This is a great point I have been considering when trying to figure out how I want to "own" my digital identity and considering different web 2.0, web3/crypto, and IndieWeb options.
I'd like to point out the mitigating nature of using Multi-Factor Authentication and/or public/private key encryption (ala PGP), for some of the above situations mentioned! Of course these wouldn't replace the directives of
(1) not letting the domain expire, and
(2) being sure to carefully remove/update/inform contacts and websites
but failing both of those, MFA/PGP would help!
And yes, PGP is neither widespread nor easy (the latter definitely driving the former), and YubiKeys aren't as nearly as ubiquitous as silly SMS 2FA, but my point isn't about the specific implemention. I think the PGP/MFA angle just emphasize to me the importance of accepting that our Digital Identities are very much like Theseus's ship, composed of many planks. The devil is in the details, of course, on which plank has write access to the others, to mix some metaphors : )
As far as that is concerned, I find it instructive to look at the US's attempts to ameliorate its awful system of "We don't have a national ID because that's oppressive but if you know someone's SSN we think you're definitely the right person!" I would much prefer a National or State level ID with Zero-Knowledge Proof (thanks Silvio Micali!) capability, but in the mean time the admission that "Some combination of personal knowledge, various forms of official identification attained at different points at life (SSN card, Drivers License, Passport), and access to certain other communication channels (SMS, Physical Mail, Backup Email)" represents identity pretty okay seems philosophically important, even as the hodge-podge, ad-hoc nature of its development has allowed for some awful ("identity theft")[‘Identity theft’? It’s daylight robbery by the banks | David Mitchell | The Guardian] (read: daylight bank robbery but somehow you are responsible for it instead of the bank)
This is a great point I have been considering when trying to figure out how I want to "own" my digital identity and considering different web 2.0, web3/crypto, and IndieWeb options.
I'd like to point out the mitigating nature of using Multi-Factor Authentication and/or public/private key encryption (ala PGP), for some of the above situations mentioned! Of course these wouldn't replace the directives of
(1) not letting the domain expire, and
(2) being sure to carefully remove/update/inform contacts and websites
but failing both of those, MFA/PGP would help!
And yes, PGP is neither widespread nor easy (the latter definitely driving the former), and YubiKeys aren't as nearly as ubiquitous as silly SMS 2FA, but my point isn't about the specific implemention. I think the PGP/MFA angle just emphasize to me the importance of accepting that our Digital Identities are very much like Theseus's ship, composed of many planks. The devil is in the details, of course, on which plank has write access to the others, to mix some metaphors : )
As far as that is concerned, I find it instructive to look at the US's attempts to ameliorate its awful system of "We don't have a national ID because that's oppressive but if you know someone's SSN we think you're definitely the right person!" I would much prefer a National or State level ID with Zero-Knowledge Proof (thanks Silvio Micali!) capability, but in the mean time the admission that "Some combination of personal knowledge, various forms of official identification attained at different points at life (SSN card, Drivers License, Passport), and access to certain other communication channels (SMS, Physical Mail, Backup Email)" represents identity pretty okay seems philosophically important, even as the hodge-podge, ad-hoc nature of its development has allowed for some awful ("identity theft")[‘Identity theft’? It’s daylight robbery by the banks | David Mitchell | The Guardian] (read: daylight bank robbery but somehow you are responsible for it instead of the bank)