- From: Pryvit NZ <kyle@pryvit.tech>
- Date: Fri, 18 Jul 2025 00:39:29 +0000
- To: Manu Sporny <msporny@digitalbazaar.com>, "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
I hope you don't mind that I tag the list back in on this question Manu. I think it's also important for people to understand that I don't think that you or many others promoting more decentralized approaches are relying simply on waiting and hope. That's true for many people working on this technology too, but it's the death by 1000 compromises that introduces this problem. The evidence stands in the work you and many others in this community put in and I don't fault people for their efforts. Many people genuinely do want to offer decentralized technological alternatives when possible. However, where we're failing is in the trust architectures itself. For example, TruAge is susceptible to this same problem albeit not because you did this maliciously, but rather that's how the law states it must be done. So you were faced with the question of do I build a solution that aligns with the law to get this technology in use, or does the customer go elsewhere or stay with what they currently have. In this sense, we've become complicit in the removal of agency, at least temporarily because of the compromise. As Daniel points out, sometimes this is necessary to get a seat at the table and change things from within. However, I suspect that for many of the use cases we as technologist find ourselves implementing we simply won't be able to change from within nor would I suggest we always should. In many case requirements like this are exactly scoped to the problem at hand, but it's when the systems get repurposed (which is far easier with these digitally scaled approaches like what digital credentials offer us) that the unintended consequences start to appear like what we're seeing with age verification laws for content moderation purposes on the web. To understand more about my rationale here, I've authored this blog post too. It's a bit of a longer read, but really gets at the heart of the problem that it's not inherently the technology that's the problem, but rather how we choose to architect the trust and then rely on that trust later that sets us on the wrong path. https://kyledenhartog.com/centralized-ssi/ -Kyle On Friday, July 18th, 2025 at 1:15 AM, Manu Sporny <msporny@digitalbazaar.com> wrote: > > > On Wed, Jul 16, 2025 at 10:53 PM Pryvit NZ kyle@pryvit.tech wrote: > > > In short, I don't have much hope that waiting longer will help to improve the overall design of this > > > Perhaps you didn't mean "waiting" in the sense of "we'll just wait > around doing nothing and hope it gets better", but if you did -- I > wasn't suggesting we do nothing and hope things get better. My > argument was to keep working on decentralization of these systems and > iterating on what we have; nudging it more towards what we want... or, > inventing completely new technologies (that fit into what we have > right now, if possible). Which gets to my question to you: > > > because we allowed hierarchical centralization of the issuance and elevated the power of the issuer in the name of trust. I think we're just stuck with a centralized solution for this latest iteration. > > > Can you elaborate on this more? I read your blog post and don't > understand what you mean by "centralization of the issuance" and > "elevated the power of the issuer"... and more importantly, I don't > understand what alternative you're proposing. I know you said you > don't quite have one in the blog post, but I wanted to try and focus > on this one statement because it feels concrete enough to explore. > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > https://www.digitalbazaar.com/
Received on Friday, 18 July 2025 00:39:41 UTC