[noman-land]

There's a lot to say but one of the big ones for me is normalizing the use of public key crypto for identity management.

Now anyone can create a keypair offline and suddenly they have a way for people to interact with them and they don't have to run any of the infrastructure themselves.

I like that it inverts the concept of "self hosting" into "everybody hosting".

[hihihihi1234]

What problem does this solve? What's wrong with the way I currently do "identity management"?

[noman-land]

It solves a few problems as mentioned below.

Every single form of your identity right now is mediated by a third party.

Your email. Your Instagram. Your Twitter. Your phone number. Your bank account.

Not only that, but each one is independent of the other. That's 5 different accounts with 5 different providers. Each of them has a vast infrastructure and duplicate copy of everything about you and everything about everything else. Each one of them has an off switch to your identity that they can freely flip on a whim with no recourse available to you.

If you invert that and say that your identity is no longer mediated by any specific entity, or array of entities, it is mediated by a provably neutral public infrastructure that is completely opt in and costs only the amount that is proportional to your usage.

Now the identity resides with the user, not any third party, which means they have full control over it, without having to rely on any one entity that can fail or turn against you.

[dwaite]

> Your email. Your Instagram. Your Twitter. Your phone number. Your bank account.

These are identifiers, backed by accounts with credentials.

> If you invert that and say that your identity is no longer mediated by any specific entity, or array of entities, it is mediated by a provably neutral public infrastructure that is completely opt in and costs only the amount that is proportional to your usage.

What value does this have for your email provider? Instagram or Twitter? The phone company? The bank?

All of these companies provide value _through_ the identifier. Checking accounts and Credit cards issued by the bank. The phone number. Your handle on Instagram or Twitter.

Many of these need to have an idea of a real-world identity for regulatory reasons. For account recovery actions. For effective enforcement of abuse bans.

What about this off switch? Even if I show up with my own identifier - twitter can still refuse to post my messages. My bank could block access to my funds.

This vision seems to be able replacing these businesses with new businesses and new infrastructure.

[hihihihi1234]

So in this brave new world, if someone manages to steal a single piece of my data (my private key) then they can have unfettered access to my phone, bank, email and social media accounts? And none of those services have a customer support team who can restore my access and reverse the fraudulent transactions that were made in my name?

[NicoJuicy]

Your first sentence greatly exaggerates the content that follows. I don't see any actual problems with the latter.

I do see more problems with the "solutions" actually.

¯\_(ツ)_/¯

[anchpop]

It solves the problem of needing to make and remember a username/password on every site you use, it solves the problem of password hashes being leaked when a site gets compromised, it solves the problem of not being able to know that hihihihi1234 on hackernews is the same person as hihihihi1234 on lobste.rs, and it solves the problem of trying to make an account on a website only for your typical username to be taken already

[Spivak]

How does me making an offline private key with the username Spivak fix the problem of someone else making their own key with the name Spivak? There is still a shared namespace of user ids. And if it’s fine that two keys have the same display name then you could just do what Discord does and do Spivak#42069.

There can still only be one twitch.tv/spivak.

[dwaite]

This doesn't require web3 though. We have Web Authentication already integrated into every browser.