Re: De-platforming humans [Was]: When Technical Standards Meet Geopolitical Reality

čt 17. 7. 2025 v 23:35 odesílatel Filip Kolarik <filip26@gmail.com> napsal:

> On Thu, Jul 17, 2025 at 11:23 PM Steve Capell <steve.capell@gmail.com>
> wrote:
>
>> I don’t see how dns is centralised.  It’s a massively distributed lookup
>> system technically. In a governance sense it empowers any beating heart to
>> pick a domain name that isn’t already taken
>>
>
> Technically, DNS is distributed, but governance is centralized. TLDs are
> controlled by a small number of registries under government jurisdiction.
> Recent domain bans and seizures (e.g. in Russia, Turkey, and India) show
> how easily access can be revoked at the top. So yes, you can pick a name,
> but you're still playing in someone else’s namespace.
>

While Nostr mostly based on DNS, the innovation is that that the DNS can be
replicated.  So a message can be spread over 3 DNS servers, instead of
one.  If one goes down, you (hopefully) still have two, and can pick
another one.

You could think of it as like RAID compared with a single hard drive.
Resilience through replication.

We are also looking at using keyparis as an alternative to DNS, which would
provide a more decentralized option.


>
> Best,
> Filip, https://github.com/filip26
>
>
>
>>
>> I must be missing something.
>>
>> On the other hand I’m deeply suspicious of anything that even smells like
>> a blockchain.  Private ledgers are tech vendor snake oil.  Public ledgers
>> are money laundering Ponzi schemes.  Can’t see how they are anything but
>> that.
>>
>> Steven Capell
>> Mob: 0410 437854
>>
>> On 17 Jul 2025, at 11:12 pm, Benjamin Young <byoung@digitalbazaar.com>
>> wrote:
>>
>> 
>> On Thu, Jul 17, 2025, 5:00 PM Steve Capell <steve.capell@gmail.com>
>> wrote:
>>
>>> Anytime I hear anyone say anything like “Bitcoin is a good thing” it
>>> makes me shudder and want to vomit. As far as I can tell  It’s a monstrous
>>> Ponzi scheme that is good for money laundering and not much else
>>>
>>> Why do we perceive did:web (or its improved variants like did:webvh) as
>>> “centralised”? What could be more decentralised than the web? Certainly not
>>> any distributed ledger
>>>
>>
>> DNS (as deployed) is the centralizing component of what most people call
>> "the Web". An HTML-based ecosystem that (de)references things with
>> universal identifiers (URIs) and locators (URLs) doesn't necessarily have
>> that same constraint.
>>
>> In so far as did:web and did:webvh also have a strong dependence on
>> DNS...they would sadly be centralized.
>>
>> However, if the are protocol (beyond HTTP) and/or naming (beyond DNS)
>> agnostic, then they would still have some level of decentralization.
>>
>> But...like the Web...their dominant "expression" would likely be
>> centralized (or at least entangled with a centralized system).
>>
>> (Obviously ignoring mDNS, /etc/hosts, and other means of local naming or
>> DNS overriding)
>>
>> That's my understanding, anyway.
>>
>> Cheers,
>> Benjamin
>>
>>>
>>>
>>> Steven Capell
>>> Mob: 0410 437854
>>>
>>> On 17 Jul 2025, at 10:41 pm, Melvin Carvalho <melvincarvalho@gmail.com>
>>> wrote:
>>>
>>> 
>>>
>>>
>>> čt 17. 7. 2025 v 22:24 odesílatel Adrian Gropper <agropper@healthurl.com>
>>> napsal:
>>>
>>>> Nostr might be a good start for de-platforming social media on the
>>>> basis of pseudonymity and relay-based discovery, but unless
>>>> the architecture also supports untraceable payment the major surveillance
>>>> platforms will persist.
>>>>
>>>
>>> Nostr is tied to any payment system.  But it is largely built by people
>>> in the bitcoin community, so there have been some integrations with bitcoin
>>> technologies, such as the lightning network.
>>>
>>> Innovation continues in this area.  I think that integration with
>>> Blockstream's Liquid [1] would be a good start.
>>>
>>> [1] https://blockstream.com/liquid/
>>>
>>>
>>>>
>>>> Adrian
>>>>
>>>> On Thu, Jul 17, 2025 at 3:58 PM Melvin Carvalho <
>>>> melvincarvalho@gmail.com> wrote:
>>>>
>>>>>
>>>>>
>>>>> čt 17. 7. 2025 v 21:38 odesílatel Adrian Gropper <
>>>>> agropper@healthurl.com> napsal:
>>>>>
>>>>>> It's clearly time for a new architecture. One that benefits from our
>>>>>> experience with SSI as an anti-pattern that is too easily inverted or
>>>>>> ignored.
>>>>>>
>>>>>> I would suggest an architecture that sees platforms for payment and
>>>>>> social media as the problem instead of focusing on identity. An
>>>>>> architecture that, like cash and geocaches, defaults to anonymity by design.
>>>>>>
>>>>>> I would also suggest an architecture that ignores licensed
>>>>>> professionals and things. With the benefit of hindsight, the premise that
>>>>>> identity standards must span licensing and supply chains seems inane.
>>>>>>
>>>>>
>>>>> We have a fairly advanced ecosystem working on all these problems over
>>>>> at Nostr, with several million users, and several thousand DAU.
>>>>>
>>>>> We also have a W3C Nostr Community Group [1] and have already begun
>>>>> work on  a did:nostr spec.
>>>>>
>>>>> [1] https://www.w3.org/community/nostr/
>>>>>
>>>>>
>>>>>>
>>>>>> Sorry,
>>>>>> - Adrian
>>>>>>
>>>>>>
>>>>>> On Wed, Jul 16, 2025 at 3:59 AM Christopher Allen <
>>>>>> ChristopherA@lifewithalacrity.com> wrote:
>>>>>>
>>>>>>> I have occasionally posted a link to one of my blog articles to this
>>>>>>> group, but I thought this article deserved a broader discussion by our CCG
>>>>>>> community, so I'm sharing here.
>>>>>>>
>>>>>>> The original article is at
>>>>>>> https://www.blockchaincommons.com/musings/gdc25/
>>>>>>>
>>>>>>> -- Christopher Allen
>>>>>>>
>>>>>>> Musings of a Trust Architect: When Technical Standards Meet
>>>>>>> Geopolitical Reality
>>>>>>> Digital Identity, Sovereignty, and the Erosion of Foundational
>>>>>>> Principles
>>>>>>> By Christopher Allen <ChristopherA@LifeWithAlacrity.com>
>>>>>>> 2025-07-15
>>>>>>>
>>>>>>> *Reflections on recent conversations about digital identity,
>>>>>>> sovereignty, and the erosion of foundational principles*
>>>>>>>
>>>>>>> Echoes from Geneva
>>>>>>>
>>>>>>> I wasn't present at the [Global Digital Collaboration](
>>>>>>> https://globaldigitalcollaboration.org/) conference (GDC25), but
>>>>>>> the observations shared by colleagues who attended have crystallized some
>>>>>>> issues I've been wrestling with for years. I should note there's a
>>>>>>> selection bias here: I'm the author of the [10 principles of self-sovereign
>>>>>>> identity](
>>>>>>> https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/self-sovereign-identity-principles.md),
>>>>>>> so my community tends to have strong opinions about digital identity.
>>>>>>> Still, when multiple trusted voices independently report similar concerns,
>>>>>>> patterns emerge that are worth examining. And these weren't casual
>>>>>>> observers sharing these concerns. They were seasoned practitioners who've
>>>>>>> spent decades building identity infrastructure. Their collective unease
>>>>>>> speaks to something deeper than technical disagreements.
>>>>>>>
>>>>>>> It's hard to boil the problems at GDC25 down to a single issue,
>>>>>>> because they were so encompassing. For example, there was a pattern of
>>>>>>> scheduling issues that undercut the community co-organizing goal of the
>>>>>>> conference and seemed to particularly impact decentralized talks. One
>>>>>>> session ended up in a small, hot room on the top floor that was hard to
>>>>>>> find. (It was packed anyway!) Generally, the decentralized-centric talks
>>>>>>> were in bad locations, they were short, they had restricted topics, or they
>>>>>>> were shared with other panelists.
>>>>>>>
>>>>>>> I think that logistical shuffling of events may point out one of the
>>>>>>> biggest issues: decentralized systems weren't given much respect. This may
>>>>>>> be true generally. There may be lip service to decentralized systems, but
>>>>>>> not deeper commitments. Its value isn't appreciated, so we're losing its
>>>>>>> principles. Worse, I see the intent of decentralization being inverted:
>>>>>>> where our goal is to give individuals independence and power by reducing
>>>>>>> the control of centralized entities, we're often doing the opposite &mdash;
>>>>>>> still in the name of decentralization.
>>>>>>>
>>>>>>> The Echo Chamber Paradox
>>>>>>>
>>>>>>> The problems at GDC25 remind me of Rebooting the Web of Trust (RWOT)
>>>>>>> community discussions I've been following, which reiterate that this is a
>>>>>>> larger issue. We debate the finer points of zero-knowledge proofs and DID
>>>>>>> conformance while missing the forest for the trees. Case in point: the
>>>>>>> recent emergence of "[`did:genuineid`](
>>>>>>> https://genuinein.com/DIDMethod)" &mdash; a centralized identifier
>>>>>>> system that fundamentally contradicts the "D" in DID.
>>>>>>>
>>>>>>> Obviously, decentralization is a threat to those who currently hold
>>>>>>> power (whether they be governments, corporations, billionaires, or others
>>>>>>> who hold any sort of power), because it tries to remove their
>>>>>>> centralization (and therefore their power), to instead empower the
>>>>>>> individual. But if we can't even maintain the semantic integrity of
>>>>>>> "decentralized" within our own technical community, devoted to the ideal,
>>>>>>> how can we fight for it in the larger world?
>>>>>>>
>>>>>>> The Corpocratic Complication
>>>>>>>
>>>>>>> GDC25 was held in Geneva, Switzerland. 30+ standards organizations
>>>>>>> convened to discuss the future of digital identity. Participants spanned
>>>>>>> the world from the United States to China. There was the opportunity that
>>>>>>> GDC25 was going to be a truly international conference. Indeed, Swiss
>>>>>>> presenters were there, and they spoke of privacy, democratic involvement,
>>>>>>> and achieving public buy-in. It was exactly the themes that we as
>>>>>>> decentralized technologists wanted to hear.
>>>>>>>
>>>>>>> But from what I've heard, things quickly degraded from that ideal.
>>>>>>> Take the United States. The sole representative of the country as a whole
>>>>>>> attended via teleconference. (He was the only presenter who did so!) His
>>>>>>> talk was all about Real ID, framed as a response to 9/11 and rooted in the
>>>>>>> Patriot Act. It lay somewhere between security-theatre and
>>>>>>> identity-as-surveillance, and that's definitely not what we wanted to hear.
>>>>>>> (The contrast between the US and Swiss presentations was apparently
>>>>>>> jarring.)
>>>>>>>
>>>>>>> And with that representative only attending remotely, the United
>>>>>>> State's real representatives ended up being Google and Apple, each
>>>>>>> advancing their own corpocratic interests, not the interests of the people
>>>>>>> we try to empower with decentralized identities.
>>>>>>>
>>>>>>> This isn't just an American problem. It's a symptom of a deeper
>>>>>>> issue happening across our digital infrastructure. It's likely the heart of
>>>>>>> the inversions of decentralized goals that we're seeing &mdash; and likely
>>>>>>> why those logistical reshufflings occurred: to please the gold sponsors. In
>>>>>>> fact, the conference sponsors tell the story: Google, Visa, Mastercard, and
>>>>>>> Huawei were positioned as "leading organizations supporting the advancement
>>>>>>> of wallets, credentials and trusted infrastructure in a manner of global
>>>>>>> collaboration."
>>>>>>>
>>>>>>> While Huawei's presence demonstrates international diversity — a
>>>>>>> Swiss conference bringing together Europe and Asia — it also raised
>>>>>>> questions about whose vision of "trust" would ultimately prevail. When
>>>>>>> payment platforms and surveillance-capable tech giants frame the future of
>>>>>>> identity infrastructure, we shouldn't be surprised when the architecture
>>>>>>> serves their interests first.
>>>>>>>
>>>>>>> This echoes my concerns from ["Has SSI Become Morally Bankrupt?"](
>>>>>>> https://www.blockchaincommons.com/musings/musings-ssi-bankruptcy/).
>>>>>>> We've allowed the narrative of self-sovereignty to be co-opted by the very
>>>>>>> platforms it was meant to challenge. The technical standards exist, but
>>>>>>> they're being implemented in ways that invert their original purpose. Even
>>>>>>> [UNECE sessions acknowledged](
>>>>>>> https://unece.org/trade/events/global-digital-collaboration-conference-international-trade-identity-across-borders)
>>>>>>> the risk of "diluting the autonomy and decentralization that SSI is meant
>>>>>>> to provide."
>>>>>>>
>>>>>>> The Sovereignty Shell Game
>>>>>>>
>>>>>>> Google was partnered with German Sparkasse on ZKP technology and
>>>>>>> that revealed a specific example of this co-opting.
>>>>>>>
>>>>>>> Google's open-sourcing of its Zero-Knowledge Proof libraries,
>>>>>>> announced July 3rd in partnership with Germany's network of public savings
>>>>>>> banks, was positioned as supporting privacy in age verification. Yet as
>>>>>>> [Carsten Stöcker pointed out](
>>>>>>> https://www.linkedin.com/posts/dr-carsten-st%C3%B6cker-1145871_opening-up-zero-knowledge-proof-technology-activity-7348195852085067776-nKDB),
>>>>>>> zero-knowledge doesn't mean zero-tracking when the entire stack runs
>>>>>>> through platform intermediaries. Carsten noted that Google has "extensive
>>>>>>> tracking practices across mobile devices, web platforms and advertising
>>>>>>> infrastructure." Meanwhile, the Google Play API makes no promises that the
>>>>>>> operations are protected from the rest of the OS.
>>>>>>>
>>>>>>> The Google ZKP libraries ("longfellow-sk") could be a great
>>>>>>> [building block](
>>>>>>> https://news.dyne.org/longfellow-zero-knowledge-google-zk/) for
>>>>>>> truly user-centric systems, as they link Zero-Knowledge Proofs to legacy
>>>>>>> cryptographic signature systems that are still mandatory for some hardware.
>>>>>>> But they'd have to be detached from the rest of Google's technology stack.
>>>>>>> Without that, there are too many questions. Could Google access some of the
>>>>>>> knowledge supposedly protected by ZKPs? Could they link it to other data?
>>>>>>> We have no idea.
>>>>>>>
>>>>>>> The European Union's eIDAS Regulation, set to take effect in 2026,
>>>>>>> encourages Member States to integrate privacy-enhancing technologies like
>>>>>>> ZKP into the European Digital Identity Wallet, but integration at the
>>>>>>> platform level offers similar dangers and could again invert the very
>>>>>>> privacy guarantees ZKP promises.
>>>>>>>
>>>>>>> Historical Echoes, Modern Inversions
>>>>>>>
>>>>>>> Identity technology's goals being inverted, so that identity becomes
>>>>>>> a threat rather than a boon, isn't a new problem. In ["Echoes of History"](
>>>>>>> https://www.blockchaincommons.com/articles/echoes-history/), I
>>>>>>> examined how the contrasting approaches of Lentz and Carmille during WWII
>>>>>>> demonstrate the life-or-death importance of data minimization. Lentz's
>>>>>>> comprehensive Dutch identity system enabled the Holocaust's efficiency;
>>>>>>> Carmille's deliberate exclusion of religious data from French records saved
>>>>>>> lives. Even when they're decentralized, today's digital identity systems
>>>>>>> face the same fundamental questions: what data should we collect, what
>>>>>>> should we reveal, and what should we refuse to record entirely?
>>>>>>>
>>>>>>> But we're adding a new layer of complexity. Not only must we
>>>>>>> consider what data to collect, but who controls the infrastructure that
>>>>>>> processes it. When Google partners with Sparkasse on "privacy-preserving"
>>>>>>> age verification, when eIDAS mandates integration at the operating system
>>>>>>> level, we're not just risking data collection: we're embedding it within
>>>>>>> platforms whose business models depend on surveillance. Even if the data is
>>>>>>> theoretically self-sovereign, the threat of data collected is still data
>>>>>>> revealed &mdash; just as happened with Lentz's records.
>>>>>>>
>>>>>>> The European eIDAS framework, which I analyzed in a [follow-up piece
>>>>>>> to "Echoes from History"](
>>>>>>> https://www.blockchaincommons.com/articles/eidas/), shows how even
>>>>>>> well-intentioned regulatory efforts can accelerate platform capture when
>>>>>>> they mandate integration at the operating system level. As I wrote at the
>>>>>>> time, a history of problematic EU legislation that had the best of
>>>>>>> intentions but resulted in unintended consequences has laid the groundwork,
>>>>>>> and now identity is straight in that crosshairs. One of the first, and most
>>>>>>> obvious problems with eIDAS is the mandate "that web browsers accept
>>>>>>> security certificates from individual member states and the EU can refuse
>>>>>>> to revoke them even if they’re dangerous." There are many more &mdash; and
>>>>>>> I'm not [the only voice](
>>>>>>> https://news.dyne.org/the-problems-of-european-digital-identity/)
>>>>>>> on eIDAS and EUDI issues.
>>>>>>>
>>>>>>> Supposedly self-sovereign certificates phoning home whenever they're
>>>>>>> accessed is another recent threat that demonstrates best intentions gone
>>>>>>> awry. This not only violates privacy, but it undercuts some of our best
>>>>>>> arguments for self-sovereign control of credentials by returning liability
>>>>>>> for data leaks to the issuer. The [No Phone Home](
>>>>>>> https://www.blockchaincommons.com/news/No-Phone-Home/) initiative
>>>>>>> that Blockchain Commons joined last month represents one attempt to push
>>>>>>> back on that, but it feels like plugging holes in a dam that's already
>>>>>>> cracking. It all does.
>>>>>>>
>>>>>>> The Builder's Dilemma
>>>>>>>
>>>>>>> What troubles me most is the split I see in our community. On one
>>>>>>> side, technology purists build increasingly sophisticated protocols in
>>>>>>> isolation from policy reality. On the other, pragmatists make compromise
>>>>>>> after compromise until nothing remains of the original vision.
>>>>>>>
>>>>>>> The recent debates about [`did:web` conformance](
>>>>>>> https://github.com/w3c-ccg/did-method-web) illustrate this
>>>>>>> perfectly. Joe Andrieu correctly notes that `did:web` can't distinguish
>>>>>>> between deactivation and non-existence &mdash; a fundamental security
>>>>>>> boundary. Yet `did:web` remains essential to many implementation strategies
>>>>>>> because it bridges the gap between ideals and adoption. It provides
>>>>>>> developers and users with experience with DIDs, but in doing so undercut
>>>>>>> decentralized ideals for those users. We're caught between philosophical
>>>>>>> purity and practical irrelevance.
>>>>>>>
>>>>>>> In my recent writings on [Values in Design](
>>>>>>> https://www.blockchaincommons.com/musings/ValuesDesign/) and the
>>>>>>> [Right to Transact](
>>>>>>> https://www.blockchaincommons.com/musings/RightToTransact/), I've
>>>>>>> tried to articulate what we're fighting for. But values without
>>>>>>> implementation are just philosophy, and implementation without values is
>>>>>>> just surrender.
>>>>>>>
>>>>>>> The Global Digital Collaboration highlighted this tension perfectly.
>>>>>>> International progress on digital identity proceeds apace: Europe,
>>>>>>> Singapore, and China all advance their frameworks, but there are still
>>>>>>> essential issues that invert our fundamental goals in designing
>>>>>>> self-sovereign systems. Meanwhile, the U.S. remains even more stalled, its
>>>>>>> position represented only by the platforms that benefit from the status
>>>>>>> quo. Alongside this, technical standards discussions proceed in isolation
>>>>>>> from the policy, regulatory, and social frameworks that will determine
>>>>>>> their real-world impact.
>>>>>>>
>>>>>>> Where Do We Go From Here?
>>>>>>>
>>>>>>> I find myself returning to first principles. When we designed [TLS
>>>>>>> 1.0](https://datatracker.ietf.org/doc/html/rfc2246), we understood
>>>>>>> that technical protocols encode power relationships. When we established
>>>>>>> the [principles of self-sovereign identity](
>>>>>>> https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/self-sovereign-identity-principles.md),
>>>>>>> we knew that architecture was politics. Ongoing battles, such as those
>>>>>>> between Verifiable Credentials and ISO mDLs, between DIDComm and OpenID4VC,
>>>>>>> demonstrate disagreements over these power relationships made visible in
>>>>>>> technological discussions.
>>>>>>>
>>>>>>> The question now is whether we can reclaim our ideals before they're
>>>>>>> completely inverted by the side of centralized power and controlled
>>>>>>> architecture.
>>>>>>>
>>>>>>> The path forward requires bridging the gaps Geneva revealed:
>>>>>>>
>>>>>>> - Between corporate platform dominance and global digital sovereignty
>>>>>>> - Between the promise of decentralization and the reality of
>>>>>>> recentralization
>>>>>>> - Between technical standards and policy reality
>>>>>>> - Between privacy absolutism and implementation pragmatism
>>>>>>>
>>>>>>> A Personal Note
>>>>>>>
>>>>>>> After three decades of building internet infrastructure, I've
>>>>>>> learned that the most dangerous moment isn't when systems fail, it's when
>>>>>>> they succeed in ways that invert their purpose. We built protocols for
>>>>>>> human autonomy and watched them become instruments of platform control. We
>>>>>>> created standards for decentralization and saw them twisted into new forms
>>>>>>> of centralization.
>>>>>>>
>>>>>>> This conversation continues in private Signal groups, in conference
>>>>>>> hallways, in the space between what we built and what we've become. The
>>>>>>> [Atlantic Council warns](
>>>>>>> https://dfrlab.org/2024/10/01/analysis-a-brave-new-reality-after-the-uns-global-digital-compact/)
>>>>>>> of power centralizing "in ways that threaten the open and bottom-up
>>>>>>> governance traditions of the internet." When critics from across the
>>>>>>> geopolitical spectrum &mdash; from sovereignty advocates to digital rights
>>>>>>> groups &mdash; all sense something amiss, it suggests a fundamental
>>>>>>> architectural problem that transcends ideology.
>>>>>>>
>>>>>>> Perhaps it's time for a new architecture: one that acknowledges
>>>>>>> these inversions and builds resistance into its very foundations.
>>>>>>>
>>>>>>> But that's a longer conversation for another day.
>>>>>>>
>>>>>>> ---
>>>>>>>
>>>>>>> *Christopher Allen has been architecting trust systems for over 30
>>>>>>> years, from co-authoring TLS to establishing self-sovereign identity
>>>>>>> principles. He currently works on alternative approaches to digital
>>>>>>> identity through [Blockchain Commons](
>>>>>>> https://www.blockchaincommons.com/).*
>>>>>>>
>>>>>>