That's probably what someone would have said if they saw Facebook 20 years ago.
The intention here is to get out in front of FAANG before they can make their own, proprietary standards for ID. As terrifying as it is, personal identification is going to become a huge part of the next 10 years of computing, and potentially radically change the way we interact with the web.
The distinctive capability is offline auth. I guess we are still holding out that eventually it will get easy enough to write offline (aka p2p, user-agent only, interconnected apps) that having an auth standard becomes an accelerator.
If FB or some other big actor were to define identity standards, the standards would at least be friendly towards their operations, if not optimized for it.
Risks would include, privacy concerns, from obvious to not yet identified; the standards not being good at things other interested parties may like; mechanisms that encourage/require normal users to delegate some functions to private third parties; mechanisms that make it hard for normal users to use their identities as they choose; mechanisms that place more burdens on the user for retail fraud ("identity theft", for instance); the list goes on.
For more, consider the ways that ID is used against people today. Now apply automation and a world-wide attack surface, and do not consider mitigations that might have an effect on some big actor's bottom line.
The basis for identity is that the receiving party has to make a decision based on some sort of trust relationship.
Everything really winds up being direct, indirect, or brokered, eg. :
- direct: you have a pre-existing account on a website.
- indirect: you have an account with a Company, and I let that company's employees sign in with SAML etc
- brokered: certificate authorities issuing certs based on domain/email/etc validation, and I accept those certs by accepting those authorities
We won't see the indirect model get any broader than it already has - nobody is going to accept Sign in with Apple in lieu of a birth certificate.
What we _do_ see is the platforms (like iOS and Android) becoming wallets for identities issued by _others_ based on the indirect and brokered models. Adding mobile drivers licenses is upcoming for both mobile platforms.
but the reality is that for indirect/brokered, you have an issuer and you have parties who have made a decision to trust the identity. If Apple/Google mandate properties the issuers don't like, the issuers won't use it. If the issuers mandate behavior the verifiers don't like, they won't accept it.
And thats the same for any "user-centric" or "self-sovereign" identity system too. If bringing my own DID means that the issuer can't meet their identity verification/authentication mandates, they won't support it. If me using my own wallet means that a retailer is not getting identity assurance or is otherwise taking on additional risk, they won't accept it.
And obviously the people who do not like the overall properties will choose not to consume it.
What you imply is some nefarious function of big actor desires being baked into standards, I would just call 'understanding market requirements'.
I'd put it slightly differently. The infrastructure went part of the way. It needed several more iterations. The UX, as you point out, never went anywhere. At least now people are getting comfortable with the idea of using a private key, even if no one has yet cracked the problem of crypto UX.
When I say it was implemented, I mean at Netscape around 1999 we had projects with banks where they issued smart cards, used with USB readers, that facilitated SSL client cert auth. Similar to today's FIDO2/U2F. I don't know why these schemes were never widely adopted but it wasn't because the implementation was lacking.
"The risk" is a weird, ambiguous ghost in the machine. Maybe it's a result of digital paranoia setting in over the past decade, or maybe it's our response to digital rights abuse. In any case, it's always a good thing when mission-critical infrastructure is democratized like this.
Another area where this will be needed is digital identifiers for digitally owned and transferrable objects in AR/VR. The DID family of specs is designed to help make this a reality.
Full disclosure: I worked on the XDI and XRI specifications that paved the way for DID, and also very slightly on the DID specs (contributing thoughts and inputs, I did not author any part of the DID specs).
It's a good set of specs, written by people that know identity and have a good vision.
Correct me if I am wrong, but most of these services, such as the electronic signature, the electronic seals and the document exchange functionality outlined on that website are all dependent on a central authority are they not?
Your signature certificate is issued by your government (or an organisation working for said government). The seals are created with certificates that are, once again, created by a central authority.
The document exchange is really just a fancy way to store files on your device and send them.
As far as I can tell none of this is decentralised? I don't really see why they would want to decentralise it either, your digital identity as a citizen only exists because a central authority, a nation in this case, validated you to be a citizen ...
As mentioned, correct me if I am wrong, but as far as I can see all of these EU plans are basically just giving each EU citizen a cert that is issued by their government and some nice applications that build around those certs?
Sorry, I should have clarified. The EU commission is focused on digital identity. I haven't dug deeply, but yes, I suspect that they are not as interested in decentralized identity (as the original link was).
> As mentioned, correct me if I am wrong, but as far as I can see all of these EU plans are basically just giving each EU citizen a cert that is issued by their government and some nice applications that build around those certs?
Sure, but wouldn't that ubiquity be a game changer?
> Unless I miss something, this looks like a solution to nonexistent problem?
The generalizable answer to this is that almost always if some group of people has spent a good chunk of effort but you don't "get it", you have missed something.
The less you know about the domain, the larger and more diverse the group and the bigger the effort, the more likely this is to be true.
Of course there are exceptions, but they are rare.
> The general answer to this is that almost always if some group of people has spent a good chunk of effort but you don't "get it", you have missed something.
Sure, but that doesn't mean that the group of people has cogently explained their work for their target audience. In this case, the target audience would be developers, whom it seems from the comments are confused.
Specifically, while other parties might be used to help enable the discovery of information related to a DID, the design enables the controller of a DID to prove control over it without requiring permission from any other party.
Sounds like a PGP replacement in some ways.
Also possibly an alternative to SSN (for Americans).
> A reminder that it's OK to not take sides and just support your friends.
It is probably more complicated than that.
Like if you know for sure that a friend of yours did something completely incompatible with your norms (for me that would be for example stealing money from poor old people), perhaps you don't want to have them as your friend anymore.
But if there's doubt and uncertainty and pressure from the community, it's better to support your friends.
Isn't that kind of a ridiculous example? Most people in this forum would never have the desire to steal from poor old people. So if someone does, it's a really disturbing sign that goes beyond the crime itself. Of course you'd think twice about meeting that person for lunch.
But sexual relationships are scarce (in the economic sense of the word "scarce") even among the well-to-do. Especially young adults, who have the greatest desire. So there's a lot more temptation. Furthermore, it's much harder to draw clear boundaries because of the complexities of flirting. Add in alcohol and poor communication, and there is a real risk that otherwise good people do some things that look pretty bad after the fact.
Yes, people should behave. We should quickly put a stop to these transgressions before they escalate. And we should acknowledge that they may cause real harm to others and that some punishment may be warranted.
I'm just saying that the friend you have that is accused of some bad stuff -- it's OK to not take sides. You don't have to defend them or anything, but it's OK to treat them like a normal human being. Because they probably are.
But the software engineer that steals from poor old people is not a normal human, and it's totally reasonable to ghost them.
> I engaged in sexual misconduct with multiple women
The term misconduct is used usually in the work environment when one party is in a position of power, like a boss of another. This is not the case here.
> This behavior may imply life long psychological consequence for them.
Or may not. Or maybe refusal to engage with women could imply life long psychological consequence for them: women as well as men feel bad when they are rejected.
Don't decide for women what's best for them. They are grown up adults and engage in these relationships voluntarily.
> Yes they are the victims
Victims are those who were assaulted against their will. My understanding that there was no violations like that in this story.
>The term misconduct is used usually in the work environment when one party is in a position of power, like a boss of another. This is not the case here.
Says the author
>Don't decide for women what's best for them. They are grown up adults and engage in these relationships voluntarily.
I'm not deciding what is best for anyone. I'm saying the author doesn't get to choose.
> Victims are those who were assaulted against their will. My understanding that there was no violations like that in this story.
Says the author.
I encountered a situation similar to this a few years back. Large group of friends 20-30. Lots of partying. 5 different women report experiences with the same guy. Waking up with him in their beds. Sometimes more overt behaviors.
His recollection is quite different. He remembers it as a much more innocent affair. A mistake. Something embarrassing.
> don't be a creep and treat women like human beings and you'll be fine?
You may have your best intentions about women and still slip. Like accidentally calling people "guys" which is considered offensive now.
Everyone does tons of "mistakes" like that. Sometimes it is forgiven, sometimes it is now.
Whether it is forgiven or not often depends not on the exact words or tone of your voice, but on the perception of you. If you are handsome, the reaction will be a giggle. If you not so good, exactly the same words can be considered offensive. https://knowyourmeme.com/photos/1663485-hello-human-resource...
The problem is that people gets offended too easily nowadays.
And you advice can be translated as "just be successful young and handsome".
Don't blame knives for killing people, blame people who kill people.
I think the issue here is that Twitter came too quickly into our lives, and people did not have time adapt to the new reality.
Three hundreds years ago people would happily join a mob on a square trying to burn a woman because she is a witch or a traitor or unfaithful. Today people would just tell them they are coo coo and continue with their business.
After a couple of years people will learn to react to Twitter cancelling mob the same.
The opinion of a person with some credibility, like name is N, lives in a city M, occupation is X is valued more than some of anonymous.
Because nowadays there are too many fake accounts, even paid trolls, and talking to them (or even listening to them) is just waste of time, not a meaningful conversation.
My twitter account is anonymous and I sometimes get replies like why would I want to talk to nobody. And they are right, they probably shouldn't.
Anonymous accounts can have a reputation, too. I have been on HN since 2008. I wouldn’t like to have this account burned. In a way, I do have a reputation of not posting total shit, since I’m still here.
Same is true for many communities where users gain popularity and trust if they participate in a meaningful way.
Poor people indeed often make bad decisions (not necessary financial, but like taking college degree they don't need or staying with their parents until they are 40).
But realistically it's much easier to save money when your income is $10K per months vs when your income is $1K per month.
The UK did a great thing recently: there's semi-mandatory private pension contributions: it is 8% total (you can opt-out, but you need to explicitly do that). So even folks making poor financial discussion will own some wealth.
AFAIK in the US there's no minimum contribution to 401k.
They have much more orders of magnitude of unproductive free money lying around.
Even so, they do pay less. Bezos claimed a tax credit for his children, FFS. Why are Amazon workers subsidizing their boss, they are the the ones that should be receiving the money.
This is gross double taxation: they already paid taxes when they earned the money you are investing, and you are suggested taxing them again at high rate.
