- From: Christopher Allen <ChristopherA@lifewithalacrity.com>
- Date: Wed, 13 Aug 2025 01:02:34 -0400
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: Pryvit NZ <kyle@pryvit.tech>, "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
- Message-ID: <CACrqygB=x9+G+VH6S9Jja5WeZFwqs43CWpfnjtLC7N9aqyONXQ@mail.gmail.com>
Manu, Thank you for your multiple thoughtful responses throughout very long thread (July and August). Your dual perspective - acknowledging disappointment while maintaining pragmatic hope - captures the tension many of us feel. > "it's disappointing to see our work co-opted and twisted into something we didn't intend it to become. To have the core principles whittled away until they are unrecognizable." This whittling away isn't random - it follows predictable patterns. What I'm documenting in a policy framework I'm developing is how this represents "systematic inversion" through extraction incentives. Each compromise shifts what's possible. > "funders don't have unlimited patience and money, which typically drives towards centralization." This gets to the economic heart of the problem. It's not just impatience - when platforms capture coordination infrastructure, they transform public goods into private services. The "convenience trap" you describe - where decentralized solutions remain "not easy enough" - is maintained by design, not accident. Platforms benefit from this complexity asymmetry. > "There are over 1.8 million digital driver's licenses in production in the state of California now that are Verifiable Credentials and that use Decentralized Identifiers." Yes, this represents real progress in adoption. But when those DIDs are did:web, we've achieved scale at the cost of principle. As you note: > "While California DMV has adopted did:web, and while that's not as decentralized as we'd like them to go, we haven't yet put something better in front of them that achieves their goals." The Controlled Identifiers specification you edited exemplifies this dilemma: > "the Controlled Identifiers specification is a distasteful specification. I say this as the lead editor of that specification... but there was a small group of people that were adamant that the specification exist" You made the rational choice given the constraints - "compromise or watch them kill the work." But each compromise creates path dependencies. What was unthinkable (centralized DIDs) becomes debatable, then standard, then mandatory. Your question to Daniel about acceptable compromise is crucial: > "Where's the bar, though? Is it good enough that it removes one thing while adding another?" I propose a different metric: does this compromise preserve or erode the capacity for future resistance? California adopting did:web doesn't just compromise today's decentralization - it makes future decentralization harder. > "we're not done yet. The decentralized bits are taking longer to build..." True, but we need to be honest about trajectory. The gap between centralized deployment and decentralized alternatives is widening, not narrowing. Every pragmatic compromise increases platform leverage for the next negotiation. Regarding Kyle's edge-based age verification proposal, you raise valid concerns: > "Speaking as a parent that is stretched very thin... Why is the burden on me, as a parent, to stop my kid from being pulled into a social media website that is designed to be addicting?" This is fair, but consider: the burden is already on you. Platforms just make it invisible. When they fail (and they do fail), you discover your child has been exposed to content you never approved. The difference with edge-based systems is transparency about where responsibility lies, plus tools to actually exercise it. > "you're shifting a massive amount of liability onto the operating systems and web browser, putting them in the position of policing content." Actually, this highlights exactly what I call "graduated obligations" in my framework - those with power should have proportional duties. Apple and Google already police content through app stores. They already have this power. The question is whether they have corresponding accountability. Your point about society's expectations is important: > "If you want to sell that stuff, you have to do so responsibly -- which seems to be where society largely is these days." But "responsibly" has become "require government ID for everyone," creating surveillance infrastructure that far exceeds the original problem. We're solving parental concerns by building systems that enable financial exclusion and political control. Your August reflection on Daniel's experience with his children's papers was powerful: > "The flush of adrenaline; the heat on your face, hits you before you can process what's going on." This visceral understanding of what's at stake is why your three focal points matter: - Broad dissemination so "confiscating the original documents" cannot happen - Proper pseudonymity levels for transactions - Enable broad base of issuers, not just government bureaucracies But I worry these technical solutions assume good faith that doesn't exist. When platforms control the infrastructure these credentials flow through, they can still achieve confiscation through lockout, regardless of cryptographic possession. Your clarification to Kyle about alternative architecture was helpful: > "we need to reevaluate how these primitives are put together into a functioning architecture; specifically, what credentials are issued by whom and who depends on those -- decentralize the issuers, if possible." Yes, but also: who controls the pipes these credentials flow through? Decentralized issuers mean little if centralized platforms mediate every transaction. You note that DIDs face resistance: > "Even to this day the technology is snubbed in some circles with the hopes that it will just go away." This isn't just technical conservatism - it's active resistance from those whose power depends on centralized control. The x509 diehards aren't wrong technically; they're protecting an architecture that preserves existing power relationships. You're right that we've made significant progress since 2017 - global standards for DIDs and VCs exist. But standards without power to enforce them become suggestions. Utah's new SSI law, where the state explicitly rejects the issuer role, shows alternative paths exist between purist and pragmatist positions. The work continues, but perhaps it's time to complement standards work with building countervailing power - legal frameworks that constrain platforms, economic models that resist extraction, and coalitions that can demand rather than request. -- Christopher Allen
Received on Wednesday, 13 August 2025 05:03:17 UTC