@maxdeviant sounds good until you realize the internet only works due to large centralized routing infrastructure :/

@cancel Good point. As with everything, there are tradeoffs with centralization and decentralization.

Personally, I like using things like Gmail because of the convenience factor. But when I hear stories of people getting banned from Gmail for no reason it makes me realize how boned I'd be if the same were to happen to me.

In this case there's a fairly simple fix of using Gmail with a custom domain, so you can transfer your email address should that happen, but it's not always so easy.

@cancel Even with the various decentralized services that are popping up (Mastodon, Matrix, etc.), there is still usually a centralized hosted version that people use.

Do I want to have to run and maintain all my own instances for these services? Not particularly. I'm sure it's the same for many people.

It is nice to have the option, though.

Follow

@maxdeviant Yeah, those are all partially centralized. Fully decentralized is usually so inefficient it ends up becoming a sticking point (see: bitcoin)

But I like the model of "friends are all on a server somewhere, and servers can communicate in some way if they want". No one company or government or whatever is in control, but it's not massively inefficient, either.

· · Web · 1 · 1 · 1

@cancel I wonder if this would work well for things like identity management?

So rather than "Sign in with Google" you run an identity instance for yourself, your family, your company, etc. Could leverage things like OAuth 2.0 in order to integrate easily with various services.

I'm sure something like this has to exist already, but I'm not privy to it.

@maxdeviant OAuth and "easy" are not usually words I put together without an odd number of negations between them.

@cancel I more meant from the standpoint of many services already supporting OAuth.

OAuth is far from easy (especially if you want to get it right).

@maxdeviant if we're aiming for a major change to stuff, I'd rather change it so that there are fewer things and that I don't have to sign in.

@cancel Could you expand on how not signing in would work?

It seems to me that it would rely on using non-shared services, having a strong trust network (e.g., I could use "cancel" as my handle to impersonate you, but why would I?), or creating services in such a way that authentication is not necessary (a commons?).

@maxdeviant @cancel That was the dream of OpenID but nobody used it and then Google and Facebook et, al came and ate the "Sign in easy" space. A lot of sites implement it and you can run your own ID server but it's either hidden in the "More" options or just not exposed to the end user at all.

@drisc @maxdeviant I actually don't care about it, really. I use a password manager. I don't want a bunch of my pseudo-accounts linked together by other accounts.

Theoretical example: ML spam detection on YouTube thinks I'm a bot then bans my YouTube account, which causes my Google account to be banned (yes this is really what happens) then I can't access 90% of my shit because of OAuth/ OpenID/whatever

@cancel @maxdeviant OpenID is separate from all other services, if your Google account got banned you could still log into other stuff connected to OpenID but anything using the Google OAuth token would obviously be borked. That said I also use a password manager so I just use the sites builtin account system same as you.

@drisc @cancel I also try to use a password manager and separated accounts, where possible.

This doesn't work for some sites that decided to only use external identity providers (Google, Facebook) in lieu of rolling their own. I can't say I blame sites that go this route, as auth is very hard to get right.

I still currently have a SPOF in that most of these services are still tied back to a Gmail address.

@maxdeviant @drisc I don't use any stuff like that. Whenever I see one that only has a "Sign in with..." page, I just leave.

@maxdeviant @drisc I admit it's a lot easier when you tell the world to go fuck itself and work for yourself

@maxdeviant @drisc But not everyone can do that! And the people who sometimes can (like me, right now) might not be able to do it always or forever. So I'm not mad at people who have to deal with bad crap.

@maxdeviant @drisc And "the world" is a pretty limited definition, in this case. I'm still relying on many, many layers of government and infrastructure to not die of dehydration, starve to death, die from disease (hmm wait), have access to shelter and utilities, fiat currency, etc.

@maxdeviant @drisc So, "the world" in my previous statement is more like... management, I guess? :P

@maxdeviant @drisc Though I've worked with many good managers. I guess the thing that I don't like the most (and which appears surprisingly often) is some configuration that leads to indirect management causing huge problems for other workers and no way to fix it from the position of the person actually producing the value.

To bring it back to our example, being forced to use some crappy software that the managers themselves don't use.

@cancel @maxdeviant Same, I also have my email hosted at an external company (migadu.com in this case). It's important enough to me that I pay for it.

Sign in to participate in the conversation
Merveilles

Merveilles is a community project aimed at the establishment of new ways of speaking, seeing and organizing information — A culture that seeks augmentation through the arts of engineering and design. A warm welcome to any like-minded people who feel these ideals resonate with them.