[dalke]

> great ideas in this, like selective disclosure

How will a centralized wallet used for everything solve the human factors problems?

We know there's a deep human factors issue here. Web sites and apps ask for permission seemingly all the time for as much as they can, and most people just agree, because they've learned that usually works.

Until it doesn't.

Here's a Fortune article of how BankID, a widely-used electronic ID in Sweden, is used in fraud, at https://fortune.com/europe/2024/06/21/why-going-cashless-has... :

"For Bagley, the fact that BankID is so commonplace is part of the problem. “It ends up not really being a security measure, but just another step in using a website,” she said. “You don’t really think twice about what the BankID app might say you are logging into.”"

You can blame Bagley for not double-checking the transfer before verifying, but she's not the only one. "Online fraud and digital crime in Sweden have surged, with criminals taking 1.2 billion kronor in 2023 through scams like the one Bagley fell for, doubling from 2021."

[davidy123]

User education, personal AI, responsible vendors will be part of the solution. Seamless and safe transactions are very much desirable, there is a whole world to build on once they're in place, so there is a lot of motivation to solve them, but the solution shouldn't come from a few vendors that have no real regard for the collective outside their customers.

[dalke]

So you think that selective disclosure isn't all that useful without all of the above?

Who will do the education? The banks? The schools? If the latter, what subjects will be removed from the curriculum?

Who will verify the AI is trained correctly? Who is liable of it is not? How will it be updated as new frauds are discovered?

Will the solution require everyone to buy new phones? How much more will be destroy the world?

[davidy123]

The same thing that did the education for people to learn a credit card or their smartphone, it's a mixture of banks, friends, work. It's a gradual thing, there's no need to remove curriculum.

I don't know what you're imagining as an alternative.

[dalke]

My question remains: to what extent is selective disclosure useful given the demonstrable human factors failures in existing selective disclosure systems?

User agreements are another example of failure. They give full disclosure, on a take-or-leave-it basis. Few people say no to GitHub when it means being blocked from participating in most software development projects.

Plus, very few actually read that full disclosure. I can guarantee you that most people do not come out of high school with sufficient training to read those agreements, much less immigrants like me who never received training in the Swedish legalese I am required to agree to use digital healthcare.

All these experiences tell me that a central personal information store as described will have exactly the same failures, and that selective disclosure will in practice be equally meaningless.

"Learn a credit card" is misdirection. We know from the number of people who declared bankruptcy due to credit card debt that they didn't all learn how to use it correctly, or had no alternative than taking on ruinous debt.

[davidy123]

I think this discussion is going in a few unhelpful directions. These "wallets" are not used for financial transactions, they're for credentials. They are an alternative to paper/plastic driver's licenses, proof of majority, etc. Selective disclosure is a specific thing, it's not relevant to compare it to "full disclosure." If you must compare, it is much easier to understand what it means to use a very fine grained proof ("the person in this picture is over 21") compared to handing over many personal details on a typical physical ID (full name, exact birth date, medical conditions, address, country of birth, etc).

People going bankrupt through credit abuse is a separate issue from learning how to technically use such instruments. Many know how to "properly" use it, but have a weakness where the only solution may be to impose limitations. Many others are taken in by misleading tactics. Fine grained digital approaches can help those situations.

It is partially how you look at it. I want information systems to become coherent á la the semantic web, but in a specifically user-specific way (which is one of the ideas of Solid). I think that well defined digital credentials are an opportunity to give people a better view of the information they hold, and to enable ways to make issuers more accountable with a fine grained approach; eg evaluable axioms per credential fashioned after "law as code" approaches. This could be connected to a neuro-symbolic AI so the user can discuss scenarios outside transactions. Especially with an increase in inter-related credentials, that will make it easier to manage and less of a separate world that some institutions and companies control, which I think is incredibly valuable. Some of these ideas aren't possible yet, but we aren't going to get there by continuing to produce grey goo systems.

While credit has harmed some people (which is regrettable and should be resolved) it has enabled the vast majority of users to build better lives past other forms of capital. With digital systems and well defined data, the user can walk through clear, directly relevant, and private scenarios of what their next action will yield, without any dependency on a particular provider. But only if there is a forceful move to coherent data.

[dalke]

> These "wallets" are not used for financial transactions, they're for credentials.

Which is why I gave other examples of the human factors issues, not just financial transactions: configurable cookie warnings, configurable app permissions, and user agreements.

> what it means to use a very fine grained proof

Except you know that bars, etc. are going to ask for more details, including full name, address etc. And they'll say it's needed to prevent known hooligans and troublemakers.

Will people stop going to the bars until the bars only request the minimum required information? No - or at least not more than people currently click off all the "I agree to this surveillance" buttons on a web page.

So people just accept, and enter. Then the bar asks for more, and more, and more, and people have been trained to just agree to everything, because they have very little power to say no.

I've already heard accounts of people who bring their passport instead of state id for the simple reason that it does not contain a scannable address. If it's expected that everyone always has the ability to provide any required information, simply saying no is hard.

> Fine grained digital approaches can help those situations.

"Can" is pulling a lot of weight. I can click off all the cookie trackers. The vast majority do not. Is that from an informed decision, or is that simply the easiest decision?

I can disable geolocation tracking on my browser, but then - oops! - the county web site showing me the upcoming vaccination times doesn't work because the site assumes everyone has geolocation turned on, and they never tested for someone who voluntarily disabled that option.

Build a system that expects coherent data, and you build a system where people get trained to provide anything which asked for, with poor support for those who opt-out.