This article is a great explainer of the basics underlying anonymous credentials. I look forward to the promised follow-up explaining real-world examples.
The key issue however is trust. The underlying protocols may support zero-knowledge proofs. But as a user I'm unlikely to be able to inspect those underlying protocols. I need to be able to see exactly what information I'm allowing the Issuer to see. Otherwise a "correct" anonymous scheme is indistinguishable from a "bad" scheme whereby the Issue sees both my full ID and details of the Resource I wish to access. Assuming a small set of centralized Issuers, they are in a position of great power if they can see exactly who is trying to access exactly what at all times. That's the question of trust - trust in the Issuer and in the implementation, not the underlying math.
In Switzerland a digital identity like this will launch this summer and the underlying infrastructure and app is open source. And the issuer of the ID and the registry that holds and verifies credentials are separated. The protocol also isn't novel and is already used in other countries (Germany(?)).
in case you don't know this only has limited effect, cause you can open it again in a private browser. besides the search works with the procast setting, and we're not talking external constraints, people, us, me,... lack at this point internal mental defenses against the negative impact of social media.
See, this is the problem with all these mindfulness tools. I, the human, can simply defeat every challenge the computer attempts. And i require the ability to do so in case i have a need that's only satisfied by searching reddit for textbook recommendations while I'm in half price books, or a youtube video to fix my broken zipper pocket before i head to the gym soon. The fact that they time wasting sites are also the "goldmine of knowledge" sites make me include a back door in any time minder tool. A backdoor which is only used when needed... until it slowly becomes muscle memory and the tool is defeated by my capacity to learn to fuck myself over again and again.
Instead you ought to pay someone $15/hr to sit next to you. Anytime you're distracted by a website for more than five minutes, they punch you in the arm.
They also have to know they don't get paid if you manage to convince them to go away and leave you alone for a while.
Someone should to invent an AI powered one that is utterly unpredictable and installs in the boot sector. You're browsing Hacker News one day and suddenly your smoke alarms goes off. You do it the next day and your Echo device starts playing death metal at highest volume. You do it the next day and your car alarm goes off.
It's great that you slip into this mode automatically.
For me, the reframing of "goal" to "quest" helps enormously with this change of mode. A "goal" is something I hope/want to achieve in future - but today I'm busy with day-to-day chores etc. A "quest" however is something you are on. So if I'm on a quest to do X, of course I need to do something toward it every day.
For some reason I have a hard time with "quest" because it seems to have an endpoint. I'm not "on a quest to hike all the mountains." I'm just the kind of person for whom that kind of thing eventually happens because it's normal.
It very well might be my "fear of success" issue though. I don't have a fear of being different than I was before. That slips in under "part of the normal process of growth and change."
But being a person who's on a quest? Who might eventually achieve the thing? That lands differently, and in a way that prevents me from actually doing it.
I think my successes have to slide in under the radar so I don't sabotage them.
This Joel On Software article [0] is a good starting point. Incredibly it's now over 20 years old so that makes me feel ancient! But still relevant today.
The suggestion that the web should just use utf-8 everywhere is largely true today. But we still have to interact with other software that may not use utf-8 for various legacy reasons - the CSV file example in the original article is a good example. Joel's article also mentions the solution discussed in the original article, i.e. use heuristics to deduce the encoding.
Yes, this has happened. See this example from OpenJSF:
"The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics" [0,1].
Not for trains - there's a shared expectation that pedestrians should not access the track.
Similarly, not for a freeway.
Where some feel the balance is wrong, is at local-level streets. Today the assumption in most places is that cars have total right of way, and pedestrians must keep clear. It doesn't have to be that way. In a residential area, it's quite feasible to say all road users have equal right to use the space. And in that circumstance, put the onus on the car user (wielding a heavy, dangerous weapon) to not hit other road users.
> If you’re in a group and talking about something factual
A good rule of thumb for this that a few of my circles use: you can check, but only after 10 minutes have passed. Of course, 95% of the time by then no-one cares, as you say. Occasionally it's still relevant after 10 minutes, and so checking makes sense.
Do you check everyone's card when you split the bill? What makes you think the others are debit rather than credit cards?
For info: the debit & credit cards from my bank look almost identical. The only difference is one says "credit" in small black text. My credit card handles exactly like my debit card in terms of tap-and-pay etc. I just wouldn't use it to take out cash from an ATM, but then I can't remember when I last needed to do that.
The key issue however is trust. The underlying protocols may support zero-knowledge proofs. But as a user I'm unlikely to be able to inspect those underlying protocols. I need to be able to see exactly what information I'm allowing the Issuer to see. Otherwise a "correct" anonymous scheme is indistinguishable from a "bad" scheme whereby the Issue sees both my full ID and details of the Resource I wish to access. Assuming a small set of centralized Issuers, they are in a position of great power if they can see exactly who is trying to access exactly what at all times. That's the question of trust - trust in the Issuer and in the implementation, not the underlying math.