This is an extremely solved problem. Unless you have a dramatically interesting solution to the real hard problem, global account <i>recovery</i>, ordinary home users are effectively tethered to their email accounts, because that's how you reset a login. Since you're doing that already, "Sign in with Google" and "Sign in with Apple" are perfectly cromulent solutions and likely to continue dominating.<p>The actual last thing in the world home users want is an authentication system where credential loss is literally irrevocable.<p>Meanwhile, the real market for Internet SSO is at companies, and one of the major reasons companies deploy SSO is to have policy control (particularly: onboard and offboarding) of who has access to what. A globally distributed authentication fabric is actually an anti-feature for those people.<p>The actual last thing in the world corporate users want is an authentication system their IT department doesn't control absolutely.<p>Part of what's happening with ideas like this, and the reason Internet identity has been such a tar pit for the last 20 years, is that there isn't one single service model for identity. Internet identity evangelists tend to overlook the fact that people have multiple identities on purpose.
So the Director of Operations of ENS Domains says Ethereum has solved an extremely solved problem and one of the cornerstones of that solution is... wait for it... ENS Domains. Gotcha.<p>I also take issue with:<p>>Ethereum is giving average ppl computer generated public/private key pairs...<p>'Average' people aren't into crypto. And the average computer user doesn't know how to use asymmetric keypairs.<p>Anyone want to try to explain asymmetric keypairs to mother-in-law who's in her 70s and needs help applying Windows patches? I sure don't. And I spend my days in SAML and OAuth world.
There were loads of vendor-neutral identity ideas that all fell flat because nobody wants to sign up just for an identity.<p>This one is hilariously complicated; the thread ends with this call to action:<p><i>Want to get a portable web3 account?</i><p><i>Pick an Eth wallet: <a href="https://ethereum.org/en/wallets/find-wallet/" rel="nofollow">https://ethereum.org/en/wallets/find-wallet/</a></i><p><i>Get ETH (sometimes built into wallet, otherwise use a service like Coinbase)</i><p><i>Get an ENS name: <a href="http://app.ens.domains" rel="nofollow">http://app.ens.domains</a></i>
* (Choose which is your username by setting reverse record at My Account)*<p>It's that easy!<p>I think the author underestimates how little most people care about their weak passwords, or centralised authentication.
the continued annoying arrogance of these crypto people, claiming things are just 'web3' all of a sudden because they've built some crazy thing that seems to be outside the mainstream.... but then posting stupid twitter threads (seriously, use a fucking blog post) claiming they've solved identity, while ignoring all the world SSO and SSI people have been doing/real work/tackling issues and dealing with how real world people actually deal with (successfully/not so successfully) with these things and the way users ended up with today password managers/email still the internet's killer app/ID thing.<p>sigh.
> an average person having one username and password/authentication method that works across all services<p>It's a bug, not a feature. It's people throwing away their privacy for convenience. It's proverbial dancing piggies.<p>Problem with global-scale SSO is not corporations, that control shared identity. It's shared identity itself.<p>Distributed SSO is as good idea, as eco-friendly vegan huffing solvent.
There are a lot of downsides to "Sign in with Google", but I am generally willing to accept them because I think I could recover my account if I lost my password. I'm not <i>certain</i> I could do so, because we've all read plenty of horror stories about Google's customer support. But I don't think I could recover an Ethereum private key. I'm sure there are esoteric ways of doing this. But ultimately what I want is the comfort that if worst comes to worst, there is a human somewhere on the planet who can reset my password for me. They might be hidden in a nigh-impenetrable labyrinth of automated emails, but they exist, and I could get them to help me if I make enough of a fuss on Twitter.
Is this really what people want? Seems strange that a single set of keys or a passphrase would grant you access to not only your wallet - all your money - but also all your online services.<p>Am I missing something or is this just a fancy way of having a single password that gets you access to everything, and if compromised would be utterly devastating.
This ENS thing could be interesting. It makes it possible to have a distributed identity. If only if Ethereum was not overinflated.<p>As a result, reserving a name on ENS costs 120$ a year. Few people would be ready to pay that to get a username.
It's odd this thread doesn't mention the sovereign self identity (SSI) efforts, DID Auth, etc. Folks who have been working in this area for years at this point and have some traction.
A lot of SSI is about delegating Sybil-resistance. Websites use Google or Facebook sign-on not just because it's more convenient for users, but also because signing up many accounts on these services is a bore, thus managing spam.<p>If the sign-up process was as difficult for the small services as it is with Google or Facebook, users would give up. But users already have Google/FB accounts or know it's worth it to have one, so they don't mind the process for Google/FB.<p>For now, there's no accepted standard identity mechanism attaching to ETH wallets. It's not a trivial problem either. If while reading this you just had some idea how to quickly solve it, chances are someone had it before and it's vulnerable to either centralized control or user abuse. ENS might work at deterring spam but it's way too restrictive for now.
I think a big advantage of current SSO systems as opposed to cryptowallet systems is that they usually come with a verified way to contact the user.<p>On the other hand, cryptowallet based sign in systems generally don't give you a verified way to contact the user, but they do allow you to see if the user has put money behind this identity. That could be an interesting way to reduce sybil attacks. Having an email address does not mean much in terms of level of buy in to a particular identity (and that, much more than 'real names' is key for managing behaviour).
Related thread:<p><i>“The Ethereum community has accidentally solved a major problem of the Internet</i> - <a href="https://news.ycombinator.com/item?id=27473889" rel="nofollow">https://news.ycombinator.com/item?id=27473889</a> - June 2021 (14 comments)
This has already been solved, its called Public-key cryptography. Ethereum gave everyone a key, but usability issues have stifled making that useful offchain. ENS isn't needed.
I’ve been trying to follow cryptocurrency conversations online… it’s amazing how much pumping and noise there is in every forum, Twitter thread, etc. Where are the real conversations happening?