As I said 48 days ago when this last came up on YC, the classic "Why your idea for stopping spam sucks" list applies.[1] Go re-read that and you'll see the same identity problems and proposed solutions.<p>If people can create and abandon identities cheaply. they will use those identities for annoyance or fraud. Hence spam, robocalls, etc. This is also why the "federated" social networks are not too useful.<p>On the other hand, publicly visible identities that are very strongly tied to a person or physical place lead to strong tracking and the abuses associated with that.<p>So, explain how "Web5" avoids those problems.<p>[1] <a href="https://craphound.com/spamsolutions.txt" rel="nofollow">https://craphound.com/spamsolutions.txt</a>
The digital identity infrastructure space is already crowded, with players like Apple, Google and Microsoft working with governments and institutions, because they own the devices we use, and the entire point is that people will be able to use their phones to identify themselves everywhere. Apple ID is already like 90% there, despite having to trust Apple with your personal data, which nobody has a problem with. The Web3 approach of having to trust nobody is not really practical to begin with. Blockchains are slow and expensive. Worst yet it's still up to you to verify the client and whether it's connected to the authoritative version of the blockchain, since blockchains can be replaced by a fork. At that point you might as well trust Apple.
Blockchain. It's always blockchain. Can we just not?<p>How about we go back to web 1.0. TLS mutual cert auth with an ID card as a smart card, either from the government or from your favourite third party.<p>Or maybe we go back to web 2.0 with OpenID. Users pick their own identity providers and websites can pick which ones to trust and which ones not to trust. Actually, we already have that, and it's "sign in with Google/Facebook/Apple".<p>If you're a fan of stuffing Javascript everywhere you can, just use FIDO2/WebAuthn before or after validating the user through OAuth.<p>Solutions exist. Nobody wants to implement them, it seems. Inventing new ways to do what has been done before doesn't solve the problem, it just creates more dead protocols.
Are blockchain people physically incapable of speaking plainly?<p>Its hard to cut theough the buzzword bullshit, but this sounds like they reinvented PKI and added 10 billion layers of indirection.<p>Is there more to it than that? Or is this really just taking the latest technogies of the 1990s, and explaining it badly so people think they have invented something new?
I like the idea that at least in web5, the term "wallet" might actually make sense, because the credentials or whatever actually "live" on your own device/node.<p>Web3 should really use "signet" rather than "wallet." Web3 is all about signing, attestation, and authentication through digital signatures. That's what signets are for, not wallets.<p>Coinkite recently switched to the term "signing device," but 1) that's lame, and 2) "signet" already exists and means the same thing.<p>At least with web5, the wallet analogy works.
For the "Learning resources" section, I would also recommend checking ION¹. I have tested a few DID Methods including Sovrin, Veres One, and ION, and the latter is the most spec-adherent and well-implemented, apart from receiving funding from companies like Microsoft and TBD (which is proposing web5 in the first place). And yes, it is the only DID Method to receive support from big tech (was incubated within Microsoft, then donated to the Decentralized Identity Foundation), and it also happens to be a technically better solution.<p>Why I think it is better: (1) don't need a new blockchain (re-uses Bitcoin's); and (2) implements DIDs / DID Documents with all needed features (e.g. last time I tried, Sovrin's implementation did not support serviceEndpoints!)<p>¹ <a href="https://identity.foundation/ion/" rel="nofollow">https://identity.foundation/ion/</a><p>² <a href="https://www.coindesk.com/markets/2021/03/25/microsofts-ion-digital-id-network-is-live-on-bitcoin/" rel="nofollow">https://www.coindesk.com/markets/2021/03/25/microsofts-ion-d...</a>
DIDs recently became a web2 standard [1] that's also embraced in web3 e.g. by Cardano / Atala Prism [2].<p>[1] <a href="https://www.w3.org/TR/did-core/" rel="nofollow">https://www.w3.org/TR/did-core/</a><p>[2] <a href="https://atalaprism.io/" rel="nofollow">https://atalaprism.io/</a>
Two weeks ago I was part of a small group that met at IPFS Thing in Iceland. One very promising specification missing from this article is UCAN (from Fission) which provides a set of custom claims that can be added to a JWT to allow delegation of privileges in a decentralized environment. Definitely worth a look!
Thanks, I hate it.<p>Web2 is not perfect but all the complexity brought by web>2 is just not worth the bits it’s written in.<p>Make something simple and easy to use and understand, dammit. I don’t want my mum to call me because her identity provider for Instagram is down.
The article completely misses the mark in creating some weird narrative about 'web3 turning into web5', all seemingly based on a wordplay announcement by Dorsey, thereby giving that project a lot of undue credibility.<p>In reality, many of the good projects and people referenced at the end of the article have been working for years without any notion that their projects are sprung out of some hyped but underspecified 'web3' technology.<p>Dorsey's 'web5' clamor is mostly about (barely [1]) implementing some existing technology and then writing a bit of slideware around it [2], which proposes to magically "allow individuals, organizations, and companies
to publish credentials anyone can discover and independently verify" while not spending any thought on how such a PKI would be ("independently") governed without centralizing everything back again – an all too common failure mode of 'web3' [3].<p>Meanwhile, both Dorsey's slideware [4] and the actual specifications referenced [5][6] make bad technological choices with regard to privacy where users have stable identifiers (their public keys) which must be published, allowing them to be easily tracked across transactions.<p>While this can be used as a building block, no material on the 'web5' website or the TBD54566975 Github repository (I guess it's some other wordplay) indicates that they even recognize this as a problem, let alone that they propose how to solve it.<p>This is no new problem however: Sovrin – which many people referenced in the OP have worked on or with – has published a commentary on this back in 2018 [7]. There's also a great talk by Christopher Allen if you need to refresh your memory about what you need to consider when designing identity systems [8].<p>Otherwise the OP can be a great introduction to identity, but please don't feed the magical hypetrain.<p>[1] <a href="https://github.com/TBD54566975/ssi-service#whats-supported" rel="nofollow">https://github.com/TBD54566975/ssi-service#whats-supported</a><p>[2] <a href="https://developer.tbd.website/docs/Decentralized%20Web%20Platform%20-%20Public.pdf" rel="nofollow">https://developer.tbd.website/docs/Decentralized%20Web%20Pla...</a><p>[3] <a href="https://moxie.org/2022/01/07/web3-first-impressions.html" rel="nofollow">https://moxie.org/2022/01/07/web3-first-impressions.html</a><p>[4] See the diagram on page 9 of [2]<p>[5] <a href="https://identity.foundation/decentralized-web-node/spec/" rel="nofollow">https://identity.foundation/decentralized-web-node/spec/</a><p>[6] <a href="https://identity.foundation/ion/" rel="nofollow">https://identity.foundation/ion/</a><p>[7] <a href="https://sovrin.org/wp-content/uploads/2018/10/What-Goes-On-The-Ledger.pdf" rel="nofollow">https://sovrin.org/wp-content/uploads/2018/10/What-Goes-On-T...</a><p>[8] <a href="https://www.youtube.com/watch?v=JzM_Brpk95E&t=1574s" rel="nofollow">https://www.youtube.com/watch?v=JzM_Brpk95E&t=1574s</a>