The thing that is telling to me about DMs is that we *have* federated direct message protocols like XMPP which have been around for ages; if Bluesky wanted to they could have tacked that on pretty quickly, E2EE or not.
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
I said we are about halfway through and criminy we're halfway through the afternoon, I need a break to get some tea
We have a few big topics left:
- Decentralized identity, how does it work (magnets too, yes)
- The Org is a Future Adversary
- Christine critiques the fediverse
- Wrap up -
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
And so, it is TEA TIME
Go get yourself a hot beverage. Put honey or agave in it, if you like. Dairy, or perhaps, non-dairy, if you prefer.
=== BREAK TIME! Time for tea! ===
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
Okay, I am back and I am back with tea! I made "black tea with ginger" and I put some whipped honey in it. I also made tea for my spouse
I am drinking out of an oversized mug from @baconandcoconut that says "I'm that person who likes to serve on open source program committees", which is not actually accurate but I do anyway
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
I am also sad about the US House of Representatives being shitty to trans people who work there and are just trying to make it through the day
I used to do data modeling contracting for the US HoR on our legal system, true story, which sends me back to a time when I did a lot of data modeling
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
A lot of data modeling I did in that time was in the W3C Verifiable Credentials group that was working on Verifiable Credentials, zcap-ld (my spec), and, oh hey, Decentralized Identifiers (DIDs, the name is not my fault)
So actually I was pretty excited when I heard that Bluesky was gonna use DIDs!
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
Back in 2017 I wrote a whitepaper: "ActivityPub: from decentralized to distributed social networks" and it also suggested using DIDs https://github.com/WebOfTrustInfo/rwot5-boston/blob/master/final-documents/activitypub-decentralized-distributed.md
I no longer think DIDs are necessary to solve this, but then and now I think *decentralized identity is important*
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
In that sense, I am really glad Bluesky is taking on decentralized identity, as a concept! And DIDs, in a way, are a good signal.
But there are several problems, the first of which is: Bluesky supports two kinds of Decentralized Identifiers and they're both -- you guessed it -- centralized!
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
Before we get there, let's talk about what the DID spec was and what DIDs are. The core DID spec is an *abstract interface* for key management which provides a way of representing keys (and some other metadata) which can be created, retrieved, and updated/rotated.
So far so good...
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
The other requirement you would expect, based on the name, is that Decentralized Identifiers are *actually decentralized*.
When I got involved in DID work, that was actually the expectation of everyone. Then it was loosened. What? Why on earth?!
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
The reason actually stems from the first centralized DID method that Bluesky supports: did:web.
did:web is centralized, and kinda useless. It just works by a regex rewrite of the DID's name to an https URI and then it's retrieved. Anywhere you use did:web, you could have just used an https: URI
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
"Now wait Christine, didn't you say earlier that the web is decentralized and open? So therefore, did:web is decentralized and open"
Yeah but the naming system of the web is CENTRALIZED
We use DNS and ICANN (and then we add another centralization layer with TLS/SSL CAs)!
-
@[email protected] for the record I’m not mad at you!!!!!!
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
Everyone in the DID standards space KNEW that did:web was centralized, so why on earth was a centralized identifier permitted for something named "Decentralized Identifiers"?
The answer is easy. did:web is easy to implement, many DID methods were not.
did:web existed for test suites.
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
I was kind of exiting that particular area of standards when this happened but colleagues will tell you that I, and some others, were deeply upset and troubled by this
"Sure having a nearly no-op DID to pass the test suite is helpful but it shouldn't be labeled as a DID, people will get confused!"
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
Confusion, on its own, is one thing. But the problem is when confusion turns into decentralization-washing.
"This is going to turn into decentralization-washing!"
"It's just to pass the test suite!"
[... time passes ...]
"Actually we like did:web now, it's a DID method everyone can implement!"
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
And of course once the door was open to did:web, the door was open to everything! Decentralization is now no longer a requirement for DIDs. You can make a centralized DID method and call it a "Decentralized Identifier" and you're right because it implements a spec named "Decentralized identifiers"
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
But it's ONLY EXPERTS IN DIDs WHO UNDERSTOOD THIS
Most users hear "Decentralized Identifiers" and they think they know what's being delivered, the distinction between the *spec* being called that and the *mechanism used* being centralized... you have to go digging to find that out
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
So did:web is not only useless, it misleads people about the problem domain entirely, but hey it's now the most broadly deployed DID method in the world, congrats everyone!
Speaking of centralized Decentralized Identifiers, did I mention that did:plc is centralized?
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
For that matter, where did the term did:plc come from? Early versions of "did:plc" documentation called it the "Placeholder" DID method, that's what it stands for, to motivate changing it later
Well the docs no longer say that, it now says "Public Ledger of Credentials"
Good backronymn, but...
-
Christine Lemmer-Webberreplied to Christine Lemmer-Webber last edited by
did:plc is centralized, and that bothers me because once again, users think something is more decentralized than it is, because they're being *told* it's decentralized
The particular way in which did:plc is centralized doesn't bug me too much but once again, few users have read into this