- From: Pryvit NZ <kyle@pryvit.tech>
- Date: Tue, 12 Aug 2025 21:07:48 +0000
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
- Message-ID: <IiJTwXuimD1WBce1DnTxvEOlEsPARIvaolMmZenpnJJWbSitZLm7dyAbbRAk1Ihy_x7DB9yEf5Mi2yb>
> I wouldn't go as far as saying the tools we are building are > ambivalent to how we use them. Some of us are very consciously trying > to ensure that decentralization is not only possible, but preferred if > it makes sense in a particular ecosystem. There are ecosystems that > are far more centralized than they need to be, which has led to > security and privacy failures, and we're actively trying to improve > those ecosystems. I think there’s a good nuance here. What I mean is that the technology does not care how it’s used. However, we as people do and that’s why the conflict arises. We’re trying to signal from our group of humans (Nophonehome signers) to the other group of humans (ISO spec designers) and more importantly broader society (the abstainers who just want to use the technology such as politicians) what we believe good and bad is. That’s inherently a human condition, not a technical one. So why does that matter? Because when we recognize that it’s inherently a human problem, we can debate the actual problem which is, “when is it acceptable to track others with technology?”. The debate is not about protocols or formats. Those are just a reflection of our communal view of how to answer the real question about tracking. Within our community we tend to reject the idea of tracking, but I don’t think we outright reject it as intransigent minorities. So when do people in this community actually think tracking is useful? For example, do we mind if tracking and centralization exist in credentials related to non-personal data such as provenance of customs documents for import and export? I personally don’t mind that, so I use the heuristic that when claims contain personal data tracking is bad. Otherwise, tracking may not be an issue. The same exercise should be done for centralization versus decentralization, but I’ll leave that as an exercise to the readers of this mailing list to think through in order to keep this conversation more focused. > butis often not done when just trying to recreate the current powerdynamics that exist today. I will note that many large institutionsapproach this new technology in that way, which might be the only > place they can start and the hope is that they will jump to theadjacent possible if it makes sense for them to do so... Yeah this is one topic that I’m happy to play the role of intransigent minority on because I don’t have jobs, customers, and contracts on the line for. I fully accept this is an idea that sits outside the Overton Window. However, I think it’s the broader question we’re trying to grapple with in society and with the broader web as the Web becomes more fundamental to the lives of everyone. As John Perry Barlow put it best in The Declaration of Cyberspace Independence[1] back in 1996: “Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone.You are not welcome among us.You have no sovereignty where we gather.” Does that sound familiar to the values our community and the broader Web3 community started with? Has anyone compromised on those values in any way to achieve some financial outcome or solve the adoption problem? I know I did when I was paid to work on this stuff. That’s why I’m willing to play this intransigent minority role is to try and nudge us back to the roots that motivated us (or at the very least me) to start participating in this community. [1]: https://www.eff.org/cyberspace-independence -Kyle On Tue, Aug 12, 2025 at 4:47 AM, Manu Sporny <[msporny@digitalbazaar.com](mailto:On Tue, Aug 12, 2025 at 4:47 AM, Manu Sporny <<a href=)> wrote: > On Sat, Aug 9, 2025 at 5:48 PM Pryvit NZ <kyle@pryvit.tech> wrote: >> Yes, we're definitely on the same page here and this is a very succinct summary of what I was hoping to articulate. > > Ok, good, I have a good handle of where you're coming from now. > >> I think the primitives grant us the flexibility we need to appropriately represent the proper power dynamics as they best suit. > > Ok, also good, that makes me feel much better about where the > discussion is going. > > I would like to hear if Christopher, and anyone else saying "We need a > differen architecture" is aligned with the above as well or not. > Again, I'm trying to ferret out if folks feel like there is new > technical work that needs to be done/abandoned in this community, or > if this is a matter of "higher-level" technical architecture -- how we > put the pieces together (which can, in itself, be technical work). > >> This is the main takeaway I hope people can take away from this discussion is that the tools we build are ambivalent to how we use them, but we inherently will always express our values as we do. I just hope we all have the ability to reflect early enough to recognize when we're doing this and make sure to change as needed. If our tools are built correctly, this should be easier to do too. > > Yes, agreed. We do need constant reflection -- the community > intervention on "no phone home" with mDL was a good example of that. > Though in the "no phone home" case, it was this community intervening > with another community that had gone down a bad path; but there was > some community overlap there and hopefully the right privacy outcome > will materialize over the coming months. > > I wouldn't go as far as saying the tools we are building are > ambivalent to how we use them. Some of us are very consciously trying > to ensure that decentralization is not only possible, but preferred if > it makes sense in a particular ecosystem. There are ecosystems that > are far more centralized than they need to be, which has led to > security and privacy failures, and we're actively trying to improve > those ecosystems. > > Take Decentralized Identifiers for example, which some of the large > tech companies, and a variety of x509 diehards railed against, and > actively attempted to prevent from being standardized, for years. Even > to this day the technology is snubbed in some circles with the hopes > that it will just go away. I don't think that the people working on > DIDs are ambivalent about the future they're trying to build towards. > > Similarly, for verifiable credentials -- use cases around individual > empowerment and decentralization are top of mind for many of us. For > example, when I scan the latest PR on the VCWG specs, I'm actively > looking for things that would prevent decentralization or prefer > centralization. > > That said, the technology has to also fit into society today; there > has to be some benefit for "traditional" credential issuers to move > towards verifiable credentials, and a fair number of those issuers > tend to have practices that are decades (to centuries) old, some of > which is codified in law that prefers the centralization of government > authority. While some of us might not like every instance of that, > these systems are not "purely bad", and in fact, if these systems > didn't exist as they do today, we wouldn't have some of the benefits > from these systems (as well as the drawbacks that comes with > centralization). > > All that to say, I don't think I agree that many of us are ambivalent > to how these systems are put together, nor that the technology this > community works on is ambivalent to how it is deployed. Signal has an > architectural aesthetic, and so do Decentralized Identifiers, > Verifiable Credentials, and the various Data Integrity cryptosuites. > >> Yup, exactly this. I think it's important to point out too, the only way I was able to reach that conclusion was by acknowledging the power dynamics of the use case. I had to first determine why it felt incorrect and then working backwards from what felt like a more accurate representation of how we model the problem from a first principles perspective. I hope others are able to achieve the same with their particular use cases. > > Yes, agreed; this is good guidance when addressing any use case, but > is often not done when just trying to recreate the current power > dynamics that exist today. I will note that many large institutions > approach this new technology in that way, which might be the only > place they can start and the hope is that they will jump to the > adjacent possible if it makes sense for them to do so... or, maybe > they never do and are instead replaced by other more decentralized > institutions that win the hearts and minds of the people that depend > on them. > >> ++ - I think as long as we make it possible (which I think we're doing a good job at it), then we've built the technology properly. The rest is to be decided by those who use it, and that's the paradox of building tech but not being able to fully prevent the unintended consequences of how it's used. > > Yes, I do agree with the above as well. Even for "those that use it" > -- we can provide guidance based on our collective expertise on > "fit-for-purpose architectures". Again, the "no phone home" > intervention by many in this community was a good example of that. > > All that to say, I do think we have some control over the values > embodied in the technology primitives we create here as well as the > architectures that we feel are appropriate for particular use cases. > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > https://www.digitalbazaar.com/
Received on Tuesday, 12 August 2025 21:07:59 UTC