WingNews logo WingNews
top | item 33622238

(no title)

greybeardednyc | 3 years ago

I definitely get the whole “web3” is useless argument for a lot of the cases it’s been proposed but like any new technology I think it may find valid use cases somewhere down the line.

One of the few uses for which I am interested is “web3” identity - being able to keep ownership of my identity/credentials. Using, for example, a wallet to sign a message proving I own an address, I can build apps that don’t require me to store any passwords (and not rely on a “trusted” 3rd party to do so either). My app can just store the wallet address (like a username).

To build on this, if that wallet has data associated with it (“assets” it holds) for example, an ENS name, my app can pull that data directly from the contract onchain - instead of showing a public key I can show the users chosen display name, avatar, etc

I’m an old school dev and I wrote off “crypto” for many of the same reasons a lot of you have stated but I have realized there are some interesting cases that could emerge from its usage. Zk (zero knowledge proofs) as a means of reducing the amount of PII data that needs to be exposed to random parties also seems to have some good use cases.

Alas “value” aka money being associated with the usage/tokens makes the landscape much harder to navigate and much more prone to exploitation.

discuss

order

bawolff|3 years ago

I dont think web3 has really made any improvements in this area, so you got to ask what's different now.

Using public keys to log into things has been forever. It caught on with ssh (1995), it failed with client-certificates aka mTLS (1996).

Zero knowledge proofs also havent really caught on. And its not a new idea. The Fiat–Shamir heuristic is from 1986.

Anyways, i dont really think web3 has added anything. Most of these technologies are at least 25 years old and have not caught on. If it hasn't happened yet, i dont think crypto will change that.

hedgehog|3 years ago

Key-as-identity has a lot of problems and I don't think that model really works for most use cases. On the other hand I'm optimistic about being able to rework identity in the spirit what poster above describes. I've been around long enough to see the long arcs of experimentation and refinement that happen before technologies reach adoption. As an example widespread adoption of end-to-end encrypted messaging, biometrics, and hardware roots of trust took a while but that's here now in ordinary consumer gear. I could have looked at low adoption of PGPfone and and drawn the conclusion that encrypted video would never work but that would have been wrong.

jlokier|3 years ago

> Zero knowledge proofs also havent really caught on. And its not a new idea. The Fiat–Shamir heuristic is from 1986.

There's been a lot of advances in recent years in ZKPs, accompanied by a lot more interest. Fiat-Shamir is still used to turn interactive proofs into non-interactive, but the state of the art is far beyond just doing that. zk-SNARKs are less than 10 years old, zk-VMs are becoming more common, and the ZPrize competition is yielding some big steps forward in implementation performance. Probably blockchain applications are a major reason for recent increased interest and commercial R&D, even though that's not where the academics see the main applications.

If you're interested, the zkproof.org conference is currently still going, and the sessions can be watched live:

https://zkproof.org/events/workshop5/

matt_s|3 years ago

I like that concept of crypto being used for identity purposes. Sure there have been solutions like that for a long time but the difference here could be a much simpler way for average users to jump in. The technical knowledge needed to generate pgp or ssh keys is much higher than using a web UI to create a crypto wallet. A crypto wallet does sound similar to existing solutions like Open ID Connect but I think the difference here is a crypto wallet is decentralized vs. OAuth based flows typically have trusted secrets between centralized systems. A decentralized way to verify identity/avatar/username could be useful for some industries, possibly avoiding having to build user identity mgmt into a small/indie software project.

I think web3 will hold some promise if/when technical people develop some standards around using it vs. the marketing/finance folks pumping whatever scheme they are attempting.

UncleEntity|3 years ago

> The technical knowledge needed to generate pgp or ssh keys is much higher than using a web UI to create a crypto wallet.

Aren’t they all essentially the same? As in you can do any of those using the same library?

The main problem is nobody is throwing big piles of money at a ssh keygen API but a wallet generator, who do I make the check out to?

noirscape|3 years ago

I think the problem with web3 as identity is that there's... no real advantages to this.

Public and private keys have existed before if you want to "own" your identification; you can run gpg or ssh on your computer right now, generate a public and private key pair and all you need to do to now verify that a message is from you is to send that public key to someone else and let them verify a message you signed with the private key.

Assuming your key has enough bits in it when generated, it probably won't be broken until long after you're dead or you'll have (more likely) moved on to a new pub/privkey pair.

You don't need a blockchain for that, it just... works. We don't generally do it that way because it's a fairly cumbersome user experience for people (making the PGP signing experience better is where imo real gains can be made if you want to focus on this area of identity verification, it's absurd that no modern email client for example has made this easier), but for those cases where you really need to 100% confirm that it's you, pub/privkey works just fine as a system.

Heck, you can even generate a pretty nice avatar if you wanted. All that avatar is in the end is a serialization function to display it as an image. Public key blocks are ugly, but when you for example look at SSH, randomart works just fine for validating that the keys match visually and nicknaming SSH keys is as old as time. Randomart maybe is output only a programmer could love, but a visualization of a key isn't new and there's probably some innovation to be had by improving the experience of sharing those keys and actually having randomart resemble actual art.

There's also the fact that... most people don't require that amount of no trust. I can think of a few niche cases where absolute zero trust verification is handy, but when you get to those cases the absolute last thing you want is for their existence to be publicly readable from a blockchain, which will always be the ball and chain on the leg of "web3 technology" (which as the post notes, there's barely any explanation as to what that actually means since it's just a mishmash of technology that seems to be "existing technology but we strapped it to a blockchain for some reason").

So even when it comes to identity verification, it's still mostly just... snake oil really. It's making and pushing around a cart on square wheels while huffing at those with round wheels for "not getting it".