Re: De-platforming humans [Was]: When Technical Standards Meet Geopolitical Reality

pá 18. 7. 2025 v 10:26 odesílatel Will Abramson <will@legreq.com> napsal:

> Apologies, I have not fully digested this thread.
>
> But I just wanted to say I find "pubkey as name" to be a pretty suboptimal
> solution.
>
> People lose of want to change their keys regularly. I mean who all here
> has lost there house keys right.
>
> Thing is I lose my house keys, I don't lose my house. Same here, I should
> be able to change or lose my keys without losing my name.
>
> That is a big part of what DIDs are all about.
>

I think the argument is something of a strawman.

Nobody uses DIDs to lock their house.

On nostr, millions of users already rely on key-pairs for identity.

There are several competing revocation options, and while the community
hasn’t settled on one yet, they’re all compatible with did:nostr

There’s still work to do, but instead of “moving house,” a better analogy
is simply swapping SIM cards


>
> Thanks,
> Will
>
> On Fri, Jul 18, 2025, 07:22 Melvin Carvalho <melvincarvalho@gmail.com>
> wrote:
>
>>
>>
>> čt 17. 7. 2025 v 23:35 odesílatel Filip Kolarik <filip26@gmail.com>
>> napsal:
>>
>>> On Thu, Jul 17, 2025 at 11:23 PM Steve Capell <steve.capell@gmail.com>
>>> wrote:
>>>
>>>> I don’t see how dns is centralised.  It’s a massively distributed
>>>> lookup system technically. In a governance sense it empowers any beating
>>>> heart to pick a domain name that isn’t already taken
>>>>
>>>
>>> Technically, DNS is distributed, but governance is centralized. TLDs are
>>> controlled by a small number of registries under government jurisdiction.
>>> Recent domain bans and seizures (e.g. in Russia, Turkey, and India) show
>>> how easily access can be revoked at the top. So yes, you can pick a name,
>>> but you're still playing in someone else’s namespace.
>>>
>>
>> There are open alternatives to DNS.
>>
>> The simplest way is to have a keypair.  The user holds a private key, and
>> then the public key becomes their "name" on the internet.
>>
>> Short names are another class of problems, and for that the key property
>> is that it's a non-proprietary level playing field.
>>
>> There are some believers in the "zooko triangle" unproven thesis that
>> short names are impossible, but in fact, all you need is a fair tie-breaker
>> for two people that want the same short name.  What did Zooko get wrong?
>> He forgot about time, let people choose a name in time fairly, and then
>> when two people choose the same name, the tie-breaker is which was earlier.
>>
>> I will implement these 2 strategies (pubkey as name, shortnames with
>> tiebreaker) in addition to DNS, which I think gives users the choice and
>> the best of all worlds.
>>
>>
>>>
>>> Best,
>>> Filip, https://github.com/filip26
>>>
>>>
>>>
>>>>
>>>> I must be missing something.
>>>>
>>>> On the other hand I’m deeply suspicious of anything that even smells
>>>> like a blockchain.  Private ledgers are tech vendor snake oil.  Public
>>>> ledgers are money laundering Ponzi schemes.  Can’t see how they are
>>>> anything but that.
>>>>
>>>> Steven Capell
>>>> Mob: 0410 437854
>>>>
>>>> On 17 Jul 2025, at 11:12 pm, Benjamin Young <byoung@digitalbazaar.com>
>>>> wrote:
>>>>
>>>> 
>>>> On Thu, Jul 17, 2025, 5:00 PM Steve Capell <steve.capell@gmail.com>
>>>> wrote:
>>>>
>>>>> Anytime I hear anyone say anything like “Bitcoin is a good thing” it
>>>>> makes me shudder and want to vomit. As far as I can tell  It’s a monstrous
>>>>> Ponzi scheme that is good for money laundering and not much else
>>>>>
>>>>> Why do we perceive did:web (or its improved variants like did:webvh)
>>>>> as “centralised”? What could be more decentralised than the web? Certainly
>>>>> not any distributed ledger
>>>>>
>>>>
>>>> DNS (as deployed) is the centralizing component of what most people
>>>> call "the Web". An HTML-based ecosystem that (de)references things with
>>>> universal identifiers (URIs) and locators (URLs) doesn't necessarily have
>>>> that same constraint.
>>>>
>>>> In so far as did:web and did:webvh also have a strong dependence on
>>>> DNS...they would sadly be centralized.
>>>>
>>>> However, if the are protocol (beyond HTTP) and/or naming (beyond DNS)
>>>> agnostic, then they would still have some level of decentralization.
>>>>
>>>> But...like the Web...their dominant "expression" would likely be
>>>> centralized (or at least entangled with a centralized system).
>>>>
>>>> (Obviously ignoring mDNS, /etc/hosts, and other means of local naming
>>>> or DNS overriding)
>>>>
>>>> That's my understanding, anyway.
>>>>
>>>> Cheers,
>>>> Benjamin
>>>>
>>>>>
>>>>>
>>>>> Steven Capell
>>>>> Mob: 0410 437854
>>>>>
>>>>> On 17 Jul 2025, at 10:41 pm, Melvin Carvalho <melvincarvalho@gmail.com>
>>>>> wrote:
>>>>>
>>>>> 
>>>>>
>>>>>
>>>>> čt 17. 7. 2025 v 22:24 odesílatel Adrian Gropper <
>>>>> agropper@healthurl.com> napsal:
>>>>>
>>>>>> Nostr might be a good start for de-platforming social media on the
>>>>>> basis of pseudonymity and relay-based discovery, but unless
>>>>>> the architecture also supports untraceable payment the major surveillance
>>>>>> platforms will persist.
>>>>>>
>>>>>
>>>>> Nostr is tied to any payment system.  But it is largely built by
>>>>> people in the bitcoin community, so there have been some integrations with
>>>>> bitcoin technologies, such as the lightning network.
>>>>>
>>>>> Innovation continues in this area.  I think that integration with
>>>>> Blockstream's Liquid [1] would be a good start.
>>>>>
>>>>> [1] https://blockstream.com/liquid/
>>>>>
>>>>>
>>>>>>
>>>>>> Adrian
>>>>>>
>>>>>> On Thu, Jul 17, 2025 at 3:58 PM Melvin Carvalho <
>>>>>> melvincarvalho@gmail.com> wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> čt 17. 7. 2025 v 21:38 odesílatel Adrian Gropper <
>>>>>>> agropper@healthurl.com> napsal:
>>>>>>>
>>>>>>>> It's clearly time for a new architecture. One that benefits from
>>>>>>>> our experience with SSI as an anti-pattern that is too easily inverted or
>>>>>>>> ignored.
>>>>>>>>
>>>>>>>> I would suggest an architecture that sees platforms for payment and
>>>>>>>> social media as the problem instead of focusing on identity. An
>>>>>>>> architecture that, like cash and geocaches, defaults to anonymity by design.
>>>>>>>>
>>>>>>>> I would also suggest an architecture that ignores licensed
>>>>>>>> professionals and things. With the benefit of hindsight, the premise that
>>>>>>>> identity standards must span licensing and supply chains seems inane.
>>>>>>>>
>>>>>>>
>>>>>>> We have a fairly advanced ecosystem working on all these problems
>>>>>>> over at Nostr, with several million users, and several thousand DAU.
>>>>>>>
>>>>>>> We also have a W3C Nostr Community Group [1] and have already begun
>>>>>>> work on  a did:nostr spec.
>>>>>>>
>>>>>>> [1] https://www.w3.org/community/nostr/
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> Sorry,
>>>>>>>> - Adrian
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Jul 16, 2025 at 3:59 AM Christopher Allen <
>>>>>>>> ChristopherA@lifewithalacrity.com> wrote:
>>>>>>>>
>>>>>>>>> I have occasionally posted a link to one of my blog articles to
>>>>>>>>> this group, but I thought this article deserved a broader discussion by our
>>>>>>>>> CCG community, so I'm sharing here.
>>>>>>>>>
>>>>>>>>> The original article is at
>>>>>>>>> https://www.blockchaincommons.com/musings/gdc25/
>>>>>>>>>
>>>>>>>>> -- Christopher Allen
>>>>>>>>>
>>>>>>>>> Musings of a Trust Architect: When Technical Standards Meet
>>>>>>>>> Geopolitical Reality
>>>>>>>>> Digital Identity, Sovereignty, and the Erosion of Foundational
>>>>>>>>> Principles
>>>>>>>>> By Christopher Allen <ChristopherA@LifeWithAlacrity.com>
>>>>>>>>> 2025-07-15
>>>>>>>>>
>>>>>>>>> *Reflections on recent conversations about digital identity,
>>>>>>>>> sovereignty, and the erosion of foundational principles*
>>>>>>>>>
>>>>>>>>> Echoes from Geneva
>>>>>>>>>
>>>>>>>>> I wasn't present at the [Global Digital Collaboration](
>>>>>>>>> https://globaldigitalcollaboration.org/) conference (GDC25), but
>>>>>>>>> the observations shared by colleagues who attended have crystallized some
>>>>>>>>> issues I've been wrestling with for years. I should note there's a
>>>>>>>>> selection bias here: I'm the author of the [10 principles of self-sovereign
>>>>>>>>> identity](
>>>>>>>>> https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/self-sovereign-identity-principles.md),
>>>>>>>>> so my community tends to have strong opinions about digital identity.
>>>>>>>>> Still, when multiple trusted voices independently report similar concerns,
>>>>>>>>> patterns emerge that are worth examining. And these weren't casual
>>>>>>>>> observers sharing these concerns. They were seasoned practitioners who've
>>>>>>>>> spent decades building identity infrastructure. Their collective unease
>>>>>>>>> speaks to something deeper than technical disagreements.
>>>>>>>>>
>>>>>>>>> It's hard to boil the problems at GDC25 down to a single issue,
>>>>>>>>> because they were so encompassing. For example, there was a pattern of
>>>>>>>>> scheduling issues that undercut the community co-organizing goal of the
>>>>>>>>> conference and seemed to particularly impact decentralized talks. One
>>>>>>>>> session ended up in a small, hot room on the top floor that was hard to
>>>>>>>>> find. (It was packed anyway!) Generally, the decentralized-centric talks
>>>>>>>>> were in bad locations, they were short, they had restricted topics, or they
>>>>>>>>> were shared with other panelists.
>>>>>>>>>
>>>>>>>>> I think that logistical shuffling of events may point out one of
>>>>>>>>> the biggest issues: decentralized systems weren't given much respect. This
>>>>>>>>> may be true generally. There may be lip service to decentralized systems,
>>>>>>>>> but not deeper commitments. Its value isn't appreciated, so we're losing
>>>>>>>>> its principles. Worse, I see the intent of decentralization being inverted:
>>>>>>>>> where our goal is to give individuals independence and power by reducing
>>>>>>>>> the control of centralized entities, we're often doing the opposite &mdash;
>>>>>>>>> still in the name of decentralization.
>>>>>>>>>
>>>>>>>>> The Echo Chamber Paradox
>>>>>>>>>
>>>>>>>>> The problems at GDC25 remind me of Rebooting the Web of Trust
>>>>>>>>> (RWOT) community discussions I've been following, which reiterate that this
>>>>>>>>> is a larger issue. We debate the finer points of zero-knowledge proofs and
>>>>>>>>> DID conformance while missing the forest for the trees. Case in point: the
>>>>>>>>> recent emergence of "[`did:genuineid`](
>>>>>>>>> https://genuinein.com/DIDMethod)" &mdash; a centralized
>>>>>>>>> identifier system that fundamentally contradicts the "D" in DID.
>>>>>>>>>
>>>>>>>>> Obviously, decentralization is a threat to those who currently
>>>>>>>>> hold power (whether they be governments, corporations, billionaires, or
>>>>>>>>> others who hold any sort of power), because it tries to remove their
>>>>>>>>> centralization (and therefore their power), to instead empower the
>>>>>>>>> individual. But if we can't even maintain the semantic integrity of
>>>>>>>>> "decentralized" within our own technical community, devoted to the ideal,
>>>>>>>>> how can we fight for it in the larger world?
>>>>>>>>>
>>>>>>>>> The Corpocratic Complication
>>>>>>>>>
>>>>>>>>> GDC25 was held in Geneva, Switzerland. 30+ standards organizations
>>>>>>>>> convened to discuss the future of digital identity. Participants spanned
>>>>>>>>> the world from the United States to China. There was the opportunity that
>>>>>>>>> GDC25 was going to be a truly international conference. Indeed, Swiss
>>>>>>>>> presenters were there, and they spoke of privacy, democratic involvement,
>>>>>>>>> and achieving public buy-in. It was exactly the themes that we as
>>>>>>>>> decentralized technologists wanted to hear.
>>>>>>>>>
>>>>>>>>> But from what I've heard, things quickly degraded from that ideal.
>>>>>>>>> Take the United States. The sole representative of the country as a whole
>>>>>>>>> attended via teleconference. (He was the only presenter who did so!) His
>>>>>>>>> talk was all about Real ID, framed as a response to 9/11 and rooted in the
>>>>>>>>> Patriot Act. It lay somewhere between security-theatre and
>>>>>>>>> identity-as-surveillance, and that's definitely not what we wanted to hear.
>>>>>>>>> (The contrast between the US and Swiss presentations was apparently
>>>>>>>>> jarring.)
>>>>>>>>>
>>>>>>>>> And with that representative only attending remotely, the United
>>>>>>>>> State's real representatives ended up being Google and Apple, each
>>>>>>>>> advancing their own corpocratic interests, not the interests of the people
>>>>>>>>> we try to empower with decentralized identities.
>>>>>>>>>
>>>>>>>>> This isn't just an American problem. It's a symptom of a deeper
>>>>>>>>> issue happening across our digital infrastructure. It's likely the heart of
>>>>>>>>> the inversions of decentralized goals that we're seeing &mdash; and likely
>>>>>>>>> why those logistical reshufflings occurred: to please the gold sponsors. In
>>>>>>>>> fact, the conference sponsors tell the story: Google, Visa, Mastercard, and
>>>>>>>>> Huawei were positioned as "leading organizations supporting the advancement
>>>>>>>>> of wallets, credentials and trusted infrastructure in a manner of global
>>>>>>>>> collaboration."
>>>>>>>>>
>>>>>>>>> While Huawei's presence demonstrates international diversity — a
>>>>>>>>> Swiss conference bringing together Europe and Asia — it also raised
>>>>>>>>> questions about whose vision of "trust" would ultimately prevail. When
>>>>>>>>> payment platforms and surveillance-capable tech giants frame the future of
>>>>>>>>> identity infrastructure, we shouldn't be surprised when the architecture
>>>>>>>>> serves their interests first.
>>>>>>>>>
>>>>>>>>> This echoes my concerns from ["Has SSI Become Morally Bankrupt?"](
>>>>>>>>> https://www.blockchaincommons.com/musings/musings-ssi-bankruptcy/).
>>>>>>>>> We've allowed the narrative of self-sovereignty to be co-opted by the very
>>>>>>>>> platforms it was meant to challenge. The technical standards exist, but
>>>>>>>>> they're being implemented in ways that invert their original purpose. Even
>>>>>>>>> [UNECE sessions acknowledged](
>>>>>>>>> https://unece.org/trade/events/global-digital-collaboration-conference-international-trade-identity-across-borders)
>>>>>>>>> the risk of "diluting the autonomy and decentralization that SSI is meant
>>>>>>>>> to provide."
>>>>>>>>>
>>>>>>>>> The Sovereignty Shell Game
>>>>>>>>>
>>>>>>>>> Google was partnered with German Sparkasse on ZKP technology and
>>>>>>>>> that revealed a specific example of this co-opting.
>>>>>>>>>
>>>>>>>>> Google's open-sourcing of its Zero-Knowledge Proof libraries,
>>>>>>>>> announced July 3rd in partnership with Germany's network of public savings
>>>>>>>>> banks, was positioned as supporting privacy in age verification. Yet as
>>>>>>>>> [Carsten Stöcker pointed out](
>>>>>>>>> https://www.linkedin.com/posts/dr-carsten-st%C3%B6cker-1145871_opening-up-zero-knowledge-proof-technology-activity-7348195852085067776-nKDB),
>>>>>>>>> zero-knowledge doesn't mean zero-tracking when the entire stack runs
>>>>>>>>> through platform intermediaries. Carsten noted that Google has "extensive
>>>>>>>>> tracking practices across mobile devices, web platforms and advertising
>>>>>>>>> infrastructure." Meanwhile, the Google Play API makes no promises that the
>>>>>>>>> operations are protected from the rest of the OS.
>>>>>>>>>
>>>>>>>>> The Google ZKP libraries ("longfellow-sk") could be a great
>>>>>>>>> [building block](
>>>>>>>>> https://news.dyne.org/longfellow-zero-knowledge-google-zk/) for
>>>>>>>>> truly user-centric systems, as they link Zero-Knowledge Proofs to legacy
>>>>>>>>> cryptographic signature systems that are still mandatory for some hardware.
>>>>>>>>> But they'd have to be detached from the rest of Google's technology stack.
>>>>>>>>> Without that, there are too many questions. Could Google access some of the
>>>>>>>>> knowledge supposedly protected by ZKPs? Could they link it to other data?
>>>>>>>>> We have no idea.
>>>>>>>>>
>>>>>>>>> The European Union's eIDAS Regulation, set to take effect in 2026,
>>>>>>>>> encourages Member States to integrate privacy-enhancing technologies like
>>>>>>>>> ZKP into the European Digital Identity Wallet, but integration at the
>>>>>>>>> platform level offers similar dangers and could again invert the very
>>>>>>>>> privacy guarantees ZKP promises.
>>>>>>>>>
>>>>>>>>> Historical Echoes, Modern Inversions
>>>>>>>>>
>>>>>>>>> Identity technology's goals being inverted, so that identity
>>>>>>>>> becomes a threat rather than a boon, isn't a new problem. In ["Echoes of
>>>>>>>>> History"](
>>>>>>>>> https://www.blockchaincommons.com/articles/echoes-history/), I
>>>>>>>>> examined how the contrasting approaches of Lentz and Carmille during WWII
>>>>>>>>> demonstrate the life-or-death importance of data minimization. Lentz's
>>>>>>>>> comprehensive Dutch identity system enabled the Holocaust's efficiency;
>>>>>>>>> Carmille's deliberate exclusion of religious data from French records saved
>>>>>>>>> lives. Even when they're decentralized, today's digital identity systems
>>>>>>>>> face the same fundamental questions: what data should we collect, what
>>>>>>>>> should we reveal, and what should we refuse to record entirely?
>>>>>>>>>
>>>>>>>>> But we're adding a new layer of complexity. Not only must we
>>>>>>>>> consider what data to collect, but who controls the infrastructure that
>>>>>>>>> processes it. When Google partners with Sparkasse on "privacy-preserving"
>>>>>>>>> age verification, when eIDAS mandates integration at the operating system
>>>>>>>>> level, we're not just risking data collection: we're embedding it within
>>>>>>>>> platforms whose business models depend on surveillance. Even if the data is
>>>>>>>>> theoretically self-sovereign, the threat of data collected is still data
>>>>>>>>> revealed &mdash; just as happened with Lentz's records.
>>>>>>>>>
>>>>>>>>> The European eIDAS framework, which I analyzed in a [follow-up
>>>>>>>>> piece to "Echoes from History"](
>>>>>>>>> https://www.blockchaincommons.com/articles/eidas/), shows how
>>>>>>>>> even well-intentioned regulatory efforts can accelerate platform capture
>>>>>>>>> when they mandate integration at the operating system level. As I wrote at
>>>>>>>>> the time, a history of problematic EU legislation that had the best of
>>>>>>>>> intentions but resulted in unintended consequences has laid the groundwork,
>>>>>>>>> and now identity is straight in that crosshairs. One of the first, and most
>>>>>>>>> obvious problems with eIDAS is the mandate "that web browsers accept
>>>>>>>>> security certificates from individual member states and the EU can refuse
>>>>>>>>> to revoke them even if they’re dangerous." There are many more &mdash; and
>>>>>>>>> I'm not [the only voice](
>>>>>>>>> https://news.dyne.org/the-problems-of-european-digital-identity/)
>>>>>>>>> on eIDAS and EUDI issues.
>>>>>>>>>
>>>>>>>>> Supposedly self-sovereign certificates phoning home whenever
>>>>>>>>> they're accessed is another recent threat that demonstrates best intentions
>>>>>>>>> gone awry. This not only violates privacy, but it undercuts some of our
>>>>>>>>> best arguments for self-sovereign control of credentials by returning
>>>>>>>>> liability for data leaks to the issuer. The [No Phone Home](
>>>>>>>>> https://www.blockchaincommons.com/news/No-Phone-Home/) initiative
>>>>>>>>> that Blockchain Commons joined last month represents one attempt to push
>>>>>>>>> back on that, but it feels like plugging holes in a dam that's already
>>>>>>>>> cracking. It all does.
>>>>>>>>>
>>>>>>>>> The Builder's Dilemma
>>>>>>>>>
>>>>>>>>> What troubles me most is the split I see in our community. On one
>>>>>>>>> side, technology purists build increasingly sophisticated protocols in
>>>>>>>>> isolation from policy reality. On the other, pragmatists make compromise
>>>>>>>>> after compromise until nothing remains of the original vision.
>>>>>>>>>
>>>>>>>>> The recent debates about [`did:web` conformance](
>>>>>>>>> https://github.com/w3c-ccg/did-method-web) illustrate this
>>>>>>>>> perfectly. Joe Andrieu correctly notes that `did:web` can't distinguish
>>>>>>>>> between deactivation and non-existence &mdash; a fundamental security
>>>>>>>>> boundary. Yet `did:web` remains essential to many implementation strategies
>>>>>>>>> because it bridges the gap between ideals and adoption. It provides
>>>>>>>>> developers and users with experience with DIDs, but in doing so undercut
>>>>>>>>> decentralized ideals for those users. We're caught between philosophical
>>>>>>>>> purity and practical irrelevance.
>>>>>>>>>
>>>>>>>>> In my recent writings on [Values in Design](
>>>>>>>>> https://www.blockchaincommons.com/musings/ValuesDesign/) and the
>>>>>>>>> [Right to Transact](
>>>>>>>>> https://www.blockchaincommons.com/musings/RightToTransact/), I've
>>>>>>>>> tried to articulate what we're fighting for. But values without
>>>>>>>>> implementation are just philosophy, and implementation without values is
>>>>>>>>> just surrender.
>>>>>>>>>
>>>>>>>>> The Global Digital Collaboration highlighted this tension
>>>>>>>>> perfectly. International progress on digital identity proceeds apace:
>>>>>>>>> Europe, Singapore, and China all advance their frameworks, but there are
>>>>>>>>> still essential issues that invert our fundamental goals in designing
>>>>>>>>> self-sovereign systems. Meanwhile, the U.S. remains even more stalled, its
>>>>>>>>> position represented only by the platforms that benefit from the status
>>>>>>>>> quo. Alongside this, technical standards discussions proceed in isolation
>>>>>>>>> from the policy, regulatory, and social frameworks that will determine
>>>>>>>>> their real-world impact.
>>>>>>>>>
>>>>>>>>> Where Do We Go From Here?
>>>>>>>>>
>>>>>>>>> I find myself returning to first principles. When we designed [TLS
>>>>>>>>> 1.0](https://datatracker.ietf.org/doc/html/rfc2246), we
>>>>>>>>> understood that technical protocols encode power relationships. When we
>>>>>>>>> established the [principles of self-sovereign identity](
>>>>>>>>> https://github.com/WebOfTrustInfo/self-sovereign-identity/blob/master/self-sovereign-identity-principles.md),
>>>>>>>>> we knew that architecture was politics. Ongoing battles, such as those
>>>>>>>>> between Verifiable Credentials and ISO mDLs, between DIDComm and OpenID4VC,
>>>>>>>>> demonstrate disagreements over these power relationships made visible in
>>>>>>>>> technological discussions.
>>>>>>>>>
>>>>>>>>> The question now is whether we can reclaim our ideals before
>>>>>>>>> they're completely inverted by the side of centralized power and controlled
>>>>>>>>> architecture.
>>>>>>>>>
>>>>>>>>> The path forward requires bridging the gaps Geneva revealed:
>>>>>>>>>
>>>>>>>>> - Between corporate platform dominance and global digital
>>>>>>>>> sovereignty
>>>>>>>>> - Between the promise of decentralization and the reality of
>>>>>>>>> recentralization
>>>>>>>>> - Between technical standards and policy reality
>>>>>>>>> - Between privacy absolutism and implementation pragmatism
>>>>>>>>>
>>>>>>>>> A Personal Note
>>>>>>>>>
>>>>>>>>> After three decades of building internet infrastructure, I've
>>>>>>>>> learned that the most dangerous moment isn't when systems fail, it's when
>>>>>>>>> they succeed in ways that invert their purpose. We built protocols for
>>>>>>>>> human autonomy and watched them become instruments of platform control. We
>>>>>>>>> created standards for decentralization and saw them twisted into new forms
>>>>>>>>> of centralization.
>>>>>>>>>
>>>>>>>>> This conversation continues in private Signal groups, in
>>>>>>>>> conference hallways, in the space between what we built and what we've
>>>>>>>>> become. The [Atlantic Council warns](
>>>>>>>>> https://dfrlab.org/2024/10/01/analysis-a-brave-new-reality-after-the-uns-global-digital-compact/)
>>>>>>>>> of power centralizing "in ways that threaten the open and bottom-up
>>>>>>>>> governance traditions of the internet." When critics from across the
>>>>>>>>> geopolitical spectrum &mdash; from sovereignty advocates to digital rights
>>>>>>>>> groups &mdash; all sense something amiss, it suggests a fundamental
>>>>>>>>> architectural problem that transcends ideology.
>>>>>>>>>
>>>>>>>>> Perhaps it's time for a new architecture: one that acknowledges
>>>>>>>>> these inversions and builds resistance into its very foundations.
>>>>>>>>>
>>>>>>>>> But that's a longer conversation for another day.
>>>>>>>>>
>>>>>>>>> ---
>>>>>>>>>
>>>>>>>>> *Christopher Allen has been architecting trust systems for over 30
>>>>>>>>> years, from co-authoring TLS to establishing self-sovereign identity
>>>>>>>>> principles. He currently works on alternative approaches to digital
>>>>>>>>> identity through [Blockchain Commons](
>>>>>>>>> https://www.blockchaincommons.com/).*
>>>>>>>>>
>>>>>>>>