It's more about a fundamental design trade-off rather than removing accidental complexity coming from UX. Currently, most of us delegate the responsibility of identity management (other than memorizing id and password) to one of big-techs, presumably much better at this area than 99% of us. In the fully decentralized world, the burden of proof is now up to users. And they usually don't really care about the best practice for security, privacy and reliability. Technology may improve over time so the equation will get better, but I don't expect this dynamic to change that much.
On the other hand, however, the outcomes of a breach are vastly different. An individual who fails to secure their information is liable for only their information. If a "big-tech" is compromised, they are liable for everyone's information.
If users are still unwilling to run their own infra, then that seems like a great opportunity for Identity as a Service. I'd feel much more comfortable handing identity to a firm whose entire business model revolves around securing my information and protecting my privacy rather than a big-tech.
"I'd feel much more comfortable handing identity to a firm whose entire business model revolves around securing my information and protecting my privacy rather than a big-tech." - in order for that company to be rock solid, trusted by most of the world and with a proven track record of top notch security, would mean that the said company is a big-tech.
I would call okta, auth0 and iWelcome big-tech already, even if they're not FAANG-level big tech yet.
This is a great point that I hadn't thought of. Well said.
I'd rather, as a company, risk managing all of my users' identities (vulnerability to a data breach, mitigated by a well-trained security team) than trust my users to manage their own security well and inevitably deal with a mass amount of compromised accounts.
As a user, especially if I'm not technical, I'd have a strong bias towards handing my identity to a team that's spent years studying computer security. Managing my own identity would involve learning a lot about computer security. That would take a lot of time and I'd really have to care about it to do it "right". Regardless, I'd likely get a lot of things wrong, leading to my identity being more insecure than if I had just stored it with someone like Apple.
The UX isn't the most looming problem, but it's one that needs to be solved. My question is: How in the world would you convince people to use keys to verify their accounts to one unique, anonymous, identity, as the OP suggests? I just don't see it being something people would spend the time to do. Not to mention, getting to a "Login with Google" level of UX, available as universally as "Login with Google", would be extremely hard without a centralized authority.
The bigger problem is convincing people that it's worth switching. Apple is the closest to doing this with "sign in with Apple". "Sign in with Apple" hides your identity from the client site, the value prop is clear for the user, and the process as close to frictionless as possible. But the solution is still "centralized". Apple stores all of the information to make the system as frictionless as it is.
Yes, but that requires an economic model. UX is often well over 90% of the work for a product and usually includes a ton of work that is not much fun and people have to be paid to do.
Centralized has subscriptions, advertising, and "surveillance capitalism." Decentralized has nothing. I had some hope that cryptocurrency would provide some kind of mechanism, but cryptocurrency was taken over and destroyed by scammers and bad money drives out good.
The lack of an economic model is IMHO why decentralized solutions have not succeeded, not technical challenges.
One possibility would be to abandon the free as in beer part of open source ideology and go back to just charging for software, but licensing and payment add friction and it's very hard to compete with "free" options funded surreptitiously via surveillance.
BTW the fact that cryptocurrency was destroyed by scammers and criminals highlights a second huge issue: it seems to take the efficiency, executive ability, coordination, and direct human guidance of a centralized system to resist bad actors. This is why even the most democratic countries have mechanisms to phase shift into dictatorships during emergency or war. I have yet to see a decentralized system that became popular and was not instantly destroyed by black hats.
The model intentionally guards against data harvesting. I think that is great but unless users are willing to pay for that the existing "free but we collect data to manipulate you" will receive more capital.