No, absolutely no. Private keys as a form of identity are flawed because they can't be recovered if lost and can't be revoked if leaked. In the real world, as opposed to crypto dreams, both these capabilities are not "nice to have", they are hard requirements. People lose their passwords — something they can remember — all the damn time, yet you're suggesting to use something that has to be stored as a file, but must be kept secret but at the same time stored reliably. And it's not just for authentication, it's the identity itself.
Private keys as a form of identity can't possibly work in the real world.
And how pray tell will you authenticate with this numeric user id or username in the system? Is it like social security numbers where everyone just lets you input anything?
I have no idea how SSNs work as I'm not from the US. Usually you'd have a password. The username is for identity, the password is for authentication, possibly combined with additional factors.
Because you just said people lose their passwords all the time. So then what?
Unlike private keys they can also enter them in other sites, reuse them, and get phished and much more.
But yes, private keys bad! because they are cryptography and cryptography is crypto and crypto is scams and grift and there is a whole new cargo cult we have to be in now…
Passwords can be reset. There's always a manual override. For most online accounts, you can restore your access to them from absolute zero — i.e. when you find yourself naked on the other side of the world and your house has also burned down and you also forgot all your passwords. It'd take time and it won't be an easy process, but it is ultimately doable.
But if it's a private key, you lose it an it's game over. You have to create a new identity and start over with everything that was tied to your old one. Worse yet, if you leak your private key, you can't stop other people impersonating you.
Oh is it magic? How do you authenticate yourself enough to reset a password? It’s almost like, you need something else. Such as a device that stores a private key.
Also, everything you said about resetting passwords can be done for resetting private keys too. The difference is that you don’t go around reusing it and typing it into phishing sites.
And if you think getting access to an account where you are totally butt naked and forgot the password is normal, I have a million gmail users who would love your wisdom.
You have to spell your ID to people so they can contact you anyway and a number is the easiest to spell aloud when communicating to people from different countries because everybody (every language) calls the same letters a different way and almost nobody cares to study proper letter names as this is the most useless knowledge about a language otherwise.
> Send a QR code or a link that can be used only once.
I most often have to spell my contact details in a voice phone call because my primary job is to communicate to live people all over the world, not to code. Believe it or not but people actually call my office desk phone regularly (although I always prefer email if possible). Even in the IT sector (let alone administrative tasks, healthcare, utilities, etc), whenever you need a rack in a datacenter, new servers or whatever you often are meant to submit your phone number on their website and then they call you. Some very big Internet and datacenter operators don't advertise any ways to contact them other than by phone, some would publish an email or a contact form but ignore you until you call them.
> Why have an identifier that any number of people can use to contact you?
Well then you are a special case different than most. You might not need the privacy we’re talking about here. You’re giving out ways to contact you that, if abused, will result in irreparable spam to that account. But it’s just part of a job you do. So that’s fine.
Private keys as a form of identity can't possibly work in the real world.