Sent from my iPhone
Begin forwarded message: > From: Phil Windley <wind...@gmail.com> > Date: March 1, 2021 at 11:00:00 AM MST > To: Chuck McCown <ch...@go-mtc.com> > Subject: Re: [AFMUG] FB account deleted > > Hey Chuck, good to hear from you. > > Sovrin doesn’t ever hold your personal data and it’s never written to a > blockchain somewhere. Instead, it’s given to you to hold in a digital wallet > you control. > > The exact mechanism is based on a few specifications including > > Decentralized identifiers: https://www.w3.org/TR/did-core/ > DIDComm messaging: https://identity.foundation/didcomm-messaging/spec/ > Verifiable Credentials: https://www.w3.org/TR/vc-data-model/ > > You get a cryptographically trustworthy credential from a trusted party (like > the DMV) and hold it in your wallet, just like you hold your drivers license > in your physical wallet. You can use it to prove things about yourself to > anyone anytime without anyone but you and party verifying the credential > knowing. Better yet, the proof of your attributes is based Zero Knowledge > Proofs (ZKP) for minimal disclosure. > > Regarding the “what happens when this gets hacked” question: The big idea > here is there’s no big trove of identity data to hack. It’s spread out, > protected by keys you control. So, hacking into one wallet doesn’t get you > into another wallet. So, the payoff is too low to be interesting for more > people. > > These blog posts contain more info (and more links): > > Relationships and Identity: > https://www.windley.com/archives/2020/07/relationships_and_identity.shtml > Authentic Digital Relationships: > https://www.windley.com/archives/2020/08/authentic_digital_relationships.shtml > The Architecture of Identity Systems: > https://www.windley.com/archives/2020/09/the_architecture_of_identity_systems.shtml > > You can try it out here: https://try.connect.me/ > > This is just one digital wallet vendor. I know of at least 5 others. > > Cheers, > > —phil— > >> On Feb 25, 2021, at 2:40 PM, Chuck McCown <ch...@go-mtc.com> wrote: >> >> Phil, >> I have a email list serv that has been running for about 20 years. I >> introduced the concept of soverign ID this morning and have been having a >> difficult time convincing people that it really turns the tables on all the >> content providers. >> >> Would you mind replying to the guy below? I will cross post it to the list. >> This list is my sole “social media” presence... >> >> Thanks, >> Chuck >> >> From: Jan-GAMs >> Sent: Thursday, February 25, 2021 1:53 PM >> To: af@af.afmug.com >> Subject: Re: [AFMUG] FB account deleted >> >> And what happens to your data and ID when sovrin gets hacked? Is sovrin >> going to insure your account and pay you for your loss? Clean-up any >> identity fraud? So far, all I see is a larger hack-target! >> >> On 2/25/21 9:54 AM, Chuck McCown via AF wrote: >>> If widely adopted this https://sovrin.org/ can solve everything. >>> >>> From: Jan-GAMs >>> Sent: Thursday, February 25, 2021 10:25 AM >>> To: af@af.afmug.com >>> Subject: Re: [AFMUG] FB account deleted >>> >>> I don't have anything against 2fa, I just think giving it to a business >>> that is involved with selling your personal data is moronic. They have no >>> excusable reason even knowing your real name, why you giving them info >>> directly traceable to specifically you? >>> >>>> On 2/25/21 6:57 AM, Matt Hoppes wrote: >>>> Why do you guys hate to factor authentication I turn it on everywhere I >>>> can. Is it really that hard to get a text message and enter a six or eight >>>> digit number to know that your account is secure. >>>> >>>> Especially with the ability of most websites to remember the device you’re >>>> logging in from it’s usually a once in a great while thing. >>>> >>>>> On Feb 25, 2021, at 8:45 AM, Steve Jones mailto:thatoneguyst...@gmail.com >>>>> wrote: >>>>> >>>>> >>>>> I do hate 2fa as well, I had an issue with a credit card payment to my >>>>> cell carrier last week, so my service was shut off. So I go to log into >>>>> my credit card portal, guess where the auth text got sent. But the >>>>> cumbersome nature of it did force me to rethink my refusal to put >>>>> alternate forms of payment on file and to actually open credit card >>>>> statements. >>>>> Fyi, percent cashback only pays off of you're cards are set to pay the >>>>> balance automatically and not the default of minimum monthly payment. >>>>> That default should be illegal too >>>>> >>>>> On Thu, Feb 25, 2021, 7:21 AM Mike Hammett <af...@ics-il.net> wrote: >>>>>> I only use 2FA when required. It's a pain in the butt. >>>>>> >>>>>> I do use a password manager with randomly generated passwords. >>>>>> >>>>>> >>>>>> >>>>>> ----- >>>>>> Mike Hammett >>>>>> Intelligent Computing Solutions >>>>>> >>>>>> Midwest Internet Exchange >>>>>> >>>>>> The Brothers WISP >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> From: "Steve Jones" <thatoneguyst...@gmail.com> >>>>>> To: "AnimalFarm Microwave Users Group" <af@af.afmug.com> >>>>>> Sent: Wednesday, February 24, 2021 7:38:11 PM >>>>>> Subject: Re: [AFMUG] FB account deleted >>>>>> >>>>>> This got me thinking. What do you think the public's tolerance would be >>>>>> for full throated protection if it came at the cost of inconvenience, >>>>>> like you have to verify your identity to reset a password, but that also >>>>>> means a malicious actor would have to do the same. If one of the steps >>>>>> required human interaction, like going to a bank, or the dmv (never the >>>>>> dmv) or any authorized identity verification location. Almost every jail >>>>>> and police department in every podunk town has digital fingerprinting >>>>>> now. Most larger towns have businesses whose sole purpose is >>>>>> fingerprinting people. There are tons of ways to verify identity in >>>>>> person on top of the digital mechanisms attached to Nexus. >>>>>> >>>>>> Would the inconvenience force people to become more proactive to avoid >>>>>> the inconvenience, like actually use a legitimate password manager and >>>>>> 2FA? Would they maybe not click every link they see? >>>>>> >>>>>> I think its obvious that adoption, if voluntary would be virtually nil. >>>>>> But what if the big 3 apple, Google and facebook implemented it? Noting >>>>>> that those three also are the verification medium for a large percentage >>>>>> of everything else. >>>>>> >>>>>> It's a matter of time until identity theft is a multitrillion dollar >>>>>> industry, the vast majority is rooted in convenience over security. I >>>>>> can see even republicans backing funding for this type of thing >>>>>> considering the cost is going to be much less than the recovery costs of >>>>>> id theft >>>>>> >>>>>> People will drive 10 miles to get a wifi signal for facebook, it's >>>>>> really not outside the realm of reason for this to be a feasible process. >>>>>> >>>>>> Can this idea be patented? >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Wed, Feb 24, 2021, 1:13 PM Seth Mattinen <se...@rollernet.us> wrote: >>>>>>> On 2/24/21 06:17, Mark - Myakka Technologies wrote: >>>>>>> > Well she got back in with help from my son. Still not sure what the >>>>>>> > deal was. Guess I'll have to start looking at 1Password or >>>>>>> > LastPassword. >>>>>>> >>>>>>> >>>>>>> Facebook actually supports decent 2FA options like TOTP and FIDO (i.e. >>>>>>> yubikey) for 2FA. I'd recommend enabling one of those. >>>>>>> >>>>>>> -- >>>>>>> AF mailing list >>>>>>> AF@af.afmug.com >>>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>>> >>>>>> -- >>>>>> AF mailing list >>>>>> AF@af.afmug.com >>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>>> >>>>>> -- >>>>>> AF mailing list >>>>>> AF@af.afmug.com >>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>> -- >>>>> AF mailing list >>>>> AF@af.afmug.com >>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>> >>> -- >>> AF mailing list >>> AF@af.afmug.com >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >>> >> >> -- >> AF mailing list >> AF@af.afmug.com >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com