Is “acceptably non-dystopian” self-sovereign identity even possible?

The problem I have with blockchain enthusiasts, after talking with them about their philosophy, is that they seem to consider trust a bug, and believe that ideal world is achievable with straitjackets of technical solutions that eliminate trust.<p>Trust is a feature, not a bug. If trust is violated by rogue agents, it is because they exist[0], not because trust itself is a folly.<p>However, blockchain-adjacent initiatives seem to suggest a future where we implicitly label[1] every human as motivated to hurt another by making all aspects of their activities subject to verification checks.<p>In addition to strong dystopian vibes, won’t this act of labeling everyone as potential threat actually be instrumental in bringing this motivation to everyone, making it a self-fulfilling prophecy? Aren’t we sort of codifying malicious intent, instead of trying to remove it from the equation? Whom would this serve?<p>There is place for verification in the interim, such as maintaining security of your home, but if we are looking ahead (as blockchain enthusiasts do) we should strive for a future where humans are not motivated to hurt other humans. Not treating it as some sort of default is a good start.<p>[0] Their core motivation to benefit at others’ expense is to me indicative of mental health issues, possibly caused by insecurity and upbringing trauma.<p>[1] <a href="https:&#x2F;&#x2F;en.m.wikipedia.org&#x2F;wiki&#x2F;Labeling_theory" rel="nofollow">https:&#x2F;&#x2F;en.m.wikipedia.org&#x2F;wiki&#x2F;Labeling_theory</a>

This is a thoughtful treatment of some of the issues. I worked on digital identity in govt, and sovereign identity is considered seriously there. The concepts in the article force the question of what things like security, dystopian, and scalable mean, among others.<p>If I were to articulate the gap in perspectives, it would be that it is between the engineering view of solving problems (e.g. Vitalik&#x27;s &quot;soul bound tokens&quot;) and managing them - that is, to extract value from a dynamic, in the case of existing legacy paper&#x2F;card identity schemes today.<p>Arguably, in a society, all value is created from risk, where someone takes on the risk of an outcome and someone pays them to hold it while reaping the benefits of whatever thing has exposure to the failure. It&#x27;s imperfect on purpose, as it allows for flexibilty and non-binary failure modes, and it lets people manage (or extract value) from the shifting risk, where the result is an Economy. When you just solve a problem - let&#x27;s say we had these perfect soul based tokens, where there was no ambiguity or repudiation for anything, you are depriving people of the very thing we have evolved to be good at, which is judge and collaborate to trade in risks. It&#x27;s not desirable precisely because instinctually people get they don&#x27;t want to become solved problems and known quantities.<p>Digital identity is a very nuanced power struggle going on in the background within government and industry, as identity is the substrate to a certain type of economy, and who wouldn&#x27;t want to be the controller of that? The better case is having ephemeral identities and just price in insurance to transactions, much like interest rates on credit, but less centralized, and with more exposure to volatility of real life - just like other crypto solutions.<p>The people writing about this stuff in the crypto community are still sounding out some things for the first time, but just because they are doing so doesn&#x27;t mean they are the first to consider them. When I worked on an actual govt digital identity and currency product, I pissed off the execs because I said their design didn&#x27;t pass &quot;the hookers and blow test,&quot; which is that if you can&#x27;t use the payment and identity scheme for grey market transactions, nobody is going to adopt it. Not because they are vice ridden manaics, but because the human animal knows when it is in captivity and it will find ways to resist it.<p>This is the same reason that central bank digital currencies are going to be an economically inferior good, and create dangerous black markets that produce the dystopian corruption that idealists seem to be trying to avoid, as 1&#x2F;3 of people just aren&#x27;t going to trust them. Sure, you can impose the schemes, but if you have ever spent time in an authoritarian regime, you know that the culture is completely debased and anything-goes behind closed doors becase the rules themselves are arbitrary and selectively enforced, because the arbitrariness creates a sense of illigitimacy where there is nothing to trust or believe.<p>The stupidity of technocracies is illigitimate, and it breeds contempt and corruption. This may seem meta compared to the implementation details of some nerdy key management protocol, but I&#x27;d argue if you haven&#x27;t thought these other parts through, crypto really is just some naive kids building a bike shed to fill with shaved yaks and thinking they&#x27;re reinventing democracy and freedom.

This is a great write-up for introducing some of these concepts.<p>For those who want to go deeper, highly recommend reading up more on<p>DIDs <a href="https:&#x2F;&#x2F;w3c.github.io&#x2F;did-use-cases&#x2F;" rel="nofollow">https:&#x2F;&#x2F;w3c.github.io&#x2F;did-use-cases&#x2F;</a> Verifiable Credentials: <a href="https:&#x2F;&#x2F;www.w3.org&#x2F;TR&#x2F;vc-data-model&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.w3.org&#x2F;TR&#x2F;vc-data-model&#x2F;</a><p>Some people working in the space to follow: <a href="https:&#x2F;&#x2F;twitter.com&#x2F;kimdhamilton" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;kimdhamilton</a> <a href="https:&#x2F;&#x2F;twitter.com&#x2F;IdentityWoman" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;IdentityWoman</a> <a href="https:&#x2F;&#x2F;twitter.com&#x2F;ChristopherA" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;ChristopherA</a><p>Also highly recommend this paper by Fennie Wang and Primavera De Filippi: <a href="https:&#x2F;&#x2F;papers.ssrn.com&#x2F;sol3&#x2F;papers.cfm?abstract_id=3524367" rel="nofollow">https:&#x2F;&#x2F;papers.ssrn.com&#x2F;sol3&#x2F;papers.cfm?abstract_id=3524367</a> ( Self-Sovereign Identity in a Globalized World: Credentials-Based Identity Systems as a Driver for Economic Inclusion )<p>Self-sovereign identity has some great use cases, even if it does not solve Sybil attack problems. Further, being able to establish identity at all is still a major problem in many places in the world and a barrier to financial inclusion.

From a first read, the following problems I see in this critique:<p>- The trilemmas do not need to be <i>solved</i>. They just need to be acknowledged when you are designing your application so that people can understand the types of trade-offs being made. In cases where sybil-resistance is not a requirement, you can build a system that gives you privacy and decentralization. When sybil-resistance <i>is</i> required, you just need to think if you prefer a system that sacrifices privacy or if it sacrifices decentralization. <i>Depending on the use-case</i>, one might be preferred over the other.<p>- &quot;Security practices are hard, no one will do it properly, they will rather have some expert that can do it for them&quot;. Well, if you don&#x27;t want to deal with security hygiene, you delegate. Just like the <i>majority</i> of people will rightfully prefer to have a bank to manage <i>most</i> of their funds, one could still envision a future where service providers will act as a proxy to anything that requires &quot;your&quot; identity(ies).<p>In general, the thing that upsets me with all of anti-crypto&#x2F;anti-web3 people is that they fall into the <i>same</i> trap as the maxis: they start from this ridiculous notion that &quot;web3&quot; is about creating a Highlander solution (there can be only one!) and that this solution needs to satisfy all constraints, otherwise it rubbish and needs to be discarded. The important thing by having decentralized identities (and decentralized technology in general) is that it gives new <i>options</i> for whole new classes of applications that do not exist. No one is being forced to adopt a system just because it is now possible to do it on a blockchain, and we do not need to destroy the current systems if they work well - or at least if they work better than any alternative. There will be even plenty of cases where the status quo is totally fine.

Most of those ideas have been around before. See the classic &quot;Why your idea for stopping spam sucks&quot;.[1] It&#x27;s the same problem as email source addresses.<p>[1] <a href="https:&#x2F;&#x2F;craphound.com&#x2F;spamsolutions.txt" rel="nofollow">https:&#x2F;&#x2F;craphound.com&#x2F;spamsolutions.txt</a>

I think this article conflates too many different notions of identity together (which tbf, is because the bitcoin people the article is criticizing do the same thing).<p>Identity is one of those concepts that has a lot of parts to it, and you can do the individual parts sanely, but if you try to do everything all at once, its crazy.<p>As a example, my ssh key is an identity system. It works great in some contexts. Would i want my social insurance number attached to it? Obviously not, that is crazy. That doesn&#x27;t mean ssh keys are bad.

I am convinced that crypto&#x2F;blockchains are slowly and pointlessly re-encountering the same problems that existing centralised systems and agencies were setup to solve.<p>It’s as if we are all disregarding the centuries of evolution that has gone into creating what we already have today. Systems that, whilst sometimes flawed, for the most part enable us to live our daily lives freely and easily. Systems that already have means of verifying people when you need to make an important transaction and that already allow for trust and stability. As the essay mentions making people the agents of their own verification with documents that you’d have to backup forever would be an absolute nightmare.<p>There is a reason we have centralised systems and there is a reason we can’t escape them.

This is an excellent write-up, and I genuinely hope that the brain-cycles the web3 world is spending on this eventually benefit the rest of society.<p>I’ve been musing about a similar but more simple problem: how can we prove we are an individual human in the context of a web service. Think of this like the ultimate CAPTCHA where not only can you prove you are human but every person can do so at most once or, more pragmatically, O(once).<p>The closest thing we have in society today is Sign in with Apple, where you have a delegated identity provided by a company which has effectively put up a large portion of its brand value as collateral that it won’t be shady, for some definition of the term “be shady”. This is suboptimal for a number of reasons, not least of which is that they can be compelled by a government to divulge this data while (mostly) protecting their brand-value-collateral, and they can be selective in what types of services are allowed to use this system.<p>I’m hopeful some of the non-charlatan web3 folks can come up with some sort of scheme where a trusted entity (a government or a civil rights oriented NGO) can participate in a cryptographic handshake with an end user and a service where at the end the service receives a unique identifier for that user which can not be used to associate that user across services, or divulge to the trusted entity which services a particular individual is using. This wouldn’t fully solve the “can I give this person a loan” problem, but would make many things on the web much better (most bots pretending to be human would become cost prohibitive). I also feel like trustworthiness attestation can be incrementally built on such a system (if such a system is possible).

(Disclaimer: I wrote this response before I realized this was a link; I thought it one of those, &quot;Ask HN&quot; questions so I replied in turn. Upon reading the article I think comment still has relevancy.)<p>No. Give up illusions like your rights exist in some vacuous transcendental place outside of other people and society. Read, &quot;Leviathan&quot; by Thomas Hobbes or if you really want to get the, &quot;tarian&quot; washed out of your soul dig into Rousseau&#x27;s, &quot;the Social Contract.&quot;<p>I will state this over and over: &quot;The Divine Right of Individuals&quot; is a myth rooted in how the United States&#x27; constitution is worded. God isn&#x27;t real and he can&#x27;t give you rights and claiming in a court of law (made up of people) where evidence is of the highest concern, &quot;God gave me rights and I&#x27;m a sovereign unto myself do to certain unalienable rights which I cannot obviously or readily demonstrate without making an appeal to hundreds of years of political development&quot; doesn&#x27;t seem a compelling enough reason for society to release a suspected criminal or the like.<p>Meta: The fundamental fallacy with crypto is that it ignores that the vitality of, &quot;currencies&quot; is quite like the vitality of languages vs their counterparts, dialects-- What makes distincts a dialect from a language? Borders and armies. It&#x27;s a tough pill to swallow that the world is kind of fundamentally based on violence but once you get past what is sometimes referred to as, &quot;Democratic Peace Theory&quot; and have a sense of history (start with Thucydides) it becomes very hard to take the idea of cryptocurrency seriously. Digital payments have practical value. I think that&#x27;s about the extent of it. Trustlessness is a character defect and a social mallady and it doesn&#x27;t surprise me nerds see this as forward movement.

Much of the problem with crypto-skepticism is that basically every problem it raises is true.<p>The argument is effectively boiled down to “here are a bunch of people working on very hard problems. Hard problems are hard, and therefore crypto won’t work”.<p>If you were to replace the word crypto with “computers” or “space travel”, most folks here would push back, saying that “yes these are hard problems, but there’s a lot of people working on it, and there’s lots of different solutions in many different directions.” And that would be a perfectly reasonable counter.<p>Most pro-crypto and anti-crypto have attached their identity to liking or dislike crypto.<p>If you disagree, ask yourself if, upon meeting someone who likes crypto, your brain naturally likes or dislikes the person. If you see someone talk about crypto in a positive light on the internet, do you instinctively upvote or downvote them?<p>This identity makes it very hard to make rational predictions about crypto. It’s too easy to weigh the same evidence in favor of crypto if you like crypto, or against crypto if you don’t like crypto.<p>Since most folks on HN dislike crypto, you may want to ask “what evidence would cause me to think crypto would work? What evidence would cause me to think it was good? Say crypto worked in 20 years, what would now like?”<p>If, when you’re attempting to answer those questions, your brain instead starts to answer the opposite questions (ex: “here is why crypto can’t possibly work”), then you know you’ve been trapped by the soldier mindset, and are not thinking rationally.<p>If your mind draws a blank or thinks “there is no evidence that crypto will work”, then either you are living in a bubble, your brain refuses to see information counter to your prior, or you have to figure out what makes you more able to understand the situation.

How can identity be self-sovereign?<p>In the end, it boils down to everyone just asking to see the passport or some other government ID, or a proxy for that (credit card, library card, employee card).

Hi Molly, great article.<p>I was just thinking about the CAP theorem again a few days ago and the trilemma you describe here, interestingly, feels quite related.<p>As for what I personally consider to be the heart of the problem, I believe proof of personship (or whatever a soul is) is an unsolvable problem in the most rigorous sense. This is one reason why we have government. The issue isn&#x27;t that government exists, it&#x27;s that we cannot trust them, nor control them effectively. Still, a local government is much better positioned to prove my identity than some nebulous algorithm. Even the crazy Orb people knew this, and took to physically scanning retinas as you mention. We just need to build trust locally again somehow.<p>Of course, people move and trust must be (re)bootstrapped. This is the root of the heart of the problem if you will; and a problem I cannot see concrete solutions to that don&#x27;t approximate the existing systems. Here in MA, I have to both pay to get an ID, and provide various information to verify my address and initiate background checks, etc. This is all worth something, no?<p>So why not have local governments provide this verification service...? Well, there&#x27;s another complicating factor. The higher the value of a secret (i.e. identity proof), the less one should use it, or the more careful one should be with it. If I&#x27;m asked to give out my SSN to log into some new video game, I might stop and think twice. Whereas, providing my SSN to apply for a loan from a trustworthy financial institution is pretty commonplace.<p>Finnaly, on data stewardship. Why not have companies like Apple and Google selling HomePods which act as local clouds which store, sync, and replicate encrypted data as requested by the user? Give me a static IPv6 and a decent authenticated tunnel into my LAN and I&#x27;m good to go! I choose what files go up to iCloud.com, I choose where 3rd party services point to for authentication credentials, and I decide when I want to delete and invalidate things!<p>Anyway, thanks for the thought provocation. &lt;&#x2F;rant&gt;

This is not quite true that &quot;considerations of ethics, user safety, privacy, security, how can this be used for evil, and is this even good for society often come as a belated afterthought&quot;. Referencing only recent popular articles in mass media does not paint the whole picture.<p>The very concept of SSI was motivated by ethical concerns: <a href="https:&#x2F;&#x2F;www.moxytongue.com&#x2F;2016&#x2F;02&#x2F;self-sovereign-identity.html" rel="nofollow">https:&#x2F;&#x2F;www.moxytongue.com&#x2F;2016&#x2F;02&#x2F;self-sovereign-identity.h...</a><p>There is a field of academic research on ethics of SSI: [1] <a href="https:&#x2F;&#x2F;link.springer.com&#x2F;article&#x2F;10.1007&#x2F;s10676-020-09563-x" rel="nofollow">https:&#x2F;&#x2F;link.springer.com&#x2F;article&#x2F;10.1007&#x2F;s10676-020-09563-x</a> [2] <a href="https:&#x2F;&#x2F;www.frontiersin.org&#x2F;articles&#x2F;10.3389&#x2F;fbloc.2020.00015&#x2F;full" rel="nofollow">https:&#x2F;&#x2F;www.frontiersin.org&#x2F;articles&#x2F;10.3389&#x2F;fbloc.2020.0001...</a><p>And there is a great deal of awareness regarding these issues in industry <a href="https:&#x2F;&#x2F;www.coindesk.com&#x2F;policy&#x2F;2021&#x2F;04&#x2F;26&#x2F;self-sovereign-identity-5-years-on&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.coindesk.com&#x2F;policy&#x2F;2021&#x2F;04&#x2F;26&#x2F;self-sovereign-id...</a> (yes including core Ethereum developers community).

This seems to trying to pin down the &quot;problem of identity&quot; (how to ensure people maintain a stable identity over a digital realm)<p>I think it&#x27;s important to be clear about why this is important, depending on the use case (votes, currency, etc) there may be a different reasons why it&#x27;s important that one identity follows one person.<p>In the case of currency, the reason behind needing stable identity has to do with double spending.<p>But I have a toy scenario that I like to play around with, consider a cryptocurrency such that anybody can emit tokens (credits) however they deem appropriate, in this case the necessity of a stable identity is clear, the person needs to be able to answer for their emited tokens. If people can just shed the token-emitting-identity, then they cannot be held accountable (forced to answer) for their emitted tokens and the entire construction is useless.<p>However, for the case of votes and other group-concensus schemes, the scenarios are sufficiently different that I&#x27;m not sure if it&#x27;e even worthwhile to try to come up with ONE answer to the identity &quot;problem&quot;

There are two interesting aspects of self-sovereign identity that are not worth hand-waiving away as dystopian:<p>- it provides identity tools that use standards that span across geographical and platform boundaries. this is a different form of “user account” than say an online Amazon or NYStateGov account. it is good to have an option on the web for auth and identity that is detached from any single corporate entity or jurisdiction.<p>- unlike most of the world’s current identity systems, many of the SSI systems can and are using novel cryptography, which can combine with privacy and encryption techniques such as hashing, private keys and zk-proofs. so instead of sending photos of your passport and drivers license all over the web, SSI allows you to sign a message on a public ledger, or send a zero knowledge proof that the other end can verify.<p>SSI doesn’t need to replace typical identity and web auth but it could be introduced as another option.

I suspect privacy is the most malleable point on the trilema.<p>You can&#x27;t compromise on security while still being usable.<p>You <i>can</i> compromise on decentralisation, and everything will work. Your gym, bank and employer already have you in a centralised identity system. Compromising on decentralisation fails the other way. There&#x27;s no way of holding the centralised body to <i>its</i> side of the compromise. If worldcoin controls identity, they&#x27;ll control downstream of identity too.<p>For actual solutions, I think it&#x27;s better to think of specifics applications. Once you get specific, there are often more options.<p>Take DAUS governance. Say you want to implement a voting system that requires identity for sybil resistance. Maybe it&#x27;s ok if voting requires a limited compromise on privacy. You expose just enough information to demonstrate eligibility, then vote. If privacy is more important that voting, you can maintain privacy instead.

&#x27;Username and Password&#x27; is &#x27;most&#x27; of &#x27;sovereign identity&#x27;.<p>&#x27;Proof of Personhood&#x27; is mostly only going to matter in a legal context, in which there will be some kind of state that recognizes that personhood. Even governments kind of screw that up though.<p>For the later we probably just need a slightly more advanced &#x27;Ministry of Information and Identity&#x27;. Like the passport office, but digital. And away you go.<p>This whole &#x27;decentralize everything&#x27; is a big of a canard. Useful though experiment, but not much more.<p>Also: &quot;Soulbound token&quot; make me cough up my coffee a little bit.

Short answer: No.<p>The desire to be &quot;identified&quot; incorporates the desire to be identified as &quot;Self sovereign,&quot; which is an appeal that only other people can fulfill. Your identity is sovereign thus depends on their collaboration in constructing and maintaining a space where such an identity is even possible. You cannot be self sovereign because the mandate to make that identification is not entirely reserved to yourself. Unless of course you impose it on others by force, in which case you&#x27;re no longer self sovereign but sovereign, period.

I feel like the &quot;Anonymity [is] central to the crypto world.&quot; ship sailed a long time ago. It was one of the original promises of Bitcoin but it is literally a public database.<p>It&#x27;s also possible that a society with more transparency regarding financial transactions is the better option long-term, but surrendering the dream of anonymity is a tough one for proponents.

&gt; Jack Dorsey just launched “Web5”, a buzzwordy project focused on decentralized identity<p>Woah, hold on, I thought we were still on &quot;Web3&quot;? Actually I&#x27;m not convinced that we&#x27;ve even moved past Web 2.0, since Web3 is still mostly just bullshit, scams, vaporware and monkey jpegs.<p>Did &quot;Web4&quot; get swallowed up by the same beast that made us skip IPv5?

Why is the techno-libertarian world so overwhelmingly obsessed with extreme individualism?<p>We are social creatures. We sacrifice individual needs because we gain massive security and social value in return.<p>We need a balance of the various ideologies, and not the extremism of any one ideology.<p>Fifty years of narcissistic, anti-social, &quot;Leave me the hell alone&quot; libertarianism is at the heart of the culture-rot collapse we are facing.<p>We need people on hackernews and Ridgewood elsewhere developing civic and social innovations that deepen our connections, not replacing them with with increasingly inauthentic, algorithmic, trustless, artificial substitutes.

DAO is Decentralized Autonomous Organizations - entities with no central leadership, for those of you like me who didn&#x27;t know.<p>And where, Oh where, are other good original thinkers, please? I don&#x27;t care about &quot;agree&quot; or &quot;disagree&quot; I just care about the #$?* thinking.

EU has already solved this problem 10+ years ago using electronic ID cards. You can transfer money, sign contracts etc with these. You have your private key on chip + PINs for 2nd factor auth. Why not build a block-chain on that tech?

Self-sovereign is such a great admiralty flag phrase<p>No, of course cryptocurrency doesn&#x27;t give you the powers of a nation state

I find it fascinating to watch as the crypto community gradually recapitulates the evolution of the existing financial regulation&#x2F;structure.<p>In this case, negative attestations are reimplementing liens &#x2F; UCC filings (for business loans) and credit reports (for individuals). But without any plausible consumer rights recourse, of course. (Like for example your right to have errors on your credit report fixed.)<p>It will be interesting to see if they can use zk-SNARKs to come up with a scheme that’s substantially better here.<p>Another corollary of this observation is that crypto will recapitulate the evolution of privacy legislation too. As the OP notes these systems are going to struggle to comply with deletion requests under GDPR. And while many would buy the premise that financial regulations are not helpful to the public (I don’t personally buy that), I think privacy legislation is much more popular and clearly a case of hard-won consumer protection.

No. As long as there is a mechanism for adding new identities to the system, (presumably you want this, because people can be born), people can disguise themselves as new people. This is not trivial to accomplish, but there&#x27;s no law of nature preventing you from growing a remote control infant should the need arise. It&#x27;s certainly impractical, but new people are legitimately allowed to enter the system, and there&#x27;s no way to establish that someone does <i>not</i> know something (in this case knowing something would be the RC baby actually being me, I know how to say goo goo ga ga, and you can&#x27;t prove I know more than that).<p>That&#x27;s obviously a silly example, but the point is that soulbinding isn&#x27;t a cryptographic primitive. There&#x27;s just no such thing. Not only is non-dystopian identity impossible, No amount of dystopia will change this. Even a totally authenticated system is vulnerable to the &quot;Add a new person that I control&quot; attack. It&#x27;s not current technology, but it&#x27;s also not science fiction, and in simple fact, a lesser version of this attack happens all the time. People who have more kids get more representation in government. I don&#x27;t think that we should <i>totally</i> ignore this effect, but it&#x27;s certainly useful to mostly ignore it.<p>Anyway, there is no way to establish a sophisticated adversary&#x27;s unique identity and also allow new identities to be created based on phenomena external to the system.

To the author: please define acronyms the first time you use them.

Molly White consistently writes concise and precise essays about problems in the crypto space that the crypto &quot;community&quot; consistently fail to address or even respond to in as concise and precise a manner.<p>Well, except &quot;it&#x27;s too early&quot; and &quot;these articles are wrong and a smear campaign&quot;.

I regret having wasted about 5 minutes reading this before scrolling through the rest<p>some surface knowledge, little to no expertise, further watered down by lots of musings nobody except those familiar with the guy who wrote it would really care to read in full