- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Thu, 17 Jul 2025 21:58:04 +0200
- To: Adrian Gropper <agropper@healthurl.com>
- Cc: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAKaEYh+huCkZr4=NSAnL46af8h_P5m96dYC+JSyqZMSyAENtBw@mail.gmail.com>
čt 17. 7. 2025 v 21:38 odesílatel Adrian Gropper <agropper@healthurl.com>
napsal:
> It's clearly time for a new architecture. One that benefits from our
> experience with SSI as an anti-pattern that is too easily inverted or
> ignored.
>
> I would suggest an architecture that sees platforms for payment and social
> media as the problem instead of focusing on identity. An architecture that,
> like cash and geocaches, defaults to anonymity by design.
>
> I would also suggest an architecture that ignores licensed professionals
> and things. With the benefit of hindsight, the premise that identity
> standards must span licensing and supply chains seems inane.
>
We have a fairly advanced ecosystem working on all these problems over at
Nostr, with several million users, and several thousand DAU.
We also have a W3C Nostr Community Group [1] and have already begun work
on a did:nostr spec.
[1] https://www.w3.org/community/nostr/
>
> Sorry,
> - Adrian
>
>
> On Wed, Jul 16, 2025 at 3:59 AM Christopher Allen <
> ChristopherA@lifewithalacrity.com> wrote:
>
>> I have occasionally posted a link to one of my blog articles to this
>> group, but I thought this article deserved a broader discussion by our CCG
>> community, so I'm sharing here.
>>
>> The original article is at
>> https://www.blockchaincommons.com/musings/gdc25/
>>
>> -- Christopher Allen
>>
>> Musings of a Trust Architect: When Technical Standards Meet Geopolitical
>> Reality
>> Digital Identity, Sovereignty, and the Erosion of Foundational Principles
>> By Christopher Allen <ChristopherA@LifeWithAlacrity.com>
>> 2025-07-15
>>
>> *Reflections on recent conversations about digital identity, sovereignty,
>> and the erosion of foundational principles*
>>
>> Echoes from Geneva
>>
>> I wasn't present at the [Global Digital Collaboration](
>> https://globaldigitalcollaboration.org/) conference (GDC25), but the
>> observations shared by colleagues who attended have crystallized some
>> issues I've been wrestling with for years. I should note there's a
>> selection bias here: I'm the author of the [10 principles of self-sovereign
>> identity](
>> https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/self-sovereign-identity-principles.md),
>> so my community tends to have strong opinions about digital identity.
>> Still, when multiple trusted voices independently report similar concerns,
>> patterns emerge that are worth examining. And these weren't casual
>> observers sharing these concerns. They were seasoned practitioners who've
>> spent decades building identity infrastructure. Their collective unease
>> speaks to something deeper than technical disagreements.
>>
>> It's hard to boil the problems at GDC25 down to a single issue, because
>> they were so encompassing. For example, there was a pattern of scheduling
>> issues that undercut the community co-organizing goal of the conference and
>> seemed to particularly impact decentralized talks. One session ended up in
>> a small, hot room on the top floor that was hard to find. (It was packed
>> anyway!) Generally, the decentralized-centric talks were in bad locations,
>> they were short, they had restricted topics, or they were shared with other
>> panelists.
>>
>> I think that logistical shuffling of events may point out one of the
>> biggest issues: decentralized systems weren't given much respect. This may
>> be true generally. There may be lip service to decentralized systems, but
>> not deeper commitments. Its value isn't appreciated, so we're losing its
>> principles. Worse, I see the intent of decentralization being inverted:
>> where our goal is to give individuals independence and power by reducing
>> the control of centralized entities, we're often doing the opposite —
>> still in the name of decentralization.
>>
>> The Echo Chamber Paradox
>>
>> The problems at GDC25 remind me of Rebooting the Web of Trust (RWOT)
>> community discussions I've been following, which reiterate that this is a
>> larger issue. We debate the finer points of zero-knowledge proofs and DID
>> conformance while missing the forest for the trees. Case in point: the
>> recent emergence of "[`did:genuineid`](https://genuinein.com/DIDMethod)"
>> — a centralized identifier system that fundamentally contradicts the
>> "D" in DID.
>>
>> Obviously, decentralization is a threat to those who currently hold power
>> (whether they be governments, corporations, billionaires, or others who
>> hold any sort of power), because it tries to remove their centralization
>> (and therefore their power), to instead empower the individual. But if we
>> can't even maintain the semantic integrity of "decentralized" within our
>> own technical community, devoted to the ideal, how can we fight for it in
>> the larger world?
>>
>> The Corpocratic Complication
>>
>> GDC25 was held in Geneva, Switzerland. 30+ standards organizations
>> convened to discuss the future of digital identity. Participants spanned
>> the world from the United States to China. There was the opportunity that
>> GDC25 was going to be a truly international conference. Indeed, Swiss
>> presenters were there, and they spoke of privacy, democratic involvement,
>> and achieving public buy-in. It was exactly the themes that we as
>> decentralized technologists wanted to hear.
>>
>> But from what I've heard, things quickly degraded from that ideal. Take
>> the United States. The sole representative of the country as a whole
>> attended via teleconference. (He was the only presenter who did so!) His
>> talk was all about Real ID, framed as a response to 9/11 and rooted in the
>> Patriot Act. It lay somewhere between security-theatre and
>> identity-as-surveillance, and that's definitely not what we wanted to hear.
>> (The contrast between the US and Swiss presentations was apparently
>> jarring.)
>>
>> And with that representative only attending remotely, the United State's
>> real representatives ended up being Google and Apple, each advancing their
>> own corpocratic interests, not the interests of the people we try to
>> empower with decentralized identities.
>>
>> This isn't just an American problem. It's a symptom of a deeper issue
>> happening across our digital infrastructure. It's likely the heart of the
>> inversions of decentralized goals that we're seeing — and likely why
>> those logistical reshufflings occurred: to please the gold sponsors. In
>> fact, the conference sponsors tell the story: Google, Visa, Mastercard, and
>> Huawei were positioned as "leading organizations supporting the advancement
>> of wallets, credentials and trusted infrastructure in a manner of global
>> collaboration."
>>
>> While Huawei's presence demonstrates international diversity — a Swiss
>> conference bringing together Europe and Asia — it also raised questions
>> about whose vision of "trust" would ultimately prevail. When payment
>> platforms and surveillance-capable tech giants frame the future of identity
>> infrastructure, we shouldn't be surprised when the architecture serves
>> their interests first.
>>
>> This echoes my concerns from ["Has SSI Become Morally Bankrupt?"](
>> https://www.blockchaincommons.com/musings/musings-ssi-bankruptcy/).
>> We've allowed the narrative of self-sovereignty to be co-opted by the very
>> platforms it was meant to challenge. The technical standards exist, but
>> they're being implemented in ways that invert their original purpose. Even
>> [UNECE sessions acknowledged](
>> https://unece.org/trade/events/global-digital-collaboration-conference-international-trade-identity-across-borders)
>> the risk of "diluting the autonomy and decentralization that SSI is meant
>> to provide."
>>
>> The Sovereignty Shell Game
>>
>> Google was partnered with German Sparkasse on ZKP technology and that
>> revealed a specific example of this co-opting.
>>
>> Google's open-sourcing of its Zero-Knowledge Proof libraries, announced
>> July 3rd in partnership with Germany's network of public savings banks, was
>> positioned as supporting privacy in age verification. Yet as [Carsten
>> Stöcker pointed out](
>> https://www.linkedin.com/posts/dr-carsten-st%C3%B6cker-1145871_opening-up-zero-knowledge-proof-technology-activity-7348195852085067776-nKDB),
>> zero-knowledge doesn't mean zero-tracking when the entire stack runs
>> through platform intermediaries. Carsten noted that Google has "extensive
>> tracking practices across mobile devices, web platforms and advertising
>> infrastructure." Meanwhile, the Google Play API makes no promises that the
>> operations are protected from the rest of the OS.
>>
>> The Google ZKP libraries ("longfellow-sk") could be a great [building
>> block](https://news.dyne.org/longfellow-zero-knowledge-google-zk/) for
>> truly user-centric systems, as they link Zero-Knowledge Proofs to legacy
>> cryptographic signature systems that are still mandatory for some hardware.
>> But they'd have to be detached from the rest of Google's technology stack.
>> Without that, there are too many questions. Could Google access some of the
>> knowledge supposedly protected by ZKPs? Could they link it to other data?
>> We have no idea.
>>
>> The European Union's eIDAS Regulation, set to take effect in 2026,
>> encourages Member States to integrate privacy-enhancing technologies like
>> ZKP into the European Digital Identity Wallet, but integration at the
>> platform level offers similar dangers and could again invert the very
>> privacy guarantees ZKP promises.
>>
>> Historical Echoes, Modern Inversions
>>
>> Identity technology's goals being inverted, so that identity becomes a
>> threat rather than a boon, isn't a new problem. In ["Echoes of History"](
>> https://www.blockchaincommons.com/articles/echoes-history/), I examined
>> how the contrasting approaches of Lentz and Carmille during WWII
>> demonstrate the life-or-death importance of data minimization. Lentz's
>> comprehensive Dutch identity system enabled the Holocaust's efficiency;
>> Carmille's deliberate exclusion of religious data from French records saved
>> lives. Even when they're decentralized, today's digital identity systems
>> face the same fundamental questions: what data should we collect, what
>> should we reveal, and what should we refuse to record entirely?
>>
>> But we're adding a new layer of complexity. Not only must we consider
>> what data to collect, but who controls the infrastructure that processes
>> it. When Google partners with Sparkasse on "privacy-preserving" age
>> verification, when eIDAS mandates integration at the operating system
>> level, we're not just risking data collection: we're embedding it within
>> platforms whose business models depend on surveillance. Even if the data is
>> theoretically self-sovereign, the threat of data collected is still data
>> revealed — just as happened with Lentz's records.
>>
>> The European eIDAS framework, which I analyzed in a [follow-up piece to
>> "Echoes from History"](https://www.blockchaincommons.com/articles/eidas/),
>> shows how even well-intentioned regulatory efforts can accelerate platform
>> capture when they mandate integration at the operating system level. As I
>> wrote at the time, a history of problematic EU legislation that had the
>> best of intentions but resulted in unintended consequences has laid the
>> groundwork, and now identity is straight in that crosshairs. One of the
>> first, and most obvious problems with eIDAS is the mandate "that web
>> browsers accept security certificates from individual member states and the
>> EU can refuse to revoke them even if they’re dangerous." There are many
>> more — and I'm not [the only voice](
>> https://news.dyne.org/the-problems-of-european-digital-identity/) on
>> eIDAS and EUDI issues.
>>
>> Supposedly self-sovereign certificates phoning home whenever they're
>> accessed is another recent threat that demonstrates best intentions gone
>> awry. This not only violates privacy, but it undercuts some of our best
>> arguments for self-sovereign control of credentials by returning liability
>> for data leaks to the issuer. The [No Phone Home](
>> https://www.blockchaincommons.com/news/No-Phone-Home/) initiative that
>> Blockchain Commons joined last month represents one attempt to push back on
>> that, but it feels like plugging holes in a dam that's already cracking. It
>> all does.
>>
>> The Builder's Dilemma
>>
>> What troubles me most is the split I see in our community. On one side,
>> technology purists build increasingly sophisticated protocols in isolation
>> from policy reality. On the other, pragmatists make compromise after
>> compromise until nothing remains of the original vision.
>>
>> The recent debates about [`did:web` conformance](
>> https://github.com/w3c-ccg/did-method-web) illustrate this perfectly.
>> Joe Andrieu correctly notes that `did:web` can't distinguish between
>> deactivation and non-existence — a fundamental security boundary. Yet
>> `did:web` remains essential to many implementation strategies because it
>> bridges the gap between ideals and adoption. It provides developers and
>> users with experience with DIDs, but in doing so undercut decentralized
>> ideals for those users. We're caught between philosophical purity and
>> practical irrelevance.
>>
>> In my recent writings on [Values in Design](
>> https://www.blockchaincommons.com/musings/ValuesDesign/) and the [Right
>> to Transact](https://www.blockchaincommons.com/musings/RightToTransact/),
>> I've tried to articulate what we're fighting for. But values without
>> implementation are just philosophy, and implementation without values is
>> just surrender.
>>
>> The Global Digital Collaboration highlighted this tension perfectly.
>> International progress on digital identity proceeds apace: Europe,
>> Singapore, and China all advance their frameworks, but there are still
>> essential issues that invert our fundamental goals in designing
>> self-sovereign systems. Meanwhile, the U.S. remains even more stalled, its
>> position represented only by the platforms that benefit from the status
>> quo. Alongside this, technical standards discussions proceed in isolation
>> from the policy, regulatory, and social frameworks that will determine
>> their real-world impact.
>>
>> Where Do We Go From Here?
>>
>> I find myself returning to first principles. When we designed [TLS 1.0](
>> https://datatracker.ietf.org/doc/html/rfc2246), we understood that
>> technical protocols encode power relationships. When we established the
>> [principles of self-sovereign identity](
>> https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/self-sovereign-identity-principles.md),
>> we knew that architecture was politics. Ongoing battles, such as those
>> between Verifiable Credentials and ISO mDLs, between DIDComm and OpenID4VC,
>> demonstrate disagreements over these power relationships made visible in
>> technological discussions.
>>
>> The question now is whether we can reclaim our ideals before they're
>> completely inverted by the side of centralized power and controlled
>> architecture.
>>
>> The path forward requires bridging the gaps Geneva revealed:
>>
>> - Between corporate platform dominance and global digital sovereignty
>> - Between the promise of decentralization and the reality of
>> recentralization
>> - Between technical standards and policy reality
>> - Between privacy absolutism and implementation pragmatism
>>
>> A Personal Note
>>
>> After three decades of building internet infrastructure, I've learned
>> that the most dangerous moment isn't when systems fail, it's when they
>> succeed in ways that invert their purpose. We built protocols for human
>> autonomy and watched them become instruments of platform control. We
>> created standards for decentralization and saw them twisted into new forms
>> of centralization.
>>
>> This conversation continues in private Signal groups, in conference
>> hallways, in the space between what we built and what we've become. The
>> [Atlantic Council warns](
>> https://dfrlab.org/2024/10/01/analysis-a-brave-new-reality-after-the-uns-global-digital-compact/)
>> of power centralizing "in ways that threaten the open and bottom-up
>> governance traditions of the internet." When critics from across the
>> geopolitical spectrum — from sovereignty advocates to digital rights
>> groups — all sense something amiss, it suggests a fundamental
>> architectural problem that transcends ideology.
>>
>> Perhaps it's time for a new architecture: one that acknowledges these
>> inversions and builds resistance into its very foundations.
>>
>> But that's a longer conversation for another day.
>>
>> ---
>>
>> *Christopher Allen has been architecting trust systems for over 30 years,
>> from co-authoring TLS to establishing self-sovereign identity principles.
>> He currently works on alternative approaches to digital identity through
>> [Blockchain Commons](https://www.blockchaincommons.com/).*
>>
>
Received on Thursday, 17 July 2025 19:58:21 UTC