Identity (in any meaningful sense) must always delegate trust to some kind of issuing authority. If for no other reason than because any humane system must always accommodate users who forget their passwords, lose their private keys, etc. Key-pairs are ephemeral device tokens, they are not sources of identity.
KYC is in no way any kind of problem that needs to be fixed, it's a necessary and Actually Good feature of any sufficiently broad financial system. Avoiding KYC-type stuff may make sense in the small, but is actively harmful in the large.
More important, I think, is that the issuing authority is also legally obliged to actually give a shit, or else you just get a repeat of the current state of affairs where, for example, forced 2FA and no customer support means homeless people get locked out of all their accounts every time a device fails or is stolen.
Yes, and if there's any easy way to recover from that, then implicitly the identity system can't be used to prevent Sybil attacks/spam, since it would be easy to make a new account when you didn't lose your keys too.
But the article suggests that relying on government issued IDs as a base lets government track all that we do. That's not the case, and is the point with all these systems. It should be possible for instance, using cryptography, to make a distributed chat room service where it's public who has signed up for a chat room, but not who of the posters in it are who.
To be able to selectively prove your identity, including connection to the government-accountable you, without directly involving the government or even anything licensed by the government, would make us more free online, not less.
> Key-pairs are ephemeral device tokens, they are not sources of identity.
If you take "identity" to mean "the same thing", then you can certainly use a key-pair to show that two documents were signed by the same signing key. Of course, the owner could have lost control of their private key, but that could happen to government-issued ID as well.
If you want "identity" to mean "official persona", then there can only be one of those per person, which means government-issued. I think government ID should only be used for interacting with government; online purchases shouldn't rely on government ID.
Banking is awkward. To get a bank account, you usually have to produce government ID. But then the bank issues you with a bank-issued ID, which is effectively just a proxy for your government ID. It's weird because banks are not part of government, but they have quasi-governmental obligations, e.g. KYC. Even government departments do this; to sign up for self-assessment with HMRC, I have to prove I am who I say I am with government ID; but then HMRC issues me with an HMRC ID. That is nuts.
I want to be able to have multiple IDs that are not linked. I shouldn't have to give government ID to make an online purchase. And I shouldn't have to risk exposing my purchase history when I sign a post to an online forum. It's perfectly legal (here, at least) to have multiple real names; for example, I mainly go by my nickname, which doesn't appear on any official document. Online identity should mirror that.
> I want to be able to have multiple IDs that are not linked. I shouldn't have to give government ID to make an online purchase
But how will your benevolent rulers be able to socially gamify your behaviour and direct who gets to interact and mate with you? If social credit systems are to work, we need KYC and centralized ID.
> If social credit systems are to work, we need KYC and centralized ID.
I think we need KYC. That doesn't mean centralized ID. As far as social credit systems is concerned, I take it you are being humorous, but I don't think there's much that's amusing about "social credit".
> If you want "identity" to mean "official persona"
Well, I want identity to mean me as a human being.
> I want to be able to have multiple IDs that are not linked.
Fine, but realize that statistically zero other people want this feature in, well, anything. No system which expects to serve more than a statistically zero percent slice of humanity can define identity in this way.
The second part of your post seems to contradict the first part, if it's not linked to the government ID how can anyone know if it's the bonafide original and unique persona? And not some duplicate?
If you take "the bonafide original" to mean the government-issued ID, then obviously only the government-issued ID is boner-fido. But there's no reason why that should be my only ID; I could, for example, generate my own keypair, and hire a notary public to attest that the holder of the keypair is (select any):
[] Good for ten-grand
[] Older than 18/21
[] The person shown in the accompanying (signed) photo
[] The author of xyz.blog
[] The same person as government-ID xxxxx
Only the last needs to be linked to a government ID, but all the others are authentic, bonafide attestations.
And such an ID would not be a duplicate of anything (not sure why you mentioned duplicates; passports, bus-passes and driving licences can all be duplicated).
> They could produce their 21-year-old younger sister, who has government ID (yeah, I know, that is a resort to government ID).
1. How would you verify that's actually their relative and not a friend or stranger?
2. How do you verify that they are in fact the older sibling and not just saying they are?
>Avoiding KYC-type stuff may make sense in the small, but is actively harmful in the large.
No, it's a trade-off. No KYC makes it possible for people to lose their identity, but it's also the only way to guarantee full privacy/anonymity, and to make it so the identify-provider doesn't have the power to de-platform anyone. Historically speaking, governments and corporations silencing dissidents has done far far more harm to humanity than people losing their accounts due to forgetfulness etc.
> No KYC ... [is] also the only way to guarantee full privacy/anonymity, and to make it so the identify-provider doesn't have the power to de-platform anyone
Full privacy and anonymity are not virtues. They are actively bad. A system that is fully anonymous always becomes dominated by malicious users. De-platforming is a necessary capability of any system that expects to be used by a non-trivial segment of humanity.
> Historically speaking, governments and corporations silencing dissidents has done far far more harm to humanity than people losing their accounts due to forgetfulness etc.
This isn't complicated. If I have an account with some money in it, and I lose my private key, then it cannot be the case that I lose access to that money. There must be some phone number I can call, or some person I can reach, which can restore my access to my money. This is a table-stakes property of any system that can ever expect to be used by more than a tiny niche of humanity.
Bureaucratic malfeasance, error, or just plain bad luck, can loose people their accounts, even with government not silencing them.
e.g. a fly landing on a sheet of paper, blocking the print head long enough to generate "Tuttle" from "Buttle", resulting in a long chain of violent events for some unassuming individual…
Any system that expects to be widely used must delegate trust to some singular and addressable authority, and that authority must be able to remove malicious users (and many other similar things). De-platforming is a feature, not a bug.
> KYC is in no way any kind of problem that needs to be fixed, it's a necessary and Actually Good feature of any sufficiently broad financial system.
I disagree with this because it breaks the notion of innocent until proven guilty that is the cornerstone of a fair justice system. If the bank has any suspicions about where you get your bags of money that you deposit daily, they can inform the police and the police, without questioning you about where you get your money from, must prove that you are doing something illegal.
KYC and all other legislation of the same kind put the burden of proof on you to prove you're a good citizen. And this is wrong on so many levels.
KYC is about establishing identity, not establishing innocence or guilt or goodness or badness. You don't get to participate in society anonymously. That's a feature, not a bug.
> Identity (in any meaningful sense) must always delegate trust to some kind of issuing authority. If for no other reason than because any humane system must always accommodate users who forget their passwords, lose their private keys, etc.
Web of trust protocols are a decades-long solved problem (albeit without a prevailing deployment yet). It seems like your comment is meant to be quietly denigrating toward them (or do I have that wrong?). May I ask why?
It seems like eventually a web of trust model is going to arise and win over a critical mass.
Even in a web of trust, you're delegating trust to someone that you treat as an authority. Especially in practice, where the long-term outcomes of webs of trust tend to be either (1) the scale is nowhere near sufficient due to the effort involved in verification, or (2) you end up de facto trusting some authorities who can provide that scale, at the cost of the identity verification being less meaningful. Sure, it might be easier to cut off or reroute trust if things go south, I don't see us reaching a critical mass for a significant scale any time soon.
> Web of trust protocols are a decades-long solved problem
Solved in a technical sense, maybe, but not in any meaningful sense. Statistically zero people use any web-of-trust based system for anything useful.
But we've already played this game, over the last couple of thousand years. That evolutionary process, however messy it may have been, has already produced a web of trust, to which we all delegate authority and responsibility. It's usually called "government".
Just to clarify: DIDs are not removed from the basic OIDC specs (at least yet!), they're just no longer being considered by the high assurance profiles and EU work as they were deemed unsatisfactory for a lot of reasons, including those OP criticizes (but also due to other basic things like citizens not being able to replace lost "documents" - normally keys - which is a must-have for any serious, widely used identity solution).
There's a link there where it says: "European Digital Identity Architecture and Reference Frameworklists OID4VCI, OID4VP and SIOPv2 as required for certain use-cases"
The basic specs still have DIDs and the w3c VC model, but they're moving away both of those, as it seems... notice how all links to other specs are currently to ISO specs instead:
"The following draft ISO standards reference:"
– draft ISO/IEC TS 23220-4 profiles OID4VP to present mdocs
– draft ISO/IEC TS 23220-3 profiles OID4VCI to issue mdocs
The initial page has a tab with links to the specs... here's a direct link to the main Verifiable Credentials spec (Editor's Draft with latest changes - this can be updated at any time still):
This spec still supports formats which require the use of DIDs, but none of these formats are being used by the financial-grade profiles or by the EU's initiatives anymore (the whole ebsi thing seems to be a dead end).
That basically means there will be two very separate worlds: one where DID, w3C and blockchain technologies are used, and another one where OAuth, OIDC, mdocs are used (the one favoured by the EU and financial profiles, e.g. the high-assurance interoperability profile says that keys must be resolved from OIDC well-known metadata endpoints: https://openid.net/specs/openid4vc-high-assurance-interopera...).
KYC is in no way any kind of problem that needs to be fixed, it's a necessary and Actually Good feature of any sufficiently broad financial system. Avoiding KYC-type stuff may make sense in the small, but is actively harmful in the large.