[hem777]

I personally don’t want to use a domain name for everything. I want all my identities to be unique, I want an infinite number of them, that I can change between multiple ones per service and that they’re not connected to each other unless I specifically say so, and they should be fully free and permission less for me to create.

Public/private keys have or enable all those properties.

While there a many problems with how domains work today as a public goods system, domain names as identities is infinitely better than what we have now, but I think we can have it much better and domain names are one step in that self-sovereign ownership.

[georgyo]

I think you missed the part when the original username was a subdomain of bluesky. There will be a great many anonymous registration services I'm sure. And things like afraid.org make that number of possible domains you can use anonymously a truly massive number.

The problem with pub/priv keys as user identities is discoverability and validation. How do I find your key? How do I prove this key is actually yours? Sure they are anonymous, but that isn't a desirable property if you are an established public figure.

[hem777]

Most of us are not established public figures and many of us, I’m sure, want to keep it that way.

With keys, validation can happen in several ways: attestation by reputable orgs, reputation systems, off-band, 2FA, “Hi, I’m John”, etc etc. Discovery is also highly context dependent in that it can and should happen “in the app/system” (=whatever the context of the use case is, eg. you know me by pubkey 123, the tax office knows me by pubkey xyz).

“anonymous registration services” from the perspective of self-sovereign identity is by definition not anonymous :)

[georgyo]

To be clear, I understand the desire for truly anonymous services. But after two decades of experimenting and thinking of this problem. I don't think it is possible for an truly anonymous solution that is also ergonomic to use.

Things like briar exist, and for you use cases, existing tools might be enough. Briar is fantastic for communicating with people you know and willing to jump through some hoops be part of a community that is anonymous, secure, and provides lots of ways of making introductions and posts.

But there are reasons why Meta, Twitter, Linkedin and the like are well above any anonymous solution in terms of users.

- Identity (including pseudo identity of anonymous users) is established.

- Spam. There is ungodly amount of spammers out there, as email has shown. If you have played with nostr or scuttlebutt you would also see just how horrible the spam is.

- Account recovery, people are bad with passwords and storing secrets. Very bad. And even the most secure people can get exploited.

- Hosting your data is problematic. Who hosts data which may be illegal? When illegal data is flagged, how does it get purged? Merely being the transit for data is protected in the US, but physically hosting that data is not.

- The vast majority of people are unable to run a persistent service for their identity and content. Even if they are willing, they lack the means. You end up targeting a very small subset of people who are willing, able, and capable of running a service. And that service requires care and feeding. You might end up with millions of vulnerable instances.

- Scalability. No one has come remotely close to solving how one of these solutions would scale to billions of users. Or even tens of millions. DHTs become painfully slow and bloated. Even if a solution did start catching on, it would quickly then fail because the user experience would crater as it gains popularity.

I have become convinced that making an ergonomic briar is impossible without making some concessions.

Complaining that a new and unproven tool's chosen concessions are bad inhibits experimentation.

[hem777]

These are fantastic observations and I hope I’ll have time to get back to them in detail.

I can’t say there’s a simple solution to all of these, today, but my intuition and optimism says there’s a solution for all of these :)

[mox1]

The problem with infinite, easy to create identities leads to a well researched attack, known as a Sybil[1] attack.

If there isn't some type of cost or friction to creating identities, you will have a lot of bad behavior, full stop. This has been shown time and time again, so it's basically a non-starter. I don't want to be part of any social network that has this feature (infinite identities), its going to eventually turn to shit or require intense moderation (or both!)

1. https://en.wikipedia.org/wiki/Sybil_attack

[hem777]

I think this is true if the system is global or there’s model where Sybil resistance is “here everyone, have an access to write to the database”. In a system like HN there’s value in Sybil resistance. On your Twitter feed, almost none.

So I disagree this is a non-starter, because we didn’t find a solution in the past, but rather an ideal place to start and a great space to discover new Sybil resistance mechanisms (which we have over the recent years).

[ryan29]

Domain based identity also enables attestation which could be use to artificially add even more friction. Plus, since it's not constrained to a single platform, you could have 3rd parties that assess trust and reputation.