Decentralized Identities Are Not A Valid Reputation System For Blockchain Economies

First off, what the fuck is decentralized identities? I truly hope I've never written an article where I brought these two words together.

The word decentralization gets tossed around way too much since the inception of bitcoin(crypto), and I totally get it. It is a default understanding that things based on these blockchains are "decentralized" but there are several ways to prove that this isn't true.

Let's take for example the voting mechanisms on Hive, surely we want to make the claim that content curation takes a decentralized form, but this isn't true because a post can get 1 vote, and earn rewards, it didn't need other accounts to agree on its value before receiving the rewards, did it?

So what's decentralized about that? It just simply isn't decentralized, sure there's the possibility of a disagreement on rewards moving forward but it doesn't change the fact that to vote/reward and downvote/take away rewards doesn't need a "consensus" from withnesses to happen.

Surely you'd want to say that a witness has to verify the transaction on-chain for it to be recorded, yeah, that is true, but the witness isn't doing this by examining the value of the content, the witness is just "confirming" that a specific public key and its respective private key made a "certain" type of transaction, the blockchain doesn't care about the value of the content in any sense, thus, the curation practice is widely centralized!

Is that a problem? It can be if the token supply was centralized, to the best of knowledge, this isn't true to Hive, so a network-side attack isn't quite practical at this point..

Using this example, we understand that centralized systems can exist on layer 1 blockchains and that's totally cool, the most important thing will always be to ensure that the base layer protocol is decentralized.

Decentralized Identities Are Not A Valid Reputation System

If you head on to Ethereum, you'll see a lot of so called decentralized identities theories and apps and while I get the concept or need for a "Web3" ID technology, the idea of thinking like the traditional establishment is just off and so not what this ecosystem should be about.

These concepts of decentralized identities still rely on a "real world" layer of verification and this doesn't exactly help matters or make it different in any form from traditional ID systems. In fact, it makes it worse.

The blockchain is a distributed ledger technology, most crypto blockchains are not just distributed but also public, meaning that all data is in the open and verifiable by just anybody, so does this sound like something we should have personal info stored upon or even tied to?

Ethereum does a good job defining the use of JSON files to store attestations off-chain on distributed cloud storages like IPFS. The word used was "decentralized" cloud storages but I find IPFS to just be a distributed storage platform.

That said, the hash of this JSON is stored on-chain and linked to a decentralized identifier(DID) via an on-chain registry.

In summary, the concept is simple: using the public key infrastructure(PKI), an institution can issue any certificate for example to an individual by simply generating the digital attestation and sending it to the individual by signing the transaction on-chain with its private key.

The said individual can now leverage this on-chain attestation via a mobile wallet to apply for jobs and do whatever the fuck else requires this certificate as a pass.

The problem?

Blockchain accounts are fragile, one mess up and your account is compromised. Consider an event where a bad actor takes control of a crucial account and uses these attestations to ease his way through executing one bad act or the other, I mean, all actions at this point are verifiable right? Who would know? Such design simply puts so much at risk because gaining access to accounts with all these on-chain IDs or certificates just gives more personal information and gate passes to indulge in one bad act or the other.

So we both agree at this point that decentralized identities in the defined form have more downsides than good, no?

So to conclude, nothing about this process of attaining attestations is decentralized, not even the storage of this data is decentralized, the blockchain simply doesn't care, just as layer 2 blockchains can sing their songs of "using the layer 1 for transaction finality" as a form of decentralization and security but I know it's simply not a needed action and the layer 1 in mentioned frankly doesn't know what it is signing(finalizing in their words) nor agree to it's validity, it's just another Ethereum transaction(for example) that validators need to add to the chain.