Comment by endisneigh
4 years ago
So what happens when you get phished with Web3? If the value of all crypto goes down 10% YoY why would you use it?
The author makes a bunch of silly assumptions:
> We need some way of saying “who we are” on the internet in a consistent manner. That way we can communicate with others in a verified way and associate with digital data that we own. We also often need that data to be interoperable between different web properties.
No, this is not true. That's why most people on this site are not logging in through Google. Sites will store their own data, and if you trust them to store that data there’s really no reason to just trust them to store a link to your identity.
The author advocates third parties like Metamask and using a Chrome extension, which is ridiculous. If you're going to trust that, why not trust Microsoft, or Amazon, or Google?
> With social recovery, instead of having to trust Google, you can choose who you trust, and instead trust a given set of friends, family, and services
Yes, because Google is not a service.
Ultimately the author makes up a problem and says blockchain is the solution.
Even if we suppose it's a solution there's no discussion around phishing, stolen identities, or any failure mode really. Of course there isn't though - in general recourse requires an authority. Blockchain has none.
> No, this is not true. That's why most people on this site are not logging in through Google. Sites will store their own data, and if you trust them to store that data there’s really no reason to just trust them to store a link to your identity.
You're missing the point. Yes, we don't need oAuth to log into HN. But HN is a site that is over 15 years old, and reflects the technology of its time. Instead, look at the companies YC funds and ask yourself how many of them DON'T have oAuth/SSO of some kind. Reddit is roughly HN's age, and you can see that with the introduction of VC money and profit goals, they've shifted towards discouraging anonymous logins. My 10-year old Reddit account doesn't even have an email associated with it; I doubt that's allowed now.
The old web made by hobbyists having fun and not trying to sell anything is long gone. Even sites like HN are disappearing, and everything IS being monetized, whether we like it or not.
I don't understand your point.
Even if HN used oAuth - even if they required oAuth - ultimately oAuth, oAuth as implemented on most sites is just a thin layer over email so you don't have to make another account.
The problem doesn't require blockchain as a solution. What would the website administrator gain from accepting a blockchain login? People would create accounts but you have no way of contacting them since you have no email. Clearly the kinds of sites you're describing wouldn't accept that.
OK so you associate an email with your blockchain login - so now it's the same as the status quo. What's the point?
> Reddit is roughly HN's age, and you can see that with the introduction of VC money and profit goals, they've shifted towards discouraging anonymous logins.
And what, you think they'll be okay with anonymous users if those users log in with web3?
If they log in with a crypto wallet, that massively reduces the friction of making payments, which is all that investors want.
Reddit wants users to be somewhat identifiable in order to play to advertisers. However if people start buying and selling goods on Reddit itself (e.g. subscriptions to private subreddits), the company wouldn't have to rely as heavily on advertising.
> I doubt that's allowed now.
It is. You have to hit next when prompted to enter an email address when registering (the input is not required)
Actually, I wish all of the internet had the simplicity and no-bullshit approach to information consumption that HN offers. RSS, simple login, text based - it's ideal.
Identities on Microsoft, Amazon, and Google are not portable. They can permanently ban you and you lose access to every single service you used them to authenticate to.
Private keys are portable between wallets.
What you’re saying is also true with web3. A bad actor’s key could be banned and a list of bad actors could be shared among sites resulting in the same thing.
In fact, if you believe in privacy at all you’d want to reject this idea for that alone.
Sure, multiple independent sites could individually ban you. That's a fundamentally different problem, and much much less likely.
An antidote to that would be using a different key on each site you authenticate to. You still only need to store a single key, all other keys are derived from that yet cannot be associated with their sibling keys.
> What you’re saying is also trust with web3.
Not quite sure what you mean here, web3 is a pretty overloaded term. If you mean the very concept of web3..that's pretty fundamentally different from trusting a company that can unilaterally ban you, alter your data etc. There is no such parallel in web3. If you mean the JS library, that's also fundamentally different, and it's not the only game in town.
16 replies →
I lost access to my Google account because I was away too long, and therefore all the accounts it was tied to.
Which is a problem 99.999999999% of people will never experience in their lifetime.
And even if it is a problem you can always reach out to the website and get them involved in moving your account to a different provider.