This is how we end up with personal accounts as an admin of Facebook ads of fortune 500 companies, and the like. By not allowing multiple accounts, you prevent partitioning of life/business, you prevent abused spouses from creating a secret identity to seek help through, you prevent whistleblowers from blowing the whistle, you prevent people from being able to have conversations about part of their life they don't want associating with their identity.

> Strong identity should be the default

People can have multiple passports! They can choose which passport to show when entering a country. I have a US ID and a Dutch ID, a US social security number and a Dutch one, a US phone number, and a Dutch one. Why should I have the privilege to have multiple accounts while you do not, simply because I moved to another country?

> Lost an hour at the Verizon store trying to get my mom a new phone for the holidays only to learn she needs a DL.

Why should only people who have driver's licenses be allowed to get a phone? That seems ridiculous.

> You get one shot and if you blow it and don't play by the rules your account is banned

Since I've moved to the EU, I have many friends who get banned simply because their written English is bad enough to be considered a bot. How does identity prove they are a human and not a human running a bot? Please tell me this. I'm quite interested in this.

> In the actual implementation the user is issued a selection of credentials with varying claims and can choose which one to present to any given service. The user only reveals the minimum information they're comfortable sharing with any given service.

How is this different than what we already have? I can choose to give a service as little true information as I want. Do you just want some cryptographic user/pass that is attested via a government? What do you do if a government revokes a user's id (aka, deportation, lost id, etc)? Can they still log in? What if it expires, is it still valid for your service? My US driver's license is long expired, but it still asserts my identity even though I can no longer use it to prove I know how to drive.

I don't think this is very well thought through, nor is it realistic once it hits any sort of common edge case. I really hope nothing like this ever happens.

> Many many services ask for phone number as a proxy for "this is a unique human".

Anyone can get as many phone numbers as they want for less than $5/each.

And there is a better way to rate limit account creation -- you pay $5 to create an account. For a legitimate user this is a nominal one-time fee, but a spammer has their account banned in minutes and has to pay over and over, and the fee directly pays the costs of fighting spammers so the more there are the more funding you get.

The biggest problem with this is, ironically, that we messed up our payments systems so that it's really hard to pay anyone over the internet without disclosing your identity. Which makes "pay a nominal fee instead of giving your identity" pretty hard to implement. If you want to fix something, fix that.

> Strong identity should be the default, anonymity only when needed or desired by a select digital community.

Anonymity has to be the default because it's needed by specific people rather than specific communities. Most people on some huge social network don't need to be anonymous but the minority who do need it desperately. They're a minority that needs to be protected even though a conglomerate would be willing to steamroll over them because they're not a large enough population to affect the bottom line.

> The iPhone has been remotely exploitable since its introduction. Still, I don't know of a single Secure Enclave exfiltration exploit because it's hardware separated. Regardless, your doom and gloom scenario has yet to play out so I'm calling FUD.

It hasn't been a huge problem because the majority of people haven't had a single-root digital ID on their phone and the majority of services don't currently accept one. But there have been known to be vulnerabilities in various hardware security modules, some of them remotely exploitable. It's a bad assumption that no one will ever find another one.

And the problem isn't just the scale, it's the scope. Even Apple had a Secure Enclave vulnerability, which was reported to require physical access, but sometimes the attacker has physical access. And then it's not that you can access the bank accounts of millions of people, it's that you can access all the accounts of anyone whose phone you can steal because you've put every egg into the basket of that single ID. Which the attacker can then use without showing their face in a physical place.

> There is no that.

That's my point. That is the law against giving false information on an application for government ID, which isn't any more effective than a law against giving false information on an application for a bank account, and shouldn't be necessary on an application for phone service or similar.

> I don't know of any banks that let you bypass identity verification because you lost your credential. You have to go get a new credential.

You did the identity verification when you opened your account. They generally don't need to see your ID again. They were going to send a new card there anyway because the cards expire every few years and they automatically send you a new one.

> Fun fact, phone companies are now requiring ID verification via state issued credentials to make changes to your account.

Not because they care about your name, because they don't want attackers stealing their actual customers' phone numbers and digital credentials can be stolen remotely, so they resort to physical ID. Making the government ID a remotely stealable digital credential is not solving their problem.

> Nobody cares if the human uses a user-agent software to browse the web.

You don't want players using bots to play your game, so you say captcha to continue if they play suspiciously well or suspiciously long. Asking for ID doesn't work because the bot can present the human's ID.

You don't want Archiveteam scraping your site, but they have many volunteers willing to each run a slow crawler from a separate IP and it's hard to distinguish the bots from real users, so you use captchas. Using IDs instead doesn't work because each of the volunteers has a unique ID.

Company wants to use AI marketing bots in the same way as they pay astroturfers, but now instead of paying $1000/month they pay 100 times as many people $10/month just to use their ID. Each bot gets an ID, and the bots aren't conspicuous so they don't get banned quickly, they just post a lot of 20th percentile-quality content and really love that company's products. If anybody's ID gets banned the company replaces them with someone else. There are a million people willing to take a ban from a site they don't use in exchange for a little money.

Lots of people currently use captchas in places where asking for ID wouldn't do any good. Rate limiting by ID overlaps heavily with rate limiting by IP address.

> All these things are enabled by a lack of scarcity in identity or anonymity (two sides of the same coin).

These are not at all the same thing. You can get access to a large number of unique identities with a relatively modest amount of resources, and demanding ID won't be effective for anything requiring more of a deterrent than that. Conversely, you can rate limit based on anything scarce, not just ID.

Having users post a bond is particularly effective because you can make the amount scale with how aggressively you need to deter bad actors, and it's technically possible (though not currently convenient) to do this anonymously.

You can also rate limit by reputation by using vouching systems etc. etc., none of which requires the person doing the vouching or the person being vouched for to be using the same identity on your site as they use in any other place.

> Because strong identity is scarce, you don't get to make up accounts for a bot and then just roll a new one when that bot is banned. You get one shot and if you blow it and don't play by the rules your account is banned, your spam and abuse potential is now zero instead of one.

This is what I mean by creating new problems. What do you do if you get hacked and then banned from everything? It's one thing to lose a $5 deposit or have to start over with a new account on one service, what do you do after your ID gets banned from all social media and every major infrastructure provider in a consolidated market? Tying everything to one root is bad.

> If you're being targeted by your government then you can't use systems with strong identity anyway (whether it's form the 20th or 21st century isn't important), so it's a moot point. You can't use banks with KYC because all your accounts are frozen or being watched. You can't communicate using government regulated comms channels.

There are different levels of being targeted by the government. If your abusive ex is a cop, you need to be able to operate under the radar so they can't find you. That doesn't mean they can have your bank account frozen without raising red flags, so you can still go to the bank to get enough cash to run away.

> If you don't like yours then move elsewhere or yes reach for true anonymity and operate beyond the pale.

In general we try to improve the government, e.g. by increasing the ability for the public to maintain their anonymity. Especially when that country is the US and the US is the country preventing other countries from e.g. providing their citizens with an anonymous bank account. Where are you even suggesting someone go? Sealand?

> Nooo. Trust is not rooted in your address. It's rooted in presentation of a birth certificate and residency documents to a government agency. Only after you attest to your name and bind your name to an address is an address trusted.

A birth certificate is just a piece of paper with a name on it. They have no way of knowing if that's your name. No authentication is happening there.

This stuff isn't based on cryptography or signature verification or anything. It's based on it being a crime to lie about it in particular contexts, which deters people from doing that. "Attesting to your name" is something you could do just the same to the bank. All you have to do is make it illegal to give a false social security number to a bank and you have the same level of security as you do to get the government ID.

> Any system where I can't just make up arbitrary details about myself is to be destroyed. Okay that's practical.

Being made up is where names come from, and people don't have a single name. Married people often change their name and carry on using both of them in different contexts.

A particularly relevant example is stage names. Their name in the credits isn't the name on their mortgage or in their high school year book. They'll use their stage name for a social media account. Using their other name is dangerous because if their social media account gets hacked, the name on their mortgage gets out and stalkers show up at their house.

This is as true for minor celebrities as major ones, if you do certain kinds of work or discuss certain kinds of topics, so those people need to use a pseudonym on the internet. With no way for anyone to tie it to where they live. Even if they're not famous enough to have Big Tech CEOs in their address book.

> The solution is build a strong robust framework around which information is clearly in the domain of user-controlled identity/PII and that shall not be abused without consequence, and then enforce the law. How is that not clear?

That has two major problems.

1) There is no way to verify what they do with it. Once they have the information, what they do happens entirely within their own organization, which the user has no way of knowing. They'll lie about it, or secure it inappropriately and then have it leaked. The only real solution is for them never to have it to begin with, not laws on what they can do with it that nobody can verify.

2) Defining PII in this way is basically hopeless, because whether something is personally identifiable is context-specific.

You want to prevent a social media company from getting your PII, so you never give them your name or date of birth, all they have is your username with them. If the same company owns a retailer, you make a separate account with the retailer and the social media service still doesn't have a physical address for your social media account even if the retail service does.

Give that company a way to prevent you from having "two accounts" and now you have one account and your social media account is correlated with your name and physical address. But they get to claim they need the information because the retailer has a legitimate need for your shipping information. And the username goes from not identifying you to identifying you.

> We live in a blurry purgatory where nobody knows what exactly is an identifier and how it should be respected because we don't have strong digital identity.

How would "strong digital identity" change that? All it would do is create an additional form of PII. All of the others would still be there and be just as uniquely identifying, including the ones that weren't created to be or appear to be at first glance but are, or are in combination with some other variables they also know.

> The ad industry doesn't need a credential document to track you. They just tag you with their own UUID when they see you and your shitty browser (also built by ad-tech) does the rest.

It's not that hard to maintain multiple identities and keep them separate. The easiest way for laymen is to use separate devices; older devices are cheap and more than fast enough for basic internet use if you just want to read the news on a device that doesn't know where you work etc.

Forced single identity kind of throws that out the window as soon as they find any way to correlate accounts using the same ID, and do you really think they won't?

> It doesn't create a single new problem (or if it does it's strictly in the realm of unsophisticated doom and gloom tirade FUD).

Okay, here's a single, specific, new problem: If your government ID is digital rather than physical then things that used to require a criminal to be physically present in your jurisdiction can now happen over the internet from countries where they have no fear of prosecution.

> It makes a shitty system better for the vast majority of humans who'd aren't super fond of internet trolling, scalping, spam, bullying, and all manner of activities that our current system tacitly glorifies.

There are alternate ways to address these problems that don't involve massive centralization of authentication.

> Privacy is not one dimensional. If you're competent you understand that privacy isn't "nobody knows anything about me". Privacy is about only sharing sensitive information with people you trust.

That's kind of the point. You're already free to give truthful information to anyone you trust. Now what do you do if you don't trust someone but they demand your info anyway and you're not in a position to refuse?

> I want technology to augment and enhance human systems. I don't want to evolve into a trans-humanist hive mind type of civilization where we're all faceless interchangeable worker bees without any sort of reputation or identity.

There is a difference between faceless anonymity and having multiple identities. The latter is how human society has always operated. People behave differently in front of their parents and their friends. They wear different clothes to work and to play. They say things in confidence to people they trust that they wouldn't say to people they don't.

But now you're not just saying it to the people you trust, you're saying it to people you trust and a huge corporation who records it forever and often gets breached. Keeping a thick line between these different identities is something we need to support, not inhibit.

You're really looking for a rate limiter to prevent someone from creating a million accounts. You don't have to merge everyone's pseudonyms into a totalitarian centralized identity system for that. All you need is something that puts a price on account creation. A literal price would work fine. So would a dozen other things.

The real problem is that services don't want something that adds friction to account creation, but they do want to track everyone. And what I'm saying is that we should fight against making the tracking everyone thing frictionless.

Can you explain when this is the case? You can always vote with your feet and not use x|y|z.com. Not a once have I been forced to used some piece of software in my personal life.

> The latter is how human society has always operated. People behave differently in front of their parents and their friends. They wear different clothes to work and to play. They say things in confidence to people they trust that they wouldn't say to people they don't.

I'm not actually arguing that socially we shouldn't have "Personas" or access to multiple email addresses or whatnot, etc. I'm arguing that personas should be specifically chosen by products on top of a strong cohesive underlying human identity system (by not using some global id as a primary key in the users table or even storing it in the first place, or by allowing a less strict form of authentication). If your message board doesn't need to enforce uniqueness of humans, or enforce that posters use a real name, then it simply doesn't (maybe email is good enough for it). However, if your bank does need to, it has a good way to do so not a shitty one. And as a user I'd rather my account recovery be rooted in a socially robust system even if higher order services don't need to chain their account/user records back to a unique person ID.

> You're really looking for a rate limiter to prevent someone from creating a million accounts. You don't have to merge everyone's pseudonyms into a totalitarian centralized identity system for that. All you need is something that puts a price on account creation. A literal price would work fine. So would a dozen other things.

That's not what I'm looking for but I don't disagree that it's a solution to some of the spam and bot type of problems.

I'm looking for a strong digital identity system not rooted in a digital postal address. Some people are allergic to the idea because of all the ways it could theoretically be abused. I simply don't buy FUD around how an strong identity system could be abused to be reason not to build it. Powerful tools come with great responsibility. I believe there are enough people who care involved that we could develop and wield a better system than "your email is you" responsibly as a society. I actually think that a strong identity system would help us avoid slipping into a totalitarian nightmare where all the tracking happens in the dark behind the veil (essentially what we have today). I want people that need to track you to declare it loud and clear so that I can make informed trust decisions on a service by service basis.

Anyway you really seem to be arguing from a position where you assume this tool will be used unilaterally by everyone for bad. I simply don't buy it. Your fear is noted, and I think we've discussed as much as is productive at this point.

You don't want to give your real name to Facebook, but your friend group uses Facebook to communicate. Herding all the cats into using Signal doesn't work because some of them want to use Discord and some of them want to use IRC and some of them actually want to use Facebook, so you're stuck with the status quo, which is Facebook. You have no choice because the choice was made by the group before you arrived.

You don't want a record of everywhere you go being created and associated with your real name, e.g. because you're a persecuted religious minority or gay and don't want that secret being leaked when you go to services or gay bars. You can't use a car for this because the DMV requires your real name and requires you to display a license plate that gets recorded on ALPR cameras everywhere. If Uber requires your real name to use their app and the local transit authority requires your real name to buy a multipass and nobody else lets you buy transit without giving your name either, there is no "use a competitor" because there is no competitor that doesn't track you.

> I'm not actually arguing that socially we shouldn't have "Personas" or access to multiple email addresses or whatnot, etc. I'm arguing that personas should be specifically chosen by products on top of a strong cohesive underlying human identity system (by not using some global id as a primary key in the users table or even storing it in the first place, or by allowing a less strict form of authentication).

Then if you have two social media accounts meant to be separate, the social media company knows that they're both the same person, and when they get breached, so does everybody else.

> If your message board doesn't need to enforce uniqueness of humans, or enforce that posters use a real name, then it simply doesn't (maybe email is good enough for it).

But maybe it does anyway, even though it doesn't need to, because correlating identities is profitable. And because social networks have a network effect you still have to use that one to communicate with all the people you can't get to switch to one that doesn't.

> However, if your bank does need to, it has a good way to do so not a shitty one.

It's still not clear why they need one at all. You can't get a driver's license in someone else's name because attesting that they're you to the DMV is a crime. You can't get a bank account in someone else's name because attesting that they're you to the bank is a crime. What is being added by requiring the prospective criminal to do the former first and then setting up some system for the DMV to securely assert things to the bank? Just arrest them for giving a false name to the bank in the same way you would arrest them for giving a false name to the DMV.

Or stop requiring banks to demand this. KYC laws are ridiculously ineffective, and it's unreasonable that you can't easily buy things over the internet without giving your name.

> And as a user I'd rather my account recovery be rooted in a socially robust system even if higher order services don't need to chain their account/user records back to a unique person ID.

There are fundamentally two ways to do account recovery.

One is secrets. You have your email password or your secret key in your hardware security token and use it to prove that it's your account.

The other is laws. You assert that it's your account and if it's not then you go to jail. This one inherently has to be done within the jurisdiction because it's premised on seizing the liar and incarcerating them. It doesn't work if you can make the assertion from Somalia and be immune from consequences.

You can voluntarily tie these two together right now. Give the secret account recovery information to any trusted party you like that will only give it back to someone who shows up in person, asserts that they're you, and is subject to prosecution if they're not.

What you're asking for is the ability of corporations to force you to tie them together as the price of admission, even if you don't want to, which they then will any time they have enough market power that you can't avoid doing business with them. I like it better when it's voluntary -- that's not the same as take it or leave it.

> Powerful tools come with great responsibility.

This isn't a tool, it's a law.

> I actually think that a strong identity system would help us avoid slipping into a totalitarian nightmare where all the tracking happens in the dark behind the veil (essentially what we have today). I want people that need to track you to declare it loud and clear so that I can make informed trust decisions on a service by service basis.

But how does it solve that? Suppose you could still refuse to give your name in this new system. Well, you can already do that now and they'll still fingerprint your device etc. What's going to stop them then?

And if your answer is laws prohibiting device fingerprinting etc., wouldn't those laws do that without any centralized identity system? They're independent things.

> Anyway you really seem to be arguing from a position where you assume this tool will be used unilaterally by everyone for bad.

I think there are ways to solve the problems this purports to solve without creating the problems that it creates.