1. 13
    1. 9

      This reminds me of my favorite talk I saw at strangeloop 2021: https://thestrangeloop.com/2021/prevent-phishing-and-impersonation-with-trust-loops.html

      The idea behind the talk is that people having “a” (singular) identity is a purely modern invention, and we might benefit from having our identities be a function of our relationships. So my rock climbing gym buddy doesn’t need to know my government identity and whatnot, I am just “Andrew Climbing Gym” in his contacts. The presenter made a chat app based on that idea, where you don’t even need to know someone’s phone number (necessarily a property of a singular identity) to message them; alternative P2P introduction methods are used.

      1. 2

        I agree, that sometimes multiple quasi-anonymous identities are better.

        But in the article above I advocate about the opposite – very stable, irrevocable email addresses (perhaps with any number of aliases), that are to be used where the user needs long-term stable and irrevocable email addresses, like for example for cloud providers (DNS, VPS, etc.) where they already know the identity of the person (or at least the one that pays the monthly bill).

        At the moment your email provider, Google for example, can at any moment and for any reason just terminate your email account, thus leaving you unable to authenticate with the rest of your digital life.

        1. 3

          Whilst I think the effort is misguided in its implementation, the W3C’s DID spec is intended to address this very problem.

        2. 2

          I get what you’re saying but your reply is still written in the language of people having one true identity of which others are simply derivations or obfuscations. I do think labeling “things your government and major financial institutions know about you” as “the” identity of a person is missing something important. Me qua “Andrew Climbing Gym” is as much my true identity as “Andrew Helwer, USCIS #123456789”. All these different identities should be separated, not derived from a single point of failure that makes phishing so effective & valuable to criminals.

          1. 1

            I think we, as technologists, always chase the “perfect solution” (be it anonymity, privacy, security, scalability, etc.) and think it would suit everybody, or that everybody searches for the same features. However, for many people having a way to recover their on-line presence is perhaps much more important than hiding from BigBrother.

            Let’s look at the current IT consumer landscape: it’s clear that Whatsup, Facebook, TikTok, Chrome, iOS and Android have clearly won the market, even-though they are personal data and tracking block-holes. The average consumer doesn’t care…

            As another example, last week I’ve asked the community for a simple text editor that supports out-of-the-box GnuPG encryption / decryption (without too much fuss); the answer of the community: summer crickets… Either Emacs plugins or complex GnuPG frontends. The end result: nobody uses PGP!

        3. 1

          As long as you don’t let your government try to do that (depending on your government) or you’ll get a disaster like https://en.wikipedia.org/wiki/De-Mail

          1. 2

            Reading the criticism page on Wikipedia, there are indeed many concerns, from privacy to legal implications.

            However, what I’ve proposed is sort of similar, sort of opposite, to what De-Mail is. Namely I want:

            • the government to provide one with one or multiple irrevocable email addresses, fully interoperable with the current SMTP deployments;
            • the law covering the above shouldn’t span more than this simple requirement: the government provides the user with an irrevocable email address; nothing more; the user is free to use it or not;

            The main advantage here is for regular folks, that get very easily locked out from their on-line accounts because they have forgotten their email address password (thus account recovery or reset doesn’t usually work), or the email address they used to sign-up 10 years ago, no longer works due to various buys and mergers.

            (I have family members that have dealt with this, and for some time now, I’m the “password manager” for my immediate family members. If I happen to get hit by a bus, they’ll no undoubtedly have to start over in a few years.)

            1. 1

              While I agree with your assessment about how dangerous our reliance on private “identity providers” is, just imagine the catastrophic consequences of a world where your government runs critical IT infrastructure.

              1. Very rarely are government IT services run well (I know there are exceptions but I’d say it’s Pareto-abysmal)
              2. A single point of failure would be an irresistible target for all kinds of criminals. The possibilities for fraud, theft and extortion are endless.

              I believe we need diversity, standards, and legal accountability, and not authoritarian centralization.

              Edit: IT services

              1. 2

                just imagine the catastrophic consequences of a world where your government runs critical IT infrastructure.

                Well, governments already run critical IT infrastructure that they can’t seem to have a handle on (at least in my country, Romania):

                • there is a national health-care information system, that often has downtimes, making patients queue or revisit the pharmacy or the doctor at a later date;
                • there is the population and identity database (ID-cards, birth-certificates, driving-licenses, passports, etc.); only they know how secure all of this is;
                • there is the fiscal authority (equivalent to the IRS) that has data about all our taxes;
                • there is the public pension system that has data about all contributors;
                • and possibly countless other centralized databases, that most likely are wide open…

                So, running an email forwarding service, doesn’t pose much more risk than any of the above. And hopefully they would get it running right, as it’s orders of magnitude simpler than any of the other services…

    2. 2

      Can anyone recommend a good retrospective on what happened to OpenID? Seems like that was an attempt to address this type of problem, but it never took off. Google, FB, Github, etc. branded their own versions instead. What was the problem? Technical shortcomings? Economic misalignment? Branding?

      1. 4

        Economic misalignment would be the euphemism. The data collecting companies realized it would be pretty valuable to have a record of who was logging in to what sites when, so became oidc providers and disallowed logging in to themselves with openID (or each others’ oidc tokens).

      2. 4

        Like several other popular technologies of the era is suffered a Second System collapse. OpenID2 was widely deployed, then most of the same players started deployed OAuth2 for other purposes, people realised these protocols had a large overlap in tech (if not in purpose) and worked to create OIDC. While waiting for OIDC, OpenID2 ecosystem collapsed since no point in supporting the “old way” and we were left with just OAuth2 + proprietary login extensions, which is still what we use today.

      3. 1

        Also, there is the availability issue, exactly as I’ve described in this article.

        What happens if the ID provider decides to delete your account? With email-based systems, while you remember your password (and provided the other service provider doesn’t want you to verify your email address on each login), you still have a chance to log-in and switch to a different email address.

        With OpenID, OAuth, SAML, etc. you aren’t that lucky. In one go, your ID provider can disable your entire on-line presence.

        1. 3

          But if “identity provider” emerged as a more widespread concept for a service, it could be made illegal for identity providers to delete your account in the way you’ve described. A law could say that a identity provider could decline to continue to provide service, but must provide a method for discontinued users to transfer their identity to a different provider.

          1. 4

            I think this is the solution to OP’s problem statement. It should be illegal to cut off someone’s access to their email account without recourse. For example, I can imagine that if you’re in bad standing, the provider can cut off outgoing email, but still let you log in and receive emails. This type of law would be much better at de-incentivizing digital de-personing than giving your government central power over your email. To say nothing of the privacy implications of that!

          2. 2

            Which law? A US law? For US citizens? Just like the US constitutional rights apply only to the US citizens, and the rest of the world has exactly zero rights with any US-based company?

            But setting politics aside, because I bet the EU has the same approach, let alone China or Russia, such a law would be practically meaningless for the global community. A law can cover only that country’s companies and that country’s people; it can’t cover other countries citizens. Moreover, I think a law can only be applied on that country’s “land”. The internet doesn’t have a geographical position on the map.

            The only body that could perhaps come with such a law is the UN, but even reading the human rights charter it’s full of exceptions like (paraphrasing) “unless it’s against a local law”.

            1. 3

              Well, the GDPR is technically only applicable to legal persons that gather the data of European citizens, but due to difficulty of implementation the rest of us not infrequently also receive GDPR protections. So even one major jurisdiction implementing such a law would have effects on the entire internet.

              Your original post also advocates government action, I don’t understand why you are here so averse to it.

              1. 2

                Your original post also advocates government action, I don’t understand why you are here so averse to it.

                In my article I advocate that each government provides its own citizens, as public service, the email forwarding service. Which is completely different to governments mandating by law requirements from private companies.

                The differences are mainly the following:

                • because the government provides something to its own citizens (and others that are assimilated to citizens), it can’t (like the US is doing with foreigners) just trample over other people rights;
                • because most governments are democratic (at least in theory), and because citizens support them through paying taxes, we could (at least in theory) hold them accountable (especially through voting) if they go amok; (which can’t be said about businesses;)
                • because is most civilized countries there are laws mandating the governments (and other institutions) to answer to queries (at least in theory), in the US these are FOIA requests, we could (at least in theory) audit what the government is actually doing; (which can’t be said about businesses;)
                • because in the end, if one needs to resort to any legal recourse, it’s more practical to do it in your country, than in some far away land;
                • because a country can’t just pack its loot, and abandon a particular market;

                My main point is this: our current judicial system seems to be bound to the borders where both the business and the client is; if one or both are from different jurisdictions things get murky; also the government can’t hide behind “freedom of association” or “economic opportunity”.