might ask for your help, if you can add G1 to your research, I'm not sure about that project, but I think it might be on the same line.
@molly0xfff While I am generally pro-cryptocurrency, I've always been skeptical of attempts to bind keys to human beings. This is the best write-up I've seen for why that probably can't (or shouldn't) be made to work.
Intuitively, it seems like attempts to use technology to bypass "natural" social networks and thus our intuitive trust mechanisms end up being on net harmful. This is not to say that we shouldn't strive to minimize the amount of trust needed, just that we are often replacing it with misplaced trust in bad systems like Amazon ratings or Reddit votes.
I think it was @pixouls who said (or boosted?) something along the lines of "trustless systems tend to benefit the least trustworthy". This essay reminded me of that.
Thanks for writing this!
The original server operated by the Mastodon gGmbH non-profit