- From: Drummond Reed <drummond.reed@evernym.com>
- Date: Thu, 27 Jan 2022 20:06:08 -0800
- To: Joe Andrieu <joe@legreq.com>
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAAjunna+A3HYBuebxG74nowGvvMdSFBbOkoV-aUgrptNFEdjhw@mail.gmail.com>
Joe, every so often you post one of these insanely well articulated essays and each time I beseech you to make it a blog post so I hand out the URL every time I need to make this argument (yes, I know this message has a URL in some W3C listserv but that's doesn't really do the trick). If you do post it, please share the URL back with us. Thanks so much for writing this. =Drummond On Thu, Jan 27, 2022 at 9:59 AM Joe Andrieu <joe@legreq.com> wrote: > There are two huge misconceptions going on here, which are understandable, > but make it harder for us to develop a shared understanding of both the > problems and opportunities of this emerging technology. > > I'll tackle the easier one first: > > The fundamental difference between VCs and NFTs is that NFTs are designed > for transferability, with protections against double spend. VCs are not. > The root model of a VC is that it is a verifiable statement by a > cryptographically deterministic author. It is not guaranteed to be unique > nor is it expected to be transferable in any meaningful way. Trust me, I'm > one of the editors of the use case document for that specification > https://www.w3.org/TR/vc-use-cases/. Driver's licenses, diplomas, > passports, certifications. These things are statements by a knowable > authority about a specific subject. There is no notion of transferability > of any of the rights or privileges associated with those statements. As > digital objects, of course they can be copied and sent to someone else, but > it doesn't transfer the statement to a new subject or anything like that. > In fact, Verifiable Presentations were created as a mechanism to verify > that the current presenter of a VC (called a Holder), has a specific > relationship to the Subject of the VC, especially when Subject = Holder, > e.g., when you present your own Driver's License to a police officer. > That's all VCs do: enable verifiable statements by a knowable author. > > NFTs on the other hand are rivalrous digital goods. Period. They are > unique and they have specific control structures that ensure a certain form > of assurance about the current presumed owner. The transferability of > control without fraudulent double spend is EVERYTHING to an NFT, just as it > is to cryptocurrencies. Unlike other digital objects, merely copying the > bits DOES NOT transfer the essential notion of control & ownership. The > current fad of collectible NFTs is just the first grasps of a toddler > trying to figure out how this fundamentally new thing works. > > VCs and NFTs are only similar in the sense that they both use cryptography > to ensure specific notions of integrity. VC's ensure authenticity and > timeliness. NFTs ensure transferability and provable control. > > My second issue is much deeper and more important. > > Moxie Marlinspike's fundamental observation is correct, but their > conclusion is wrong. They assert that people don't want to run their own > servers and THEREFORE systems that focus on the ability for people to run > their own servers are fundamentally flawed. This is as dangerously > unfounded as Mussolini's moral foundation of fascism: without power, policy > doesn't matter and groups are more powerful than individuals, THEREFORE, > individuals only have moral authority insofar as their actions align with > the group, which in his case meant the state. Moxies's conclusions are > equally as dangerous. > > I agree that people don't want to run their own server. I recently went > through the trouble to host my own server in my house, with dynamic DNS and > upgrading to a commercial plan (so I didn't get nastygrams from my ISP > threatening cancellation). I am not a system administrator, but as a > programmer, I figured it out. And it put me on the front-line of > maintaining those systems, which turned out to be far more trouble that it > was worth. We've since shifted all our servers to trusted service providers > who handle that for me. It's totally worth the modest monthly fee. So, yes, > I agree, people don't want to run their own servers. > > HOWEVER, It is the *option* to run our own servers that is fundamentally > important here. The fact that I *could* do that meant that I can also > change my service provider at any time. I just need a compatible platform > and as a linux fan, there are plenty to chose from. When I don't have that > option, we become beholden to the dominant, centralized service providers. > This is the problem with Facebook. It *used* to be the problem with AOL and > Compuserve, which was fixed with the World Wide Web's http and html > standards. It was the problem with MCIMail and ATTMail, wich was fixed by > SMTP, POP, and IMAP. In both cases, the very POSSIBILITY of self-hosting > meant that those who wanted to make that investment would--and many large > organizations LOVE their on-premise IT centers. It also meant that a > plethora of alternatives could be offered by different service providers. > That readily availability of email and web hosting services has > dramatically democratized our digital infrastructure. > > We have seen this structural denial of ownership before and it is > unacceptable in a free society. It wasn't until the 1970s that women had > the legal right to apply for credit cards separate from their husbands. In > eras before that, women couldn't even own property, making them > fundamentally, structurally dependent on their fathers and husbands. The > feminist movement brought a stop to that oppression (and still has work > ahead). Serfs and commoners of the feudal era could not own real property, > based on nothing more than their lineage. The Enlightenment brought an end > to that system of non-ownership. Pre-civil war, slaves in America could not > own property. Post civil war, sharecroppers (often former slaves) were > denied the ability to own their own land and instead became veritable > surfs: slaves in all but name. Not to mention the actual It was also the > foundation of the HUD-directed segregation policy in the United States that > created red-line districts so that minorities were structurally unable to > buy property in neighborhoods declared for "white people". The Civil Rights > movement continues the hard work of reversing this systemic ingrained > tyranny. The denial of ownership is, and always has been, a fundamental > tool of oppression and exclusion. It doesn't matter that most people in big > cities rent rather than own, what matters is that ANYONE *can* own and they > can own ANYWHERE in the United States. That's freedom. Anything less than > that is structural tyranny. > > I am willing to give Moxie the benefit of the doubt. I have no reason to > believe they are intentionally propagating fundamentally fascist ideas or > that they have some hidden fascist agenda. They seems smart and their > argument is well presented without a call to fearmongering and hate. > Nevertheless, the net result of their position is, undeniably, fascist. The > ability to run your own server is, IMO, a fundamental right in a free > society. > > The real lesson to be learned is that power accumulates power and power's > corruption is an inevitable as entropy's increase. The absolute, inevitable > drive of any organization or initiative is toward self-preservation, which > manifests as the will to power. Of course people will attempt to use this > next generation technology to increase and thereby centralize their power. > That is inevitable. And THAT is what we need to engage to resist. It isn't > that Web3 is flawed, its that we must remain eternally vigilant against the > centralization of power because that, in and of itself, WILL lead to abuses > of that power and a loss of freedom and compromise of human dignity. > > This will to power, whether organizational or individual, is not evil, in > and of itself. It is unchecked power that leads to untenable and avoidable > harm. This is PRECISELY what the American founding fathers set out to do > with a tripartite government with checks and balances. It's not perfect, > but it was perhaps the best, most successful attempt to moderate the > unchecked accumulation of power. In short, the very notion of freedom that > shaped the United States is anchored on the ability to reign in runaway > centralization. > > So, while modern cryptography in the hands of individuals will be at least > as transformative as modern transportation in the hands of individuals, we > are still figuring out what that means. As part of that exploration, it > pays to understand how groups like OpenSea centralize power in unfortunate > ways so that we can iterate and find better solutions. We must find new > expressions of individual and social will that enable and increase human > freedom and dignity, rather than simply watch early movers crown themselves > as the feudal lords of this uncharted territory. > > -j > > On Thu, Jan 27, 2022, at 4:19 AM, Simone Ravaioli wrote: > > Exactly ! > > This brief thread already produced substantial value and elevated the > conversation. Thx Bob, Christopher, Adrian, Alan et all ! > > - How might we feed this back in the emergent, “adjacent possible” > credentialing conversation ? > - What responsibility - agency, ownership, control, stake - should CCG > take with regards to "NFT credentials” ? > - Do we feel any sense of fostering/parenting with regards to this > “toddler" making noises and bouncing at the door ? > - Is there an opportunity for this community to find additional > (alternative) avenues to participate and shape the future of the internet > of credentials ? > - How might we best organise to address this ? > > IMHO, the CCG voice is needed more than ever in that #rabbithole. > > The discourse online is quickly reaching “escape velocity”: > > - Imagine DAO replacing standards bodies like DIF and W3C > <https://twitter.com/sgershuni/status/1486654386537381893?s=20> > - How can Verifiable Credentials be used to help DAOs ? > <https://twitter.com/sgershuni/status/1486654386537381893?s=20> > - Individual community members we are increasingly taking a public > interest and open enquiry approach into Web3 > <https://www.linkedin.com/posts/aniljohn_my-first-impressions-of-web3-activity-6888942553350078464-vn63> > > *While not fully Autonomous, CCG is already a Distributed Organization.* > The caliber of the individual contributions to CCG is unparalleled in this > domain, however I would argue that value is not adequately recognised - > “karma tokens” have already been coined by Reddit (ie. We all do this > pro-bono). Is there something we should not be afraid to reflect on > although it may feel dystopian ? > > Our community is of made of season experts, most of us lived across the 3 > generations of the Internet. How do we think about the future of CCG from > a human resource perspective ? It feels there is increasing energy and > excitement out there in regards to credentials (of all sorts) coming from > the next generation of humans, likely the next leaders of CCG. > > These emerging communities share many of those “first principles” we > ascribe to: openness, self-sovereignty, decentralisation. In fact, they are > stretching (if not re-rewriting) how those principles are acted out. It > feels like this might be an opportunity to double click on “open” and not > only welcome, but actively invite those new rough ideas, criticised them to > make them better, not to shut them off. > > If adoption is the ultimate outcome of standards making, then we should > strive to be as attentive and responsive to what is happening “out there”. > > <eof> > > — Simone Ravaioli > > > On 27 Jan 2022, at 00:05, Alan Karp <alanhkarp@gmail.com> wrote: > > I don't see the word "Subject" in the discussion. I thought that an > Issuer creates a VC identifying a Subject, which may or not be the same as > the Holder, the party that knows the private key associated with presenting > the VC to a Verifier. > > -------------- > Alan Karp > > > On Wed, Jan 26, 2022 at 2:34 PM Christopher Allen < > ChristopherA@lifewithalacrity.com> wrote: > > > > On Wed, Jan 26, 2022 at 12:29 PM Bob Wyman <bob@wyman.us> wrote: > > > - Why have you listed VCs as not generating "Value due to scarcity?" > GIven the essentially unlimited variety of claims that could be > incorporated into a VC, it seems to me that one could craft a VC which has > semantic content equivalent to any NFT. (i.e. A VC that identifies the > "ownership" of some specific object.) The limited issuance of such VCs > would create a "scarce" resource in just the same way that issuance of an > NFT does. > - Why do you say that a VC is not "transferable?" Rights that are > recorded in a VC could either be delegated , in whole or in part, or the > "ownership" of the VC itself might be transferred by the issuance of a > new VC recording the delegation or transfer. How is this different from an > NFT? > > ... > > > - Why do you say that a VC only proves the "identity of an entity" but > not "ownership of an object?" I can issue a VC to identify the > existence (identity) of some right (e.g. the ownership of, or limited > right to use, an object) and then issue another VC to associate that VC > with some identified individual. While the VC-based mechanics are a bit > different from what is typical with NFTs, how is the net effect different > from that provided by issuing an NFT? > > When I read this, I realize that once again, our language around the use > of "owner" is entirely wrong. We've in the past tried to do better and > avoid any of the words associated with property rights idea of "ownership" > in DIDs and VCs, but it keeps cropping back in. (An aside: "control" is > better but not perfect. I've also been seeking language from the "law of > agency" such as authority. Not so far limited success in coming up with > something better). > > Part of the problem is that there is a natural centrality in the > controller of a DID, and for the issuer of a VC. This natural centrality > isn't "ownership", but sometimes acts like it. Similary, there is the > problem that multiple parties may have unrestricted read-access (no > encryption or DRM), but are restricted in their ability to fully verify the > VC by some other party. Though this is not part of the definition of > "holder", I feel that a holder a) has to have a readable version of the VC, > and b) can fully verify it, else they are not truly a "holder". They also > are not an owner, instead have limited control or authority. > > Another part of the problem when comparing NFTs to VCs is that the role of > the issuer in an NFT is very limited, or none at all (typically only a > royalty on future sales), once the transfer is complete. Whereas an issuer > of a VC can always revoke a VC, refuse to reissue one on expiration, and > issue a new one possibly even to a new cryptographic party so it resembles > a "transfer" but isn't. As far as I know, there is no way to "transfer" the > issuer's role in a VC — they either issued it, didn't issue it, or there is > a problem. Thus NFT isn't quite comparable to a VC, as in effect the issue > has no (or limited) control or authority over its future use. Note also > that I don't know of any NFT that is revocable or expires. > > -- Christopher Allen > > > -- > Joe Andrieu, PMP > joe@legreq.com > LEGENDARY REQUIREMENTS > +1(805)705-8651 > Do what matters. > http://legreq.com <http://www.legendaryrequirements.com> > > >
Received on Friday, 28 January 2022 04:06:35 UTC