They use the email example, but if Google bans me, my identity is also banned and that may be how people contact me.
We also need decentralized identity so my identity can exist independently of service providers, but still be owned by me and not an impersonator.
Identity is "infrastructure" government should provide via something like mDLS. A lot of work needs to go into make sure it is secure and it can be used in a way that protects privacy. Eg selective disclosure of attributes for verifying age. Pairwise pseudonyms for identity when your online identity doesn't need to be tied to you real identity, which is most of the time. Something like that would go far in dealing with sybil issues in decentralized systems, which is often the source of a lot of headaches for system designers.
Only as a last resort. If possible, governments, just like any other organizations, should have absolutely no say about anyone’s identity.
They (like any other entity) can attest, but such attestation should hold as few of any special value as possible.
> Only as a last resort. If possible, governments, just like any other organizations, should have absolutely no say about anyone’s identity.
An unusual position, as historically governments have provided birth and death registries [0], passports, identity cards, etc, etc
[0]: or, earlier, in the West at least, the church
Is that really so?
They maintained census, but for government functions (like accounting and taxes), and actual identity communication almost never involved government.
Passports use for anything except international travel is a very modern thing as well.
For most of the history the source of identify was individual themselves (as it should be), that is, one told their name and origin and others accepted that, unless someone knew otherwise.
We've seen ~20 years of people trying to solve identity without the government. We've seen plenty of solutions that can provide stable identities over time, but we haven't really seen anything that provides meaningful sybil resistance. As computer systems become more and more "autonomous", sybil resistance is increasingly the most important feature of any identity system. Any identity system that doesn't solve that problem pushes to the application layer, where it usually has UX impacts that have serious tradeoffs with adoption.
I understand this. I also understand that if history teaches us anything it’s that any centralized governance (of any nature, not just traditional national and regional governments, but any centrally organized communities, like corporations) is to be constantly distrusted and kept in check, and even then it’s dangerous to let it take over social functions. That’s why I wrote “only as a last resort”, that is, unless and until someone thinks of something better. (And then switching over is another issue… that may need some pre-planning even better new solution exists.)
Or maybe someday we’ll have some interesting revelations about personal identity and sybil resistance won’t be necessary. But that’ll probably be only some centuries later.
To be clear, all we need from the government is to establish a person really exists and verify basic properties. We don't need more than that, so we can and should use all cryptography at our disposal (and invent more) to prevent any more information disclosure to both services and government.
I get that identity is a sort of last holdout for the tech libertarians of old. But after years working in KYC, what I saw was the accumulation of vast amounts of sensitive information held by private actors in a way that was completely democratically unaccountable and couldn't be corrected by the average citizen. It's time to bring identity out of the shadows and make it ours to control.
For establishing facts about person, the problem is, hostile governments are not unknown to revoke passports and cause all sorts of trouble. And if the government is benign that doesn’t mean it never turns hostile. We really don’t want to allow governments to disappear people, not physically, nor digitally.
I’m not a libertarian (was; realized why it doesn’t work in reality we have), but I still believe that no entity ever should be able to deny one’s identity, they can only refuse to attest it.
And the more serious problem is that nowadays we’re collectively so much into that flawed paradigm of “identity providers”[1] I’m afraid if a government-ran system happens it’ll would be still built in the same paradigm and engrave that into collective consciousness even further.
Private corporate-ran identities are IMHO better for the foreseeable interim, until we know for sure how to do things right. Because I suspect that whatever we pick as fundamental ideas is going to stick and bless or curse us for a long while. Nation states have longer lifespans than Internet companies popularity, so as weird as that may sound I’d prefer Gmail to, say, that Estonian X.509 scheme (no offense meant; and I’m only considering use outside of government services), despite latter being short-term better.
And - yes - I 100% agree that it’s past the time we should be using proper cryptography for attestation of all sorts, rather than sending passport photos and live selfies to increasingly more and more private companies. But that shouldn’t be general identity verification, it should be only for compliance, only when a law forces to obtain some information from some government-issued credentials. This part desperately needs moderation. But for the love of what’s still sane - unless we find ourselves with an unavoidable need and no other choice, let’s not use that for any other purposes, for now, please?
___
[1]: My view and understanding is that identity cannot be “provided” - those words simply don’t make sense together. Unless if we’re talking about impersonation and skip the “credentials” for brevity, and then it’s not our identity but someone else’s (even if created specially for us). Of course, I could be wrong.
The neat thing is that if government provides identity, you don't have to use it for any system you build. But I'm curious how you would deal with spam and Sybils?
That’s not generally true, even if it may sound true in some specific location and time. Governments trying to mandate national authentication services is a very real thing.
As for your question: sadly, I don’t have a solution for either. I wish I would. I think ML-based approaches seem to show good promise for spam detection, though? I haven’t looked under the hood any recently, but purely anecdotally, almost every time I upgrade my mail system and antispam has something new ML-based, I’m getting a lot less junk. As for the sybils… I don’t think it’s an issue per se - an ability to have alter egos is not a clear negative. And then it must depends on the exact context. Government elections is one thing, online content popularity measurement is entirely different. Not sure it’s meaningful to envision any universal solutions - they tend to have too many side effects, and usually of undesirable nature.
You can use a custom domain that you own with gmail. But of course domains aren't that great either as they are only somewhat decentralized and it's still pretty easy to lose your domain.
So, (especially after watching Bluesky / ATProto) I'm increasingly convinced that this is not a problem that needs solving.
Email is still a protocol, and the thing that ATProto is doing causes as many problems as it purports to solve.
Mostly because "decentralized identity" is still "identity." And the safest way to do identity is to have it be destructable and remakable on the fly.
> And the safest way to do identity is to have it be destructable and remakable on the fly.
It might be the safest, but it defeats lot of the purpose of identity. There is a reason it is a hassle to change your email address... so many services are tied to that identity. You can change it, but you have to change every service that is relying on it as your identity, and you still have to own your old email so you can prove to the service that you are the same person.
I am not sure how you could ever avoid this problem? The purpose of an identity is to be able to tell that one request is made by the same person who made a previous request... persistence is a requirement.
Yes. And as much as I hate "well, users should just be smarter and deal with inconvenience," I think it may fit here.
Identity is always hard, and I strongly doubt there is any great way that makes it "easier" and still safe.
Aka, yes please kill passkeys, or at least be super upfront and informative.
"When you use passkeys, you are giving your keys to Apple or Google, and they cannot guarantee safety."
It may be that different types of identity are preferable for different use cases, rather than converging on a single system.
> "When you use passkeys, you are giving your keys to Apple or Google, and they cannot guarantee safety."
Not true with hardware passkeys, which also add a true second factor. Central passkeys are a problem, though.
The underlying problem to both protocols and non-protocols is identity. Gmail works because Google owns the identity and acts effectively as a proof of humanity.
To go on a tangent - I think that more people having personal public key pairs (via crypto) than ever is actually a positive direction. Atprotocol is another big player in identity at the moment, just as long as "can't be evil" mechanisms are kept alive and have good UX.
That exists in the form of domain names.
Which for reputable TLDs is permanent, outside illegal activities.
Country code TLDs are also reputable, but you might lose access if you move or if something happens to the country.
atproto has a very elegant decentralized identity solution imho https://atproto.com/guides/identity
Atproto identity is going in the right direction but I hope they go in that direction harder. For example plc.directory (maps DID to public keys I think?) is heavily centralizing force.