Re: Web3 First Impressions by Moxie Marlinspike (was: Re: Ideals meet Implementations - Blockchains, NFTs, Decentralization, Oh My!)

Joe, every so often you post one of these insanely well articulated essays
and each time I beseech you to make it a blog post so I hand out the URL
every time I need to make this argument (yes, I know this message has a URL
in some W3C listserv but that's doesn't really do the trick).

If you do post it, please share the URL back with us.

Thanks so much for writing this.

=Drummond

On Thu, Jan 27, 2022 at 9:59 AM Joe Andrieu <joe@legreq.com> wrote:

> There are two huge misconceptions going on here, which are understandable,
> but make it harder for us to develop a shared understanding of both the
> problems and opportunities of this emerging technology.
>
> I'll tackle the easier one first:
>
> The fundamental difference between VCs and NFTs is that NFTs are designed
> for transferability, with protections against double spend. VCs are not.
> The root model of a VC is that it is a verifiable statement by a
> cryptographically deterministic author. It is not guaranteed to be unique
> nor is it expected to be transferable in any meaningful way. Trust me, I'm
> one of the editors of the use case document for that specification
> https://www.w3.org/TR/vc-use-cases/. Driver's licenses, diplomas,
> passports, certifications. These things are statements by a knowable
> authority about a specific subject. There is no notion of transferability
> of any of the rights or privileges associated with those statements. As
> digital objects, of course they can be copied and sent to someone else, but
> it doesn't transfer the statement to a new subject or anything like that.
> In fact, Verifiable Presentations were created as a mechanism to verify
> that the current presenter of a VC (called a Holder), has a specific
> relationship to the Subject of the VC, especially when Subject = Holder,
> e.g., when you present your own Driver's License to a police officer.
> That's all VCs do: enable verifiable statements by a knowable author.
>
> NFTs on the other hand are rivalrous digital goods. Period. They are
> unique and they have specific control structures that ensure a certain form
> of assurance about the current presumed owner. The transferability of
> control without fraudulent double spend is EVERYTHING to an NFT, just as it
> is to cryptocurrencies. Unlike other digital objects, merely copying the
> bits DOES NOT transfer the essential notion of control & ownership. The
> current fad of collectible NFTs is just the first grasps of a toddler
> trying to figure out how this fundamentally new thing works.
>
> VCs and NFTs are only similar in the sense that they both use cryptography
> to ensure specific notions of integrity. VC's ensure authenticity and
> timeliness. NFTs ensure transferability and provable control.
>
> My second issue is much deeper and more important.
>
> Moxie Marlinspike's fundamental observation is correct, but their
> conclusion is wrong. They assert that people don't want to run their own
> servers and THEREFORE systems that focus on the ability for people to run
> their own servers are fundamentally flawed. This is as dangerously
> unfounded as Mussolini's moral foundation of fascism: without power, policy
> doesn't matter and groups are more powerful than individuals, THEREFORE,
> individuals only have moral authority insofar as their actions align with
> the group, which in his case meant the state. Moxies's conclusions are
> equally as dangerous.
>
> I agree that people don't want to run their own server. I recently went
> through the trouble to host my own server in my house, with dynamic DNS and
> upgrading to a commercial plan (so I didn't get nastygrams from my ISP
> threatening cancellation). I am not a system administrator, but as a
> programmer, I figured it out. And it put me on the front-line of
> maintaining those systems, which turned out to be far more trouble that it
> was worth. We've since shifted all our servers to trusted service providers
> who handle that for me. It's totally worth the modest monthly fee. So, yes,
> I agree, people don't want to run their own servers.
>
> HOWEVER, It is the *option* to run our own servers that is fundamentally
> important here. The fact that I *could* do that meant that I can also
> change my service provider at any time. I just need a compatible platform
> and as a linux fan, there are plenty to chose from. When I don't have that
> option, we become beholden to the dominant, centralized service providers.
> This is the problem with Facebook. It *used* to be the problem with AOL and
> Compuserve, which was fixed with the World Wide Web's http and html
> standards. It was the problem with MCIMail and ATTMail, wich was fixed by
> SMTP, POP, and IMAP. In both cases, the very POSSIBILITY of self-hosting
> meant that those who wanted to make that investment would--and many large
> organizations LOVE their on-premise IT centers. It also meant that a
> plethora of alternatives could be offered by different service providers.
> That readily availability of email and web hosting services has
> dramatically democratized our digital infrastructure.
>
> We have seen this structural denial of ownership before and it is
> unacceptable in a free society. It wasn't until the 1970s that women had
> the legal right to apply for credit cards separate from their husbands. In
> eras before that, women couldn't even own property, making them
> fundamentally, structurally dependent on their fathers and husbands.  The
> feminist movement brought a stop to that oppression (and still has work
> ahead). Serfs and commoners of the feudal era could not own real property,
> based on nothing more than their lineage. The Enlightenment brought an end
> to that system of non-ownership. Pre-civil war, slaves in America could not
> own property. Post civil war, sharecroppers (often former slaves) were
> denied the ability to own their own land and instead became veritable
> surfs: slaves in all but name. Not to mention the actual It was also the
> foundation of the HUD-directed segregation policy in the United States that
> created red-line districts so that minorities were structurally unable to
> buy property in neighborhoods declared for "white people". The Civil Rights
> movement continues the hard work of reversing this systemic ingrained
> tyranny. The denial of ownership is, and always has been, a fundamental
> tool of oppression and exclusion. It doesn't matter that most people in big
> cities rent rather than own, what matters is that ANYONE *can* own and they
> can own ANYWHERE in the United States. That's freedom. Anything less than
> that is structural tyranny.
>
> I am willing to give Moxie the benefit of the doubt. I have no reason to
> believe they are intentionally propagating fundamentally fascist ideas or
> that they have some hidden fascist agenda. They seems smart and their
> argument is well presented without a call to fearmongering and hate.
> Nevertheless, the net result of their position is, undeniably, fascist. The
> ability to run your own server is, IMO, a fundamental right in a free
> society.
>
> The real lesson to be learned is that power accumulates power and power's
> corruption is an inevitable as entropy's increase. The absolute, inevitable
> drive of any organization or initiative is toward self-preservation, which
> manifests as the will to power. Of course people will attempt to use this
> next generation technology to increase and thereby centralize their power.
> That is inevitable. And THAT is what we need to engage to resist. It isn't
> that Web3 is flawed, its that we must remain eternally vigilant against the
> centralization of power because that, in and of itself, WILL lead to abuses
> of that power and a loss of freedom and compromise of human dignity.
>
> This will to power, whether organizational or individual, is not evil, in
> and of itself. It is unchecked power that leads to untenable and avoidable
> harm. This is PRECISELY what the American founding fathers set out to do
> with a tripartite government with checks and balances. It's not perfect,
> but it was perhaps the best, most successful attempt to moderate the
> unchecked accumulation of power. In short, the very notion of freedom that
> shaped the United States is anchored on the ability to reign in runaway
> centralization.
>
> So, while modern cryptography in the hands of individuals will be at least
> as transformative as modern transportation in the hands of individuals, we
> are still figuring out what that means. As part of that exploration, it
> pays to understand how groups like OpenSea centralize power in unfortunate
> ways so that we can iterate and find better solutions. We must find new
> expressions of individual and social will that enable and increase human
> freedom and dignity, rather than simply watch early movers crown themselves
> as the feudal lords of this uncharted territory.
>
> -j
>
> On Thu, Jan 27, 2022, at 4:19 AM, Simone Ravaioli wrote:
>
> Exactly !
>
> This brief thread already produced substantial value and elevated the
> conversation. Thx Bob, Christopher,  Adrian, Alan et all !
>
> - How might we feed this back in the emergent, “adjacent possible”
> credentialing conversation ?
> - What responsibility - agency, ownership, control, stake - should CCG
> take with regards to "NFT credentials” ?
> - Do we feel any sense of fostering/parenting with regards to  this
> “toddler" making noises and bouncing at the door ?
> - Is there an opportunity for this community to find additional
> (alternative) avenues to participate and shape the future of the internet
> of credentials ?
> - How might we best organise to address this ?
>
> IMHO, the CCG voice is needed more than ever in that #rabbithole.
>
> The discourse online is quickly reaching “escape velocity”:
>
> - Imagine DAO replacing standards bodies like DIF and W3C
> <https://twitter.com/sgershuni/status/1486654386537381893?s=20>
> - How can Verifiable Credentials be used to help DAOs ?
> <https://twitter.com/sgershuni/status/1486654386537381893?s=20>
> - Individual community members we are increasingly taking a public
> interest and open enquiry approach into Web3
> <https://www.linkedin.com/posts/aniljohn_my-first-impressions-of-web3-activity-6888942553350078464-vn63>
>
> *While not fully Autonomous, CCG is already a Distributed Organization.*
> The caliber of the individual contributions to CCG is unparalleled in this
> domain, however I would argue that value is not adequately recognised -
> “karma tokens” have already been coined by Reddit (ie.  We all do this
> pro-bono).  Is there something we should not be afraid to reflect on
> although it may feel dystopian ?
>
> Our community is of made of season experts, most of us lived across the 3
> generations of the Internet.  How do we think about the future of CCG from
> a human resource perspective ?  It feels there is increasing energy and
> excitement out there in regards to credentials (of all sorts) coming from
> the next generation of humans, likely the next leaders of CCG.
>
> These emerging communities share many of those “first principles” we
> ascribe to: openness, self-sovereignty, decentralisation. In fact, they are
> stretching (if not re-rewriting) how those principles are acted out.   It
> feels like this might be an opportunity to double click on “open” and not
> only welcome, but actively invite those new rough ideas, criticised them to
> make them better, not to shut them off.
>
> If adoption is the ultimate outcome of standards making, then we should
> strive to be as attentive and responsive to what is happening “out there”.
>
> <eof>
>
> — Simone Ravaioli
>
>
> On 27 Jan 2022, at 00:05, Alan Karp <alanhkarp@gmail.com> wrote:
>
> I don't see the word "Subject" in the discussion.  I thought that an
> Issuer creates a VC identifying a Subject, which may or not be the same as
> the Holder, the party that knows the private key associated with presenting
> the VC to a Verifier.
>
> --------------
> Alan Karp
>
>
> On Wed, Jan 26, 2022 at 2:34 PM Christopher Allen <
> ChristopherA@lifewithalacrity.com> wrote:
>
>
>
> On Wed, Jan 26, 2022 at 12:29 PM Bob Wyman <bob@wyman.us> wrote:
>
>
>    - Why have you listed VCs as not generating "Value due to scarcity?"
>    GIven the essentially unlimited variety of claims that could be
>    incorporated into a VC, it seems to me that one could craft a VC which has
>    semantic content equivalent to any NFT. (i.e. A VC that identifies the
>    "ownership" of some specific object.) The limited issuance of such VCs
>    would create a "scarce" resource in just the same way that issuance of an
>    NFT does.
>    - Why do you say that a VC is not "transferable?" Rights that are
>    recorded in a VC could either be delegated , in whole or in part, or the
>    "ownership" of the VC itself might be transferred by the issuance of a
>    new VC recording the delegation or transfer. How is this different from an
>    NFT?
>
>  ...
>
>
>    - Why do you say that a VC only proves the "identity of an entity" but
>    not "ownership of an object?" I can issue a VC to identify the
>    existence (identity) of some right (e.g. the ownership of, or limited
>    right to use, an object) and then issue another VC to associate that VC
>    with some identified individual. While the VC-based mechanics are a bit
>    different from what is typical with NFTs, how is the net effect different
>    from that provided by issuing an NFT?
>
> When I read this, I realize that once again, our language around the use
> of "owner" is entirely wrong. We've in the past tried to do better and
> avoid any of the words associated with property rights idea of "ownership"
> in DIDs and VCs, but it keeps cropping back in. (An aside: "control" is
> better but not perfect. I've also been seeking language from the "law of
> agency" such as authority. Not so far limited success in coming up with
> something better).
>
> Part of the problem is that there is a natural centrality in the
> controller of a DID, and for the issuer of a VC. This natural centrality
> isn't "ownership", but sometimes acts like it. Similary, there is the
> problem that multiple parties may have unrestricted read-access (no
> encryption or DRM), but are restricted in their ability to fully verify the
> VC by some other party. Though this is not part of the definition of
> "holder", I feel that a holder a) has to have a readable version of the VC,
> and b) can fully verify it, else they are not truly a "holder". They also
> are not an owner, instead have limited control or authority.
>
> Another part of the problem when comparing NFTs to VCs is that the role of
> the issuer in an NFT is very limited, or none at all (typically only a
> royalty on future sales), once the transfer is complete. Whereas an issuer
> of a VC can always revoke a VC, refuse to reissue one on expiration, and
> issue a new one possibly even to a new cryptographic party so it resembles
> a "transfer" but isn't. As far as I know, there is no way to "transfer" the
> issuer's role in a VC — they either issued it, didn't issue it, or there is
> a problem. Thus NFT isn't quite comparable to a VC, as in effect the issue
> has no (or limited) control or authority over its future use. Note also
> that I don't know of any NFT that is revocable or expires.
>
> -- Christopher Allen
>
>
> --
> Joe Andrieu, PMP
>                    joe@legreq.com
> LEGENDARY REQUIREMENTS
>    +1(805)705-8651
> Do what matters.
>                  http://legreq.com <http://www.legendaryrequirements.com>
>
>
>

Received on Friday, 28 January 2022 04:06:35 UTC