How is that meaningfully different? Technically, yes, Google could give your account to someone else but that would have significant business impacts unless it was done following a court order or something similar, which would also apply to a blockchain key.
Similarly, unless the plan is to tell people that one mistake or hardware failure means they irrecoverably lose their identity, the same process which allows replacing an old key with a new one can be used to replace you.
Finally, there appears to be either no benefit or a big privacy impact mapping keys to profiles on sites. If I go to a website and see “J. Random User” I have to trust that the owner of that site verified their identity against the expected source; if I see something like a signature against a particular key, there's a privacy issue from making it so easy to link you across sites and other activity (yes, people can use ), and if you don't trust the site operator you still have the problem of them showing a different ID when they're doing something dodgy.
Because it's something which is exceedingly rare, and it's more often desirable than not — for example, if your business partner breaks their agreement with you, you probably want a way to have a court enforced turnover rather than just having to write it off forever.
The larger point here is that there's no benefit to the user if the experience is replacing “Login with Google” with “Login with <large exchange>”, which is what it would be for the vast majority of users. If it's saying “Login with your private key”, it would be important to think about why OpenID/Persona didn't catch on or the already-supported x509 key support which has been available for decades.
>it would be important to think about why OpenID/Persona didn't catch on or the already-supported x509 key
Why did SIM chips take off? Why did credit cards with smart chips take off? These both embed private keys. Even desktop computers are now embedding private keys in their motherboards.
The private key there is only an implementation detail, though. The reason people don't care about it is because in the case of a SIM card you can get a replacement SIM while keeping the same phone number (which is what people really care about), and in the case of a credit card where a premature replacement might involve a change of credit card number
- for one-off payments it doesn't matter anyway, you just start using the new card and that's it
- and for recurring payments all businesses already need to allow for updating your credit card details because credit cards regularly expire anyway, so having to possibly manually update all your recurring payments might be a bit tedious and annoying, but it's certainly no impossible, out-of-the-ordinary task
> Clearly, something is missing from your analysis.
And yet you are unable to say what or offer relevant examples. Do you login in to websites using the key on your phone's SIM or your credit card? Both of those are amusing because they're bot not only irrelevant to the scenario in question but also something people use because that's what they were given, not something they sought out.
Okay, so what does that mean for the normal person? They're going from trusting Google to trusting another company which costs more, or holding their key themselves with the knowledge that they'll be locked out of all of their accounts if they lose it or are compromised. I understand that you have a financial benefit if they sign up but what part of that says “here's a benefit to you which is worth paying $$$ for!” to a normal person?
You're mixing multiple issues up. Passwords and private keys are exactly equivalent in the possibilities of loss or compromise (and recovery). So we're not touching any of that here.
> what part of that says “here's a benefit to you which is worth paying $$$ for!” to a normal person?
You get to keep your contacts even if you get booted off the platform (or your contacts do).
Court orders and regulations and etc. are the manifestations of government, and the mechanism by which humanity establishes social order. We... don't want to avoid court orders. We don't want to skirt regulations. These things exist for reasons.
Sure, and if we're coming up with hypotheticals, here are some which are far more likely:
* A blockchain could increase the fees for service. Wait, that happens on a daily basis and you have no control over it.
* A blockchain user could fall for an attack. Unlike the Google scenario, there's no way to regain control of your account – time to setup a new one and convince everyone you work with to update.
* The site you're actually trying to use could switch to a different blockchain (which is more likely than only offering login with Google or that being canceled).
* The site you're using could check a list of addresses and ban yours because it's suspected to be associated with fraud
This is why I suggested taking off your salesguy hat and thinking about what this is like for normal people. Switching to a system which has mandatory upfront inconvenience and expense needs to have a big win to be worth it for people. If it's all “you'll find something to do with it later” you'll get adoption like GPG did.
In this case, I think the key thing to consider is why people use Gmail. It's not like you can't run your own email server, but most people don't want to be responsible for something that important.
Blockchain "service" isn't needed. It's authentication by private key.
A blockchain can be used to tie additional information to the public key.
> The site you're actually trying to use could switch to a different blockchain (which is more likely than only offering login with Google or that being canceled).
I hope they don't use any blockchain at all.
> Unlike the Google scenario, there's no way to regain control of your account
Recovery mechanisms for private key based identities have been designed and implemented.
> Recovery mechanisms for private key based identities have been designed and implemented.
That is not how blockchain works. Once someone has your private key they can make any transactions that they want, you cannot undo those changes once they are on the blockchain.
I want the identity provider to be able to cancel accounts. If they cannot cancel accounts what happens when a scammer creates an account that looks exactly like my company?
