The original article was based on fundamental misunderstandings of Blockcerts, but the follow-up Blockcerts community discussion (including the article's author) was productive:<p><a href="http://community.blockcerts.org/t/response-to-blockchain-blockcerts-critiques-from-privacy-researcher/308" rel="nofollow">http://community.blockcerts.org/t/response-to-blockchain-blo...</a>
Im a "blockchain-for-x" skeptic, but I disagree with this article.<p>A timestamped, immutable blockchain would be useful for reviewing credentials from 3rd world countries where qualifications/experience/government certification are all able to be bought. It wouldn't solve fraud, but it would make it a lot harder to suddenly decide to fake a whole lot of credentials, and would make it more obvious that a particular organization is corrupt and therefore would incentivize not being corrupt.<p>The central question for whether blockchains are indicated for a particular use case continues to be "does this require immutability, regulation resistance, or cooperation across various regimes that don't trust each other".<p>An example of useful blockchain identity would be in refugee verification/processing:
- people in 3rd world countries scan a fingerprint and hash an encrypted version on the blockchain when young
- annually update information about themselves onto the blockchain including info about families
- 10 years down the line they have an excellent record of who they are, who their family is, what their situation is, and they become far more credible when it comes to identity verification that relying on documentation from a long-toppled government
The architect of the Blockcerts system replies to this article here:<p><a href="http://community.blockcerts.org/t/response-to-blockchain-blockcerts-critiques-from-privacy-researcher/308" rel="nofollow">http://community.blockcerts.org/t/response-to-blockchain-blo...</a><p>“It’s interesting that he focuses on blockchain for identity management, which Blockcerts doesn’t even do.<p>However, DIDs, which can improve the ability of individuals to own/control their identity, will feature blockchain-based method specs.”
I don't understand what the "privacy nightmare" is that the author describes:<p>> The credential itself is signed by the issuer, which makes it authentic and binds it its owner. In itself this does not appear to create a big privacy problem, compared to standard PKI certificates. However, one of the keynotes suggested that also uses, i.e. verifications, of credentials could be logged on the blockchain. That information could subsequently be used to make e.g. policy decisions on employability: which academic credentials lead to the best employment opportunities? This is a privacy nightmare.<p>And is the author suggesting simply checking credentials against a centralized authority:<p>> All you need is that each issuer keeps a list of all issued credentials in a <i>local</i> immutable record (using a simple hash-chain, for example) against which a verifier can check the status of a credential.<p>My comprehension of this article is low.
>what would happen to all credentials once issued to some blockchain, if that blockchain ceases to operate? The raw blockchain data is of course still available and maintains its blockchain structure. Yet the integrity-preserving features of the blockchain disappear as soon as it is no longer actively used.<p>I'm not sure this is true. Info about the blockchain wouldn't evaporate instantly, it'd be easy to get the legit genesis block header and chain height, wouldn't it require a lot of "work" to produce a convincing counterfeit chain?