"Is 'acceptably non-dystopian' self-sovereign identity even possible?"

An essay about self-sovereign identity, decentralized identity, verifiable credentials, soulbound tokens, and all those other terms that have been flying around lately.

blog.mollywhite.net/is-accepta

@molly0xfff

How can centralization help implement privacy-preserving Sybil resistance? (Not rhetorical, I'm sometimes out of the loop with protocols such as escrow.)

If there's privacy, it's hard to know who people are even if you're centralized; Wikipedia for example (where the problem is called "sock puppets").

Sybil resistance sounds good to me, I'm getting sick of waking up in strange rooms in weird clothes trying to find my wallet and not recognizing the name on any of the ID cards.

@Sandra @molly0xfff I've been toying with the idea of verifiable credentials myself, for a good decade and a half, actually, and I genuinely think there is potential there. There are a couple of things the blockchain world gets very wrong, though, the first of which is that it needs to involve any kind of blockchain/record.

But the far more worrying thing is that they all seem to want to enforce things computationally about people. That's the dystopian bit.

@Sandra @molly0xfff Privacy and centralization is really more of a question of which data you reveal to whom. Let's say you do want to receive money to your bank account. As Swiss numbered bank accounts show, you really just need to provide an opaque identifier of sorts to achieve that.

You want to verify that it's at a particular bank? Have that bank sign it. You want to verify that it's owned by some person? Have the bank sign a hash over the person's id...

@jens

That part is super easy, barely an inconvenience but that doesn't address Sybil at all.


@molly0xfff

@Sandra It prevents such attacks if the person ID is issued via a similar system, sure. Have an opaque identifier signed by the state. The centralization of that signing provides the Sybill resistance. @molly0xfff

Follow

@Sandra It's also privacy preserving because each use case may require a different ID only. Back to the banking example, I may provide a person ID that the bank issued for me. Nobody needs to know my state issued person ID for a bank transfer. @molly0xfff

Sign in to participate in the conversation
Finkhäuser Social

A private instance for the Finkhäuser family.