W3C home > Mailing lists > Public > public-credentials@w3.org > January 2022

Re: Web3 First Impressions by Moxie Marlinspike (was: Re: Ideals meet Implementations - Blockchains, NFTs, Decentralization, Oh My!)

From: Philipp Schmidt <ps1@media.mit.edu>
Date: Fri, 28 Jan 2022 06:58:56 -0500
Message-ID: <CAHnQ8tE_RaYofFcCRRS6=WFgr_VYZFrCOWnqQSbvBN55kbcQPA@mail.gmail.com>
To: Nikos Fotiou <fotiou@aueb.gr>
Cc: Credentials Community Group <public-credentials@w3.org>, Joe Andrieu <joe@legreq.com>
On Fri, Jan 28, 2022 at 5:24 AM Nikos Fotiou <fotiou@aueb.gr> wrote:

> Hi,
> Stating that the conclusion of a blog post of a person, who leads the
> efforts for privacy in the internet, are equally dangerous to the opinions
> of a dictator that killed thousands in Europe, is offending, to say the
> least.

I agree with this statement and hope the W3C remains a space for open,
constructive, and civil engagement with technical standards.

In my experience, labeling technical statements you disagree with
“fascist”, makes it not possible to continue a constructive dialogue.


> Moreover, not everybody can run a full ethereum node. You need a good
> internet connection and an SSD disk just to keep up with the new
> transactions. It is nothing like running your own web server. So being part
> of web2 with your own server is much easier and affordable than
> participating in web3, which is kind of ironic.
> Best,
> Nikos
> --
> Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou
> Researcher - Mobile Multimedia Laboratory
> Athens University of Economics and Business
> https://mm.aueb.gr
> > On 27 Jan 2022, at 7:57 PM, Joe Andrieu <joe@legreq.com> wrote:
> >
> > There are two huge misconceptions going on here, which are
> understandable, but make it harder for us to develop a shared understanding
> of both the problems and opportunities of this emerging technology.
> >
> > I'll tackle the easier one first:
> >
> > The fundamental difference between VCs and NFTs is that NFTs are
> designed for transferability, with protections against double spend. VCs
> are not. The root model of a VC is that it is a verifiable statement by a
> cryptographically deterministic author. It is not guaranteed to be unique
> nor is it expected to be transferable in any meaningful way. Trust me, I'm
> one of the editors of the use case document for that specification
> https://www.w3.org/TR/vc-use-cases/. Driver's licenses, diplomas,
> passports, certifications. These things are statements by a knowable
> authority about a specific subject. There is no notion of transferability
> of any of the rights or privileges associated with those statements. As
> digital objects, of course they can be copied and sent to someone else, but
> it doesn't transfer the statement to a new subject or anything like that.
> In fact, Verifiable Presentations were created as a mechanism to verify
> that the current presenter of a VC (called a Holder), has a specific
> relationship to the Subject of the VC, especially when Subject = Holder,
> e.g., when you present your own Driver's License to a police officer.
> That's all VCs do: enable verifiable statements by a knowable author.
> >
> > NFTs on the other hand are rivalrous digital goods. Period. They are
> unique and they have specific control structures that ensure a certain form
> of assurance about the current presumed owner. The transferability of
> control without fraudulent double spend is EVERYTHING to an NFT, just as it
> is to cryptocurrencies. Unlike other digital objects, merely copying the
> bits DOES NOT transfer the essential notion of control & ownership. The
> current fad of collectible NFTs is just the first grasps of a toddler
> trying to figure out how this fundamentally new thing works.
> >
> > VCs and NFTs are only similar in the sense that they both use
> cryptography to ensure specific notions of integrity. VC's ensure
> authenticity and timeliness. NFTs ensure transferability and provable
> control.
> >
> > My second issue is much deeper and more important.
> >
> > Moxie Marlinspike's fundamental observation is correct, but their
> conclusion is wrong. They assert that people don't want to run their own
> servers and THEREFORE systems that focus on the ability for people to run
> their own servers are fundamentally flawed. This is as dangerously
> unfounded as Mussolini's moral foundation of fascism: without power, policy
> doesn't matter and groups are more powerful than individuals, THEREFORE,
> individuals only have moral authority insofar as their actions align with
> the group, which in his case meant the state. Moxies's conclusions are
> equally as dangerous.
> >
> > I agree that people don't want to run their own server. I recently went
> through the trouble to host my own server in my house, with dynamic DNS and
> upgrading to a commercial plan (so I didn't get nastygrams from my ISP
> threatening cancellation). I am not a system administrator, but as a
> programmer, I figured it out. And it put me on the front-line of
> maintaining those systems, which turned out to be far more trouble that it
> was worth. We've since shifted all our servers to trusted service providers
> who handle that for me. It's totally worth the modest monthly fee. So, yes,
> I agree, people don't want to run their own servers.
> >
> > HOWEVER, It is the *option* to run our own servers that is fundamentally
> important here. The fact that I *could* do that meant that I can also
> change my service provider at any time. I just need a compatible platform
> and as a linux fan, there are plenty to chose from. When I don't have that
> option, we become beholden to the dominant, centralized service providers.
> This is the problem with Facebook. It *used* to be the problem with AOL and
> Compuserve, which was fixed with the World Wide Web's http and html
> standards. It was the problem with MCIMail and ATTMail, wich was fixed by
> SMTP, POP, and IMAP. In both cases, the very POSSIBILITY of self-hosting
> meant that those who wanted to make that investment would--and many large
> organizations LOVE their on-premise IT centers. It also meant that a
> plethora of alternatives could be offered by different service providers.
> That readily availability of email and web hosting services has
> dramatically democratized our digital infrastructure.
> >
> > We have seen this structural denial of ownership before and it is
> unacceptable in a free society. It wasn't until the 1970s that women had
> the legal right to apply for credit cards separate from their husbands. In
> eras before that, women couldn't even own property, making them
> fundamentally, structurally dependent on their fathers and husbands.  The
> feminist movement brought a stop to that oppression (and still has work
> ahead). Serfs and commoners of the feudal era could not own real property,
> based on nothing more than their lineage. The Enlightenment brought an end
> to that system of non-ownership. Pre-civil war, slaves in America could not
> own property. Post civil war, sharecroppers (often former slaves) were
> denied the ability to own their own land and instead became veritable
> surfs: slaves in all but name. Not to mention the actual It was also the
> foundation of the HUD-directed segregation policy in the United States that
> created red-line districts so that minorities were structurally unable to
> buy property in neighborhoods declared for "white people". The Civil Rights
> movement continues the hard work of reversing this systemic ingrained
> tyranny. The denial of ownership is, and always has been, a fundamental
> tool of oppression and exclusion. It doesn't matter that most people in big
> cities rent rather than own, what matters is that ANYONE *can* own and they
> can own ANYWHERE in the United States. That's freedom. Anything less than
> that is structural tyranny.
> >
> > I am willing to give Moxie the benefit of the doubt. I have no reason to
> believe they are intentionally propagating fundamentally fascist ideas or
> that they have some hidden fascist agenda. They seems smart and their
> argument is well presented without a call to fearmongering and hate.
> Nevertheless, the net result of their position is, undeniably, fascist. The
> ability to run your own server is, IMO, a fundamental right in a free
> society.
> >
> > The real lesson to be learned is that power accumulates power and
> power's corruption is an inevitable as entropy's increase. The absolute,
> inevitable drive of any organization or initiative is toward
> self-preservation, which manifests as the will to power. Of course people
> will attempt to use this next generation technology to increase and thereby
> centralize their power. That is inevitable. And THAT is what we need to
> engage to resist. It isn't that Web3 is flawed, its that we must remain
> eternally vigilant against the centralization of power because that, in and
> of itself, WILL lead to abuses of that power and a loss of freedom and
> compromise of human dignity.
> >
> > This will to power, whether organizational or individual, is not evil,
> in and of itself. It is unchecked power that leads to untenable and
> avoidable harm. This is PRECISELY what the American founding fathers set
> out to do with a tripartite government with checks and balances. It's not
> perfect, but it was perhaps the best, most successful attempt to moderate
> the unchecked accumulation of power. In short, the very notion of freedom
> that shaped the United States is anchored on the ability to reign in
> runaway centralization.
> >
> > So, while modern cryptography in the hands of individuals will be at
> least as transformative as modern transportation in the hands of
> individuals, we are still figuring out what that means. As part of that
> exploration, it pays to understand how groups like OpenSea centralize power
> in unfortunate ways so that we can iterate and find better solutions. We
> must find new expressions of individual and social will that enable and
> increase human freedom and dignity, rather than simply watch early movers
> crown themselves as the feudal lords of this uncharted territory.
> >
> > -j
> >
> > On Thu, Jan 27, 2022, at 4:19 AM, Simone Ravaioli wrote:
> >> Exactly !
> >>
> >> This brief thread already produced substantial value and elevated the
> conversation. Thx Bob, Christopher,  Adrian, Alan et all !
> >>
> >> - How might we feed this back in the emergent, “adjacent possible”
> credentialing conversation ?
> >> - What responsibility - agency, ownership, control, stake - should CCG
> take with regards to "NFT credentials” ?
> >> - Do we feel any sense of fostering/parenting with regards to  this
> “toddler" making noises and bouncing at the door ?
> >> - Is there an opportunity for this community to find additional
> (alternative) avenues to participate and shape the future of the internet
> of credentials ?
> >> - How might we best organise to address this ?
> >>
> >> IMHO, the CCG voice is needed more than ever in that #rabbithole.
> >>
> >> The discourse online is quickly reaching “escape velocity”:
> >>
> >> - Imagine DAO replacing standards bodies like DIF and W3C
> >> - How can Verifiable Credentials be used to help DAOs ?
> >> - Individual community members we are increasingly taking a public
> interest and open enquiry approach into Web3
> >>
> >> While not fully Autonomous, CCG is already a Distributed Organization.
> The caliber of the individual contributions to CCG is unparalleled in this
> domain, however I would argue that value is not adequately recognised -
> “karma tokens” have already been coined by Reddit (ie.  We all do this
> pro-bono).  Is there something we should not be afraid to reflect on
> although it may feel dystopian ?
> >>
> >> Our community is of made of season experts, most of us lived across the
> 3 generations of the Internet.  How do we think about the future of CCG
> from a human resource perspective ?  It feels there is increasing energy
> and excitement out there in regards to credentials (of all sorts) coming
> from the next generation of humans, likely the next leaders of CCG.
> >>
> >> These emerging communities share many of those “first principles” we
> ascribe to: openness, self-sovereignty, decentralisation. In fact, they are
> stretching (if not re-rewriting) how those principles are acted out.   It
> feels like this might be an opportunity to double click on “open” and not
> only welcome, but actively invite those new rough ideas, criticised them to
> make them better, not to shut them off.
> >>
> >> If adoption is the ultimate outcome of standards making, then we should
> strive to be as attentive and responsive to what is happening “out there”.
> >>
> >> <eof>
> >>
> >> — Simone Ravaioli
> >>
> >>
> >>> On 27 Jan 2022, at 00:05, Alan Karp <alanhkarp@gmail.com> wrote:
> >>>
> >>> I don't see the word "Subject" in the discussion.  I thought that an
> Issuer creates a VC identifying a Subject, which may or not be the same as
> the Holder, the party that knows the private key associated with presenting
> the VC to a Verifier.
> >>>
> >>> --------------
> >>> Alan Karp
> >>>
> >>>
> >>> On Wed, Jan 26, 2022 at 2:34 PM Christopher Allen <
> ChristopherA@lifewithalacrity.com> wrote:
> >>>
> >>>
> >>> On Wed, Jan 26, 2022 at 12:29 PM Bob Wyman <bob@wyman.us> wrote:
> >>>     • Why have you listed VCs as not generating "Value due to
> scarcity?" GIven the essentially unlimited variety of claims that could be
> incorporated into a VC, it seems to me that one could craft a VC which has
> semantic content equivalent to any NFT. (i.e. A VC that identifies the
> "ownership" of some specific object.) The limited issuance of such VCs
> would create a "scarce" resource in just the same way that issuance of an
> NFT does.
> >>>     • Why do you say that a VC is not "transferable?" Rights that are
> recorded in a VC could either be delegated , in whole or in part, or the
> "ownership" of the VC itself might be transferred by the issuance of a new
> VC recording the delegation or transfer. How is this different from an NFT?
> >>>  ...
> >>>     • Why do you say that a VC only proves the "identity of an entity"
> but not "ownership of an object?" I can issue a VC to identify the
> existence (identity) of some right (e.g. the ownership of, or limited right
> to use, an object) and then issue another VC to associate that VC with some
> identified individual. While the VC-based mechanics are a bit different
> from what is typical with NFTs, how is the net effect different from that
> provided by issuing an NFT?
> >>> When I read this, I realize that once again, our language around the
> use of "owner" is entirely wrong. We've in the past tried to do better and
> avoid any of the words associated with property rights idea of "ownership"
> in DIDs and VCs, but it keeps cropping back in. (An aside: "control" is
> better but not perfect. I've also been seeking language from the "law of
> agency" such as authority. Not so far limited success in coming up with
> something better).
> >>>
> >>> Part of the problem is that there is a natural centrality in the
> controller of a DID, and for the issuer of a VC. This natural centrality
> isn't "ownership", but sometimes acts like it. Similary, there is the
> problem that multiple parties may have unrestricted read-access (no
> encryption or DRM), but are restricted in their ability to fully verify the
> VC by some other party. Though this is not part of the definition of
> "holder", I feel that a holder a) has to have a readable version of the VC,
> and b) can fully verify it, else they are not truly a "holder". They also
> are not an owner, instead have limited control or authority.
> >>>
> >>> Another part of the problem when comparing NFTs to VCs is that the
> role of the issuer in an NFT is very limited, or none at all (typically
> only a royalty on future sales), once the transfer is complete. Whereas an
> issuer of a VC can always revoke a VC, refuse to reissue one on expiration,
> and issue a new one possibly even to a new cryptographic party so it
> resembles a "transfer" but isn't. As far as I know, there is no way to
> "transfer" the issuer's role in a VC — they either issued it, didn't issue
> it, or there is a problem. Thus NFT isn't quite comparable to a VC, as in
> effect the issue has no (or limited) control or authority over its future
> use. Note also that I don't know of any NFT that is revocable or expires.
> >>>
> >>> -- Christopher Allen
> >>>
> >
> > --
> > Joe Andrieu, PMP
>                       joe@legreq.com
>       +1(805)705-8651
> > Do what matters.
>                     http://legreq.com
Received on Friday, 28 January 2022 11:59:22 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:28 UTC