It’s clear to me that human-meaningful is the one to drop.
Status messenger has a nice naming solution. They give everyone a three-random-word name when they join (an Ethereum pub key is under that of course). Then (1) your friends can assign to you their own nickname for you, or (2) you can buy an ENS name that is globally findable.
I think of this basically like car license plates. You can optionally get a vanity plate.
Another project that I love is BrightID. It really embodies the idea that we don’t actually need a global registry of names for most use cases. Most of the time we just want to know if someone is legit or not. A web of independent Rolodexes is enough to determine that.
Sometimes human-meaningful is the point. You would have us use IP addresses instead of domain names?
More precisely, the semantic buck has to stop somewhere. Let's say I want to visit the offical website of the Smithsonian museum. There needs to be a system I can type "smithsonian" into and reliably find the right page.
Surprisingly fine compared to what? I probably only remember my own phone number at this point, people around me maybe 2-3 numbers that they most commonly use. Imagine having to remember everyone's number in order to write to them on whatsapp, I'd forget about 99% of my friends then.
Compared to the number of names I can remember, numbers basically enter and exit my brain while people names and domain names can stay in my head what feels like forever.
Get a desk phone and dial numbers by hand rather than just tapping the name on your cell. In a few weeks you’ll have your most common numbers memorized.
Hah, I deleted a whole extra paragraph of reply about how it "used to be phone books", and before that it was the operator at the local telephone exchange. How exactly would you go about telephoning the Smithsonian, then? You'd remember the number? Or you'd use some centralized facility?
No one remembers domain names either for a number of reasons: people use Google (aka, the telephone operator). If tomorrow all hostname were replaced by IP addresses, most people wouldn't even notice.
But... that's the point. Now Google is the operator. You still need the service somewhere in the chain! You can never obsolete the need to map the word "smithsonian" to some number or address - you can only move it around.
> There needs to be a system I can type "smithsonian" into and reliably find the right page.
You should look into what Iris is doing with web of trust[1]. To me, this is the future. But like I said, Status has a good mix of multiple solutions that includes ENS names.
Dropping the "human-meaningful" part fixes the problems with the technology, but it exacerbates the problems with the human behind the keyboard.
A trusted source of accurate information is a prerequisite for entering someone's information into a rolodex. This even a problem with actual rolodexes.
i.e.:
* if data is missing, where do you get it?
* how do you know that data is currently valid?
* can you trust the person giving you the data?
The human-meaningful names help users make important decisions on how they interact with their technology.
> A trusted source of accurate information is a prerequisite for entering someone's information into a rolodex. This even a problem with actual rolodexes.
How do you get someone’s phone number today? You just ask them. I don’t see a problem with this.
If you’re interested in a more clever way to handle public names mapped to keys though, you should look at Iris[1]. Users are verified by web of trust. And information stays up to date because you’re actually connected with them in the web.
> How do you get someone’s phone number today? You just ask them.
There's a lot of subtle assumptions in this. When you ask for someone's phone number, you are already communicating with them in another manner. Much of the trust in this is derived from that other communication channel.
For example, when I walk into a building that says "H&R Block" on the side of it, I know that the time and money spent into establishing a business with a legitimate appearance, is a significant barrier to say, a scammer. I can be somewhat assured that the person inside, if asked, will give me a phone number of someone who is actually capable of doing my taxes.
A situation where trust cannot be assumed is more like a phone number written on the wall of a bathroom stall at a rest stop: "call 555-5555, I'll do your taxes".
I shared Iris in my last comment but perhaps this would have been better to share to explain the idea.
I think what you’re looking for is the solution to indexes. You’re right that indexes are really the big issue here. We were talking about two different use cases but I get you now.
Of course, something ENS domains is another solution (per my original comment up the chain). But that also is price prohibitive and sort of annoying in its own way. The cost upholds current power structures, but many don’t have an issue with that.
BrightID is... interesting. The idea is to ensure that each physical human has at most one Bright ID account by using social verification, right? I can't figure out from a quick skim of https://brightid.gitbook.io/brightid/getting-started how they prevent you from getting multiple accounts by getting verified through two or more disjoint social groups.
> I can't figure out how they prevent you from getting multiple accounts
I'm not sure about that, to be honest. One thing to keep in mind though is the importance of validating identities in person. I think you get higher trust by scanning each other IRL.
So a whole network of anonymous avatars could "connect", but it would be rare for them to scan each others' devices in person. I would imagine that most people would simply lack the energy to go through the whole process with two different devices. So on-the-whole, the anonymous avatar style network would be less trustworthy algorithmically.
Yeah it's not a particularly groundbreaking concept. It has existed for as long as people have kept personal address books.
Another implementation is in Secure-Scuttlebutt. But those "petnames" are actually gossiped around by default (which I would argue is not very intuitive for people).
Thanks for sharing, it's really interesting. From what i understand different communities using nicknames could still use this system, though some applications may require that different communities recognize you as the same entity.
> (1) your friends can assign to you their own nickname for you, or (2) you can buy an ENS name that is globally findable.
Yes petnames is a common pattern with crypto-secure naming systems. Tor has been thinking about it for a while, and the GNU Name System (GNS) has basically implemented what you described over a "simple" (compared to Ethereum) DHT, so no need for $$$$. On top of that, GNS should be backwards-compatible with DNS (which it intends to replace), and opens doors to cool stuff like Reclaim:ID which is a decentralized identity/authorization provider. Feel free to checkout GNS presentation from ICANN if that's appealing to you.
I’d love to use GNUnet and those projects. I’ve just not found anything that is usable for normal people yet. Fingers crossed that it comes to fruition at some point! (Or if there is a working app please share it with me)
In the meantime, you may be interested in Iris for a proof of concept that very much works today (though not greatly yet).
> Several platforms implement refutations of Zooko's conjecture, including: Twister (which use the later Aaron Swartz system with a bitcoin-like system), Blockstack (separate blockchain), Namecoin (separate blockchain),Monero OpenAlias[5] and Ethereum Name Service.
How would git not be a clear refutation of this conjecture?
Sure, commit hashes are very high entropy identifiers, but we can still derive a lot of meaning from what they implicitly represent. Git is also a decentralized protocol. Perhaps the "authority" in these cases is whoever happens to be approving & merging a pull request? Has anyone reversed a SHA256 hash on a reliable basis yet? Does this count as secure & distributed?
Perhaps my argument here is that high entropy and human meaning are not at odds with each other. This seems like a very subjective point on the triangle.
That generates an email, which you then have to send via MX records in the domain name system. Which pushes the "human-meaningful" part of the Zooko triangle onto another system. Now we're not having a conversation about git, but a conversation about DNS and email authentication (which has traded off decentralized).
There are a few blockchain based solutions to this problem.
- Handshake
- ENS
- Namecoin
My favorite so far is Handshake - a fork of the bitcoin protocol with added support for covenants, which is how arbitrary names can be registered and associated with some 512 bytes of data. Example: https://hnsnetwork.com/names/proofofconcept which shows TXT and other records. ENS was previously my favorite, but the root protocol is secured by only a 7 person multisig. Namecoin is old and poorly designed in my opinion.
It was via Handshake that I came across this concept (though I heard it as "Zooko's Trilemma") a few months ago! Handshake indeed looks pretty cool and interesting. I bought-in enough to register both my real name (firstnamelastname) and commonest online handle, but I haven't found time to actually do anything with them. I should make a personal web site. I should do a lot of things.
> One of the earliest uses of the trilemma formulation is that of the Greek philosopher Epicurus, rejecting the idea of an omnipotent and omnibenevolent god (as summarised by David Hume).
One can observe that the first is a special case of the second, through the transformation of negation ("choose which two of your arm, your leg or your other arm to keep"). We can unify both under this system.
Right. The normal way we see it written here, like with the CAP theorem, would be:
CA~P + C~AP + ~CAP
The way it's normally phrased would be: choose 2 of the 3 that you want, the other will be absent from your system. The alternate phrasing would be: choose 1 of the 3 that you can sacrifice, the others will be present in your system. But both phrasings describe the same logical expression written above.
For the right arm, left arm, leg example it's similar. You're being asked which one you would sacrifice so it could be written as:
RA LA ~L + RA ~LA L + ~RA LA L
Offering two phrasings: which do you want to keep or which will you give up?
> A vanity address is only human-meaningful up to a certain point in the string. Not really memorizable.
This is also the reason why they're discouraged from a security perspective.
You burn a given amount of CPU time to get CyberdyneSystemsZfzah3uf, then someone else burns the same amount of CPU time to get CyberdyneSystemsZy6jhaef, then humans don't notice that they're not the same thing even though you're relying on that for security.
What matters in practice is mostly by whether people memorize it. People choose to memorize Pi and the list of dictionary headwords (to play Scrabble, you don't need to speak or even read the language, just know all the valid words)
Once upon a time people would memorize telephone numbers of friends and people they call often, not so much now.
During the pandemic my gaming group uses Google Meet, some things use Zoom, we began having Friday evenings in Jitsi and we moved them to Gather Town.
Zoom is the only one that is resolutely impractical to memorize, every Zoom meeting gets a random huge ID and password, so you need to pass around lengthy nonsense URLs for each meeting and even then you might also need to share the password. This is done in the name of "security" although it isn't actually more secure than...
Jitsi takes arbitrary long strings to distinguish one conference from another, defaulting to generating word salad. So you tell everybody you're in "CloudsEffortlesslyChaseMushrooms" and joining creates it. If you want to name one "SecretHackerNewsRoom" you can, but I think somebody might guess that name.
Google Meet uses shorter, random IDs. You can't mint your own, and by contrast to word salad they're tricky to remember, but you can re-use them, and after a while your mind remembers ZWC-KLWL-CBMB or whatever because it's the same every week. Also your browser will auto-complete it, if you have that turned on.
Gather Town allows you to build and name custom places. Since you're customising them anyway, you get to name them. If you call it "RedLionPub" I'm guessing you might get uninvited guests. If you instead reference an inside joke ("TerramicDragonHouseOFish" or "InstantMonkeyDispatch") not so much. However there is an ID number baked into the URLs, and I don't know if there's search, so you'll likely end up memorizing or bookmarking URLs for a place you go often.
Passwording a Jitsi room in the way you would a Zoom meeting seems pointless, just give it a harder to guess name and save trying to memorize two separate facts when only one is needed.
Jitsi's end-to-end encryption passwords would be a reasonable choice (if your clients are capable) and you would need to memorize those separately from a room name since Jitsi's servers don't do anything with the encryption
(If you join a Jitsi call with say, four other participants using a password you don't know, your copies of their four audio and video streams are nonsense, chances are your decoders will give you silence and a black rectangle, although weird glitched blocky nonsense video is also possible and I guess it's conceivable you'd likewise get weird audio nonsense)
Having a public part (room id) and private part (password) fits very well into people's mental model of security/accessibility.
Doing it this way also lets you turn off authentication if you decide you don't need it and lets you use the same password if you need multiple conference rooms. This is the best solution in my opinion.
> If you join a Jitsi call with say, four other participants using a password you don't know, your copies of their four audio and video streams are nonsense
Not in my experience. Jitsi won't let me enter the room at all if I enter an invalid password.
Well, we don't have human-meaningful names even now, at least not for most humans - for us technology types, sure, but if the names were truly human-meaningful, we'd have far less ...ibm.com.cn style of phishing, e.g.
A few commenters make the point about phone numbers and IP addresses being somewhere between analogous and homologous. I think that's true for IPv4, but definitely not for IPv6.
But that misses an unexpected benefit of the DNS: Traffic management based on geolocation. Even without human-meaningful names, nickname to address translation would have benefit for that reason alone.
As others have pointed out, we don't so much need a name service, we want a reputation service.
After all, most people get to web sites, e.g., via a bookmark or embedded URL or a search result.
If we got rid of the DNS and had to enter IP(v4, not v6) addresses by hand, a lot of us would still get there via bookmarks or embedded URLs or search results. Little/nothing would change.
I'm not suggesting redesigning the Internet with a dedicated search engine layer in our not-7-layer stack, but I do think the differences between current use and design intent are significant enough, even if sometimes subtle and unforeseen, that a rethink could take us to interesting places.
(My favourite part of the article are the counter-examples. So the triangle is itself wrong, generally, and only correct, more or less, for specific technical approaches.)
Status messenger has a nice naming solution. They give everyone a three-random-word name when they join (an Ethereum pub key is under that of course). Then (1) your friends can assign to you their own nickname for you, or (2) you can buy an ENS name that is globally findable.
I think of this basically like car license plates. You can optionally get a vanity plate.
Another project that I love is BrightID. It really embodies the idea that we don’t actually need a global registry of names for most use cases. Most of the time we just want to know if someone is legit or not. A web of independent Rolodexes is enough to determine that.