Those are not signifiers for my entire digital life and allowing them to be a single trackable signifier online gives corporations and governments carte blanche to track every movement we make online in perpetuity, forever once that cat is out of the bag.
It will be worse than the WEI framework in terms of restricting access to a certain class of people. If you're already disadvantaged and don't have the ability to provide documents to the DOL proving who you are, how are you supposed to get access to your online identity again to get into a mail account and try to apply for work or housing?
Imagine someone steals your real world wallet and gets your online identity credentials, goes posting revenge porn and crypto spam and gets you booted off every platform. You get cancelled and lose your job because your online identity is tied explicitly to meat space and the court of public opinion operates on guilty even after proving innocence.
Meanwhile you're trying to recover your life--social, physical, and digital--, but can't get into any platforms online. None of your accounts work anymore. You can't access your backups, or get into your contacts because your device is no longer trusted because it's tied to a blocked Microsoft/Google/Apple account. You can't access your house because your IoT security is tied to your online accounts which have been disabled. You can't access your physical documents safe. You have to break into your house. You can't scan the QR code or NFC to verify identity after providing the alarm code. Police come, and arrest you because you can't prove who you are. You're crazed about your situation, babbling because of the insanity of it all and look like someone trying to steal a nice homeowner's documents.
I realize that's a pretty extreme Black Mirror level example a bit like Nosedive, but it's in the realm of possibility if we go down that route knowing that corporations are already trying to do device attestations. Maybe you'd have the prescience to have a physical security layer 0 for your IoT security, but many products people purchase won't because having to carry a key defeats the purpose of having the tech solution.
The scary enough reality is that if there is a single government provided signifier for an individual online, we will inevitably see sweeping tracking and censorship. They do as much as they can possibly do now. Why on Earth would anyone ever think they wouldn't do more?
You call that an extreme example, but I say "watch that happen by 2030 at the rate we're going". It's rather frightening how so many people on Hacker News either are completely unaware that this is a thing that any party of power wants to be able to do, or think that society wouldn't let it happen, even as parties in power remove all means of leverage against them.
> Those are not signifiers for my entire digital life
neither would a wallet, "only allow access with government issued ID" can be done (and _is_ enforced for some things) independently of central-bank-issued wallets or government IDs. They are just orthogonal things.
Most of the EU has had access to electronic IDs for years, but they are not used to log in to hacker news, and there is no reason to expect them to ever be.
Wallets wouldn’t just let some random thief access all your credentials. They have safeguards like biometric TEE unlock. If you’re being targeted by someone who can get past that, then they could do equal damage with your physical drivers license. Nobody is going to drive by swipe your phone, bypass biometrics, and access your wallet just to post revenge porn. Give me a break!
The way you fight companies trying to do device attestation/profiling is to provide a system that meets the current needs but controls structurally the philosophy around what you’re identifying (user, not device). And you legally limit behavior, not technically. I am sick of losing every nice thing we had because some privacy wanker says “oh that’s a persistent identifier better neuter it”. I want well regulated identifiers that I control judicially and around which there is a clear legal framework preventing abuse. I don’t want a world where I can’t manage my kid’s phone on my home network because some tin foil hat at Apple decided to change the device’s mac address every day “for privacy”.
I don't think changing the device MAC idea is a good one either, I just don't want my online identity permanently tied to my meatspace identity because I might say things that a future government takes issue with, and if I am tied by government control to my online identity and rules change, my meatspace life gets fucked forever.
It will be worse than the WEI framework in terms of restricting access to a certain class of people. If you're already disadvantaged and don't have the ability to provide documents to the DOL proving who you are, how are you supposed to get access to your online identity again to get into a mail account and try to apply for work or housing?
Imagine someone steals your real world wallet and gets your online identity credentials, goes posting revenge porn and crypto spam and gets you booted off every platform. You get cancelled and lose your job because your online identity is tied explicitly to meat space and the court of public opinion operates on guilty even after proving innocence.
Meanwhile you're trying to recover your life--social, physical, and digital--, but can't get into any platforms online. None of your accounts work anymore. You can't access your backups, or get into your contacts because your device is no longer trusted because it's tied to a blocked Microsoft/Google/Apple account. You can't access your house because your IoT security is tied to your online accounts which have been disabled. You can't access your physical documents safe. You have to break into your house. You can't scan the QR code or NFC to verify identity after providing the alarm code. Police come, and arrest you because you can't prove who you are. You're crazed about your situation, babbling because of the insanity of it all and look like someone trying to steal a nice homeowner's documents.
I realize that's a pretty extreme Black Mirror level example a bit like Nosedive, but it's in the realm of possibility if we go down that route knowing that corporations are already trying to do device attestations. Maybe you'd have the prescience to have a physical security layer 0 for your IoT security, but many products people purchase won't because having to carry a key defeats the purpose of having the tech solution.
The scary enough reality is that if there is a single government provided signifier for an individual online, we will inevitably see sweeping tracking and censorship. They do as much as they can possibly do now. Why on Earth would anyone ever think they wouldn't do more?
No, thanks.