- From: Carsten Stöcker <carsten.stoecker@spherity.com>
- Date: Fri, 18 Jul 2025 13:36:44 +0300
- To: Will Abramson <will@legreq.com>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, Pryvit NZ <kyle@pryvit.tech>, "public-credentials (public-credentials@w3.org)" <public-credentials@w3.org>
- Message-ID: <CAOsO+NU-oR4tW0UdkZ_vQ-r0VLV9F1X2GSfJOFb0u8R_+-pMfg@mail.gmail.com>
Will, Kyle, Manu, and all, I appreciate this thoughtful discussion. I’d like to emphasize an urgent perspective: Decentralization and digital identity systems are not just about privacy or agency … They’re foundational elements of cybersecurity for surviving the emerging (or current) cyber warzone. Every Ukrainian IT, critical infrastructure, or intelligence professional can attest to this: you simply cannot start early enough when preparing for cyber warfare. As recent developments show, the EU and NATO are already under persistent hybrid attack, involving sabotage, cyberattacks, and large-scale disinformation campaigns. We are not facing a hypothetical scenario; this is happening right now. We must protect our smart cities, grids, industrial infrastructure, public infrastructure and private data. Our conversations need to communicate this broader, urgent reality. Building decentralized, resilient systems is more than desirable … it’s MUST DO NOW for both economic stability and national security. Trust architectures must move beyond institutional convenience eCommerce experience to embrace genuine resilience. If our foundations are fragile, we risk severe and lasting consequences. Thanks again for highlighting the importance of decentralization. The stakes have never been higher. Go deeper: https://cstoecker.medium.com/cyber-storm-rising-designing-for-the-warzone-ba83440d8cfe Best, Carsten Will Abramson <will@legreq.com> schrieb am Fr. 18. Juli 2025 um 13:24: > Hey Kyle and all, > > I understand where you are coming from. Unfortunately in the societies we > live in today, "trust" is centralized on specific entities and > institutions. As your rightly point out, this conveys power. Nations states > are one of these, their power essentially rooting back to control over > violence. They protect you from violence, while also wielding the power of > violence as a fallback. Luhmann writes about this. This is perhaps > unfortunate, but it also has worked reasonable well for organizing human > society. > > Maybe it's time for a change, but I don't think we, on our own are capable > of replacing or reforming nation states. > > Also, in some contexts and domains, centralized authorities are > legitimate, necessary sources of trust. Institutionalized trust IS one of > the fundamental ways societies scaled to become this beautiful, complex > mess we have today (see liars and outliers by Bruce Schneier). Contexts > like healthcare, law, etc. places we we have to trust people we don't know > intimately institutions step in to fill the gap. This largely works, but it > is definitely susceptible to corruption and abuses of power. We are seeing > that all around the world today. > > Anyway, back to your post. > > A wise man once told me, don't just tell me what you are fighting against > tell me what you are hoping and striving for. > > One of those things, that reading between the lines I think we agree on, > might simply be stated: > > Individuals should be capable of being the source authority over the > reality of their digital lives. They should be able to actively participate > in the digital interactions through which they are identified and become > "known" to and through a digital system. > > And I agree we are a long way from that. > > However, I still have hope. I shared Dave's sentiment. We are, and have > been, laying the foundations for better, kinder, more co-constituted > digital realms to emerge. > > These things just take time. > > In the fall, DCD, who support me and who I represent in these spaces and > Legendary Requirements (the firm I work for) are going to start talking in > earnest about a new DID methods we have been developing. > > did:btc1 - https://github.com/dcdpr/did-btc1 > > This is the culmination of over three years of research and development. > It is still a work in progress, but we feel we are ready to shout about it. > I for one have found it fascinating to see this method come together over > the years. Markus recently added it to the universal resolver, which I was > buzzing about. I look forward to sharing more, starting with or CCG > presentation on the 2nd of September. > > Because, and this is the last thing I'll say, I do think blockchains give > us a new fundamental tool to construct digital realms. Best articulated by > this article on hardness - > https://stark.mirror.xyz/n2UpRqwdf7yjuiPKVICPpGoUNeDhlWxGqjulrlpyYi0 and > expanded on by these essays on autonomous worlds - https://aw.network/. > > Futures constructed with these technologies and concepts are the futures I > want to explore, play with and live in. > > I believe we will get there, > Best, > Will > > (Apologies for the length) > > > > > On Fri, Jul 18, 2025, 01:41 Pryvit NZ <kyle@pryvit.tech> wrote: > >> I hope you don't mind that I tag the list back in on this question Manu. >> I think it's also important for people to understand that I don't think >> that you or many others promoting more decentralized approaches are relying >> simply on waiting and hope. That's true for many people working on this >> technology too, but it's the death by 1000 compromises that introduces this >> problem. >> >> The evidence stands in the work you and many others in this community put >> in and I don't fault people for their efforts. Many people genuinely do >> want to offer decentralized technological alternatives when possible. >> However, where we're failing is in the trust architectures itself. For >> example, TruAge is susceptible to this same problem albeit not because you >> did this maliciously, but rather that's how the law states it must be done. >> So you were faced with the question of do I build a solution that aligns >> with the law to get this technology in use, or does the customer go >> elsewhere or stay with what they currently have. >> >> In this sense, we've become complicit in the removal of agency, at least >> temporarily because of the compromise. As Daniel points out, sometimes this >> is necessary to get a seat at the table and change things from within. >> However, I suspect that for many of the use cases we as technologist find >> ourselves implementing we simply won't be able to change from within nor >> would I suggest we always should. In many case requirements like this are >> exactly scoped to the problem at hand, but it's when the systems get >> repurposed (which is far easier with these digitally scaled approaches like >> what digital credentials offer us) that the unintended consequences start >> to appear like what we're seeing with age verification laws for content >> moderation purposes on the web. >> >> To understand more about my rationale here, I've authored this blog post >> too. It's a bit of a longer read, but really gets at the heart of the >> problem that it's not inherently the technology that's the problem, but >> rather how we choose to architect the trust and then rely on that trust >> later that sets us on the wrong path. >> >> https://kyledenhartog.com/centralized-ssi/ >> >> -Kyle >> >> >> >> On Friday, July 18th, 2025 at 1:15 AM, Manu Sporny < >> msporny@digitalbazaar.com> wrote: >> >> > >> > >> > On Wed, Jul 16, 2025 at 10:53 PM Pryvit NZ kyle@pryvit.tech wrote: >> > >> > > In short, I don't have much hope that waiting longer will help to >> improve the overall design of this >> > >> > >> > Perhaps you didn't mean "waiting" in the sense of "we'll just wait >> > around doing nothing and hope it gets better", but if you did -- I >> > wasn't suggesting we do nothing and hope things get better. My >> > argument was to keep working on decentralization of these systems and >> > iterating on what we have; nudging it more towards what we want... or, >> > inventing completely new technologies (that fit into what we have >> > right now, if possible). Which gets to my question to you: >> > >> > > because we allowed hierarchical centralization of the issuance and >> elevated the power of the issuer in the name of trust. I think we're just >> stuck with a centralized solution for this latest iteration. >> > >> > >> > Can you elaborate on this more? I read your blog post and don't >> > understand what you mean by "centralization of the issuance" and >> > "elevated the power of the issuer"... and more importantly, I don't >> > understand what alternative you're proposing. I know you said you >> > don't quite have one in the blog post, but I wanted to try and focus >> > on this one statement because it feels concrete enough to explore. >> > >> > -- manu >> > >> > -- >> > Manu Sporny - https://www.linkedin.com/in/manusporny/ >> > Founder/CEO - Digital Bazaar, Inc. >> > https://www.digitalbazaar.com/ >> >>
Received on Friday, 18 July 2025 10:37:05 UTC