- From: Christopher Allen <ChristopherA@lifewithalacrity.com>
- Date: Wed, 13 Aug 2025 00:10:32 -0400
- To: Pryvit NZ <kyle@pryvit.tech>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
- Message-ID: <CACrqygDm-8Hp4egaR34Hd2h2oryjE_eaF7A-33uvz_VHusq6Wg@mail.gmail.com>
Kyle, On Thu, Jul 17, 2025 at 8:40 PM Pryvit NZ <kyle@pryvit.tech> wrote: > I hope you don't mind that I tag the list back in on this question Manu. I > think it's also important for people to understand that I don't think that > you or many others promoting more decentralized approaches are relying > simply on waiting and hope. That's true for many people working on this > technology too, but it's the death by 1000 compromises that introduces this > problem. > Your analysis of "death by 1000 compromises" perfectly captures something I've been wrestling with in my own work. Having spent decades building infrastructure I believed would protect autonomy - from TLS to DIDs - I'm now watching these same systems become conduits for coercion rather than shields against it. > The evidence stands in the work you and many others in this community put > in and I don't fault people for their efforts. Many people genuinely do > want to offer decentralized technological alternatives when possible. > However, where we're failing is in the trust architectures itself. For > example, TruAge is susceptible to this same problem albeit not because you > did this maliciously, but rather that's how the law states it must be done. > So you were faced with the question of do I build a solution that aligns > with the law to get this technology in use, or does the customer go > elsewhere or stay with what they currently have. > > In this sense, we've become complicit in the removal of agency, at least > temporarily because of the compromise. As Daniel points out, sometimes this > is necessary to get a seat at the table and change things from within. > However, I suspect that for many of the use cases we as technologist find > ourselves implementing we simply won't be able to change from within nor > would I suggest we always should. In many case requirements like this are > exactly scoped to the problem at hand, but it's when the systems get > repurposed (which is far easier with these digitally scaled approaches like > what digital credentials offer us) that the unintended consequences start > to appear like what we're seeing with age verification laws for content > moderation purposes on the web. > > To understand more about my rationale here, I've authored this blog post > too. It's a bit of a longer read, but really gets at the heart of the > problem that it's not inherently the technology that's the problem, but > rather how we choose to architect the trust and then rely on that trust > later that sets us on the wrong path. > > https://kyledenhartog.com/centralized-ssi/ In your blog post, the parallel to x509's marginalization of self-signed certificates is particularly apt. We're repeating the same pattern with SSI - "bestowing new hard power in the issuer by removing hard power from the subject," as you put it. This is what I call, in a policy framework I'm developing, "systematic inversion" - where mechanisms designed to constrain power become tools that embed it. The COVID pass example you cite perfectly illustrates how "high assurance" becomes euphemism for institutional gatekeeping. When credentials encode "who says what about whom" without subjects' ability to make their own claims, we've transformed identity infrastructure into what I term "shadow governance" - platforms enforcing rules without accountability. Your edge-based age verification proposal demonstrates exactly the principle I call "graduated obligations": power should trigger proportional duties. Those closest to the problem (parents, teachers, school IT) have both knowledge and responsibility. This contrasts sharply with distant platforms optimizing for compliance while accumulating power without corresponding accountability. The institutional trust decline you cite from OECD isn't just crisis - it's opportunity. When existing institutions lose legitimacy, space opens for alternative architectures. Your Hyrum's Law insight is brilliant: we've accidentally standardized on trust patterns never designed to bear this weight. The x509/TLS pattern lock-in has become so internalized we can't imagine alternatives. What excites me most is how your work bridges technical and policy communities. Your school-based model isn't just technically elegant - it's politically viable because it aligns with existing relationships. It resists what I call the "platform compliance paradox" where platforms gain power by appearing to comply with government requests while actually controlling the infrastructure. Keep pushing these uncomfortable truths. Every concrete counter-example helps break the community free from path dependencies. We need voices willing to name the inversion we're collectively enabling. -- Christopher Allen P.S. If you're interested in reviewing a community draft which I'm calling "The Architecture of Autonomy" that explores these systematic inversions in depth, - and more importantly, what we can do about them - reach out to me on Signal. It's a commitment at 21k words (trimmed from 42k!), at least an hour-1/2 to read, but covers a full policy architecture from diagnosis to prescription.
Received on Wednesday, 13 August 2025 04:11:15 UTC