top | item 47039102

(no title)

They use the email example, but if Google bans me, my identity is also banned and that may be how people contact me.

We also need decentralized identity so my identity can exist independently of service providers, but still be owned by me and not an impersonator.

discuss

Seattle3503|14 days ago

Identity is "infrastructure" government should provide via something like mDLS. A lot of work needs to go into make sure it is secure and it can be used in a way that protects privacy. Eg selective disclosure of attributes for verifying age. Pairwise pseudonyms for identity when your online identity doesn't need to be tied to you real identity, which is most of the time. Something like that would go far in dealing with sybil issues in decentralized systems, which is often the source of a lot of headaches for system designers.

drdaeman|14 days ago

Only as a last resort. If possible, governments, just like any other organizations, should have absolutely no say about anyone’s identity.

They (like any other entity) can attest, but such attestation should hold as few of any special value as possible.

voxic11|14 days ago

You can use a custom domain that you own with gmail. But of course domains aren't that great either as they are only somewhat decentralized and it's still pretty easy to lose your domain.

jrm4|14 days ago

So, (especially after watching Bluesky / ATProto) I'm increasingly convinced that this is not a problem that needs solving.

Email is still a protocol, and the thing that ATProto is doing causes as many problems as it purports to solve.

Mostly because "decentralized identity" is still "identity." And the safest way to do identity is to have it be destructable and remakable on the fly.

cortesoft|14 days ago

> And the safest way to do identity is to have it be destructable and remakable on the fly.

It might be the safest, but it defeats lot of the purpose of identity. There is a reason it is a hassle to change your email address... so many services are tied to that identity. You can change it, but you have to change every service that is relying on it as your identity, and you still have to own your old email so you can prove to the service that you are the same person.

I am not sure how you could ever avoid this problem? The purpose of an identity is to be able to tell that one request is made by the same person who made a previous request... persistence is a requirement.

vvpan|14 days ago

The underlying problem to both protocols and non-protocols is identity. Gmail works because Google owns the identity and acts effectively as a proof of humanity.

To go on a tangent - I think that more people having personal public key pairs (via crypto) than ever is actually a positive direction. Atprotocol is another big player in identity at the moment, just as long as "can't be evil" mechanisms are kept alive and have good UX.

paulddraper|14 days ago

That exists in the form of domain names.

Which for reputable TLDs is permanent, outside illegal activities.

watermelon0|14 days ago

Country code TLDs are also reputable, but you might lose access if you move or if something happens to the country.

wilg|14 days ago

atproto has a very elegant decentralized identity solution imho https://atproto.com/guides/identity

vvpan|14 days ago

Atproto identity is going in the right direction but I hope they go in that direction harder. For example plc.directory (maps DID to public keys I think?) is heavily centralizing force.