Currently, a domain can only be a brand and cannot be a true identity. There are methods to get free domain names [1], domain names without identity validation [2], etc. So, a domain is nothing but a method of verifying internet presence.
The reason I say I think domains make a great identity is that I don't think it's important for identities to be verified. I even think there's room for 100% anonymous blockchain domains.
The value is in the way the domain owner participates online and what kind of reputation they build. There are many old-school communities where I recognize the handles of extremely knowledgeable, friendly, helpful people and I have no idea what their real names are.
Imagine if the well earned reputations of high quality participants were transferable across online communities by using a domain as global handle.
A domain can expire and be used by a different party. A different person can maintain a website. There are many ways a domain's admin can change. Domains are not guaranteed to be unique even if they are in some cases considered anonymous.
An idea to help with this would be a new resource record type, with an opaque value that changes only when the domain changes hands (yes, it is up to the registrar to decide when to change the value).
The resource records would live underneath registry.arpa, which has delegations that correspond to delegations at the DNS root; so to find out if example.com has changed, you can query:
$ delv example.com.registry.arpa OWNER
example.com.registry.arpa. 3660 IN OWNER "MEpnFkIk4sKW_oLPEl-R7WxFSAnWvgZnLYmRtn-3BkY"
You could put other stuff in there too, such as the start-date of the current registration... this is starting to sound like whois but structured and machine readable. Why on earth did that never take off!
An interesting related thing is the approach adopted by iSCSI, which constructs iSCSI Qualified Name (IQN)s by qualifying the domain name with the dates of registration.
So iqn.2003-05.com.example is a different identity to iqn.2021-01.com.example.
1. Domains are guaranteed to be unique. We have global registrars and global DNS, its not possible to have duplicate domains..
2. Don't utilize a domain that is shared by lots of people. There is also lots of DNS tricks (TXT records) to "pin" a user to a domain or whatever. If the domain is shared (for example a company website), you just add a TXT record denoting what private key is allowed to do things. Heck you could setup fine grained permissions per key via txt records.
2. Yes they can expire and that situation is detectable. How is this any different than twitter or another service allowing re-use of a deleted username?
Of course domain names are unique... As long as BGP routes aren't poisoned or a million other issues. However, the issue mentioned in this thread isn't whether company ABC has abc.com but that 10 people at ABC can administer abc.com.
Twitter allowing reuse of deleted usernames is completely different than an existing domain that is used as a identity credential to represent different people over time.
This thread is not about whether domains can represent properties on the Internet but whether domains are valid for identification purposes of people as login credentials. They aren't valid, because a domain doesn't uniquely represent a person.
I think we should make some new TLDs that come with some validation guarantees. Ie john-doe.nation.citizen is always a person who has an Id with the same “John Doe” issued by some government. The registrar is responsible for validating that. Once issues the domain is never revoked- it’s yours forever, even after death. Maybe you subscribe to something for extra features, but the core identity can’t be recycled.
People don’t always want really strong ID like that though. So make other TLDs for other categories and give them different validation rules. Like .human could have some kind of biometric ID but no name. .blob could be a free for all, whatever.
But who are those for? I mean, I get what you're saying I just don't think it solves the issue. Sure,I could sign up for JoeRogan.biz and start posting using that handle, but I would also have to pay to hide the whois information.
All government agencies would have a verified .gov domain.
States have access to .gov domains
hell, My local town has a .gov domain.
States have access to domains like ca.us, schools in states have access to k12.ca.us domains.
I guess States could offer domains like, person.county.town.state.us but what a mouthful. Or maybe person.citizen.state.us but doesn't seem ideal either.
I guess you could have a verified TLD so you can have individual domains like johndoe.verified... but it takes away from the domain being linked back to my website. Sure I could set up a redirect but boy that's starting to get complicated.
I think domains are a fine barrier for entry for vanity handles. Current domain registers could offer their own verification services where they can include the verification in the whois information.
If Joerogan.biz doesn't come back with some kind of verification string inside then it's not Joe's domain. That string could be a pubkey and services could allow for either encrypted posting or including an encrypted string that verifys against the domains whois information.
Or that pubkey could be stored as a txt record in the domain.
You do realize that most names are far from unique, right? So what if someone can show that they own john-doe.nation.citizen - you still have no idea if that's the right John Doe. Wanting this identy to persist after death only means there will be even more collisions.
Why would you want your real identity tied to online persona? That doesn’t make a ton of sense.
That kind of thing is sometimes suggested as a solution to reduce online disagreements, but in fact just escalate spitballings to murders and gang wars. Not great, in my opinion.
There are no free domains without a catch. Your example happens to be "free domain, when you pay us money", which is stretching the definition of free.
I do not understand this. They say repeatedly “free” on the first link you posted but all the links I checked required payment up front and an increased fee for renewal. I’m not certain by what definition that counts as “free”. Maybe it’s free for them after the ad redirect they tried to hide between the registrar link?
Domain registration happens through an established registrar who collects fees. There are no free-as-in-beer top level domains that I’m aware of.
I would love to be wrong, because I own more than a couple domains myself.
You need to be careful, because they are enticing with free and then trying to charge. Free subdomains are easier to obtain, but there are some domains in "off-TLDs" that can be obtained. The list of those changes over time.
Honestly, though, I wouldn't use those for an actual business. The conversation was about how to subvert using domains as identification.
> USD $10 per year might sound like a lot, but how about USD $1 per top-level domain for the first year?! If you manage to gain any sort of traffic in that year, the domain will practically pay for itself!
> Since mid-January 2023, all Freenom-based domains (.tk, .ml, .ga, .cf, .gq) are down and not available
> .free launch dates will be forthcoming.
That’s one weird website with possibly some free subdomains.
Well, that's to some degree affected by the contents of this other article that came on the home page of HN the very next day. [1]
That article describes Facebook having brought suit against freenom for giving out free domains, because they were primarily used by criminals. There will be another free domain provider. There always is. But, this also makes the point that the number and impact of these free domains is huge. Spammers use them to spam, and this is one reason why domains should not be considered to have any gravitas as an auth mechanism for identity.
From that article:
Freenom is the domain name registry service provider for
five so-called “country code top level domains”
(ccTLDs), including .cf for the Central African
Republic; .ga for Gabon; .gq for Equatorial Guinea;
.ml for Mali; and .tk for Tokelau.
Freenom has always waived the registration fees for
domains in these country-code domains, presumably as a
way to encourage users to pay for related services, such
as registering a .com or .net domain, for which Freenom
does charge a fee.
On March 3, 2023, social media giant Meta sued Freenom
in a Northern California court, alleging cybersquatting
violations and trademark infringement. The lawsuit also
seeks information about the identities of 20 different
“John Does” — Freenom customers that Meta says have been
particularly active in phishing attacks against
Facebook, Instagram, and WhatsApp users.
and
“The five ccTLDs to which Freenom provides its services
are the TLDs of choice for cybercriminals because
Freenom provides free domain name registration services
and shields its customers’ identity, even after being
presented with evidence that the domain names are being
used for illegal purposes,” the complaint charges. “Even
after receiving notices of infringement or phishing by
its customers, Freenom continues to license new
infringing domain names to those same customers.”
This discussion is about whether domain names can serve as identity not about me proving I can create a domain on the Internet.
However, here is a free subdomain I've done for you. I created http://hnretroid.mooo.com/, added an A record, and pointed it at 209.216.230.240, which is news.ycombinator.com.
You can also look at the article that appeared on the home page here at HN the very next day after this discussion you and I had. The article talks about Facebook suing one of these registrars for giving out free domain names to criminals, even after being shown that their customers were performing criminal activities with the domains. [1]
There will be another free domain service. There always has and always will be, unfortunately. There always will be something to fill that void. In the same way that legitimate actors write legitimate apps, criminals have their own ecosystems on which they rely for their income.
Of course not. You are confusing a domain as it normally used with the context of this conversation, where I pointed out that domains are insufficient, because they cannot be used as personal identification.
no, what does it take and mean to identify someone. In general and on the internet. How do you build trust? A domain is no worse than trusting any arbitrary billion dollar enterprise.
No. It's both different and worse, because you are trusting more parties for auth as well as degrading the trustworthiness in the actual integrity of the credential management by spreading it across the entire network stack in addition to trusting the same billion $ enterprise, anyway.
[1] https://www.hostinger.com/free-domain one example
[2] Any regular domain purchased from a registrar. You simply pay and get the domain with no further identity validation required.