what's interesting about polis's approach is that it surfaces agreement clusters instead of amplifying disagreement. most comment systems optimize for engagement, which in practice means conflict. if you optimize for "where do people actually agree despite appearing to disagree" you get a completely different dynamic.
the invite-tree idea someone mentioned below is interesting for the same reason: it's not just that it keeps bots out, it's that it creates social accountability. you're more thoughtful when your reputation is linked to the people you invited. same principle as why small communities tend to self-moderate better than large ones.
But it should be treated as a relatively safe ID, it's even used for voting. If you feel uncomfortable, just have one device for eID, and one for everything else.
I think it's a great tool if we want to implement some sort of liquid democracy feature.
and then layer on citizenship on top if you want to use this for polling, voting, etc.
> You’re in a desert walking along in the sand when all of the sudden you look down, and you see a tortoise, it’s crawling toward you. You reach down, you flip the tortoise over on its back. The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over, but it can’t, not without your help. But you’re not helping. Why is that?
It's funny to think of how the US government is effectively a decentralized web of trust system. Building one that works, that has sufficient network effects, auditability, accountability, enforcability, so that when things are maliciously exploited, or people make mistakes, your system is robust and resilient - these are profound technically difficult challenges.
The US government effectively has to operate IDs under a web of trust, with 50 units sitting at the top, and a around 3,000 county sub-units, each of which are handling anywhere from 0 to 88 sub-units of towns, cities, other community structures.
Each community then deals with one or more hospitals, one or more doctors in each hospital, and every time a baby is born, they get some paperwork filled out, filed upward through the hierarchy of institutions, shared at the top level between the massive distributed database of social security numbers, and there are laws and regulations and officials in charge of making sure each link in the chain is where it needs to be and operates according to a standard protocol.
At any rate - ID is hard. You've gotta have rules and enforcement, accountability and due process, transparency and auditing, and you end up with something that looks a bit like a ledger or a blockchain. Getting a working blockchain running is almost trivial at this point, or building on any of the myriad existing blockchains. The hard part is the network incentives. It can't be centralized - no signing up for an account on some website. Federated or domain based ID can be good, but they're too technical and dependent on other nations and states. The incentives have to line up, too; if it's too low friction and easy, it'll constantly get exploited and scammed at a low level. If it's too high friction and difficult, nobody will want to bother with it.
Absent a compelling reason to participate, people need to be compelled into these ID schemes, and if they're used for important things, they need a corresponding level of enforcement, and force, backing them up, with due process. You can't run it like a gmail account, because then it's not reliable as a source of truth, and so on.
I don't know if there's a singular, technological fix, short of incorruptible AGI that we can trust to run things for us following an explicit set of rules, with protocols that allow any arbitrary independent number of networks and nodes and individuals to participate.
Yes 100%, that's why the government needs to offer it, make tampering a serious offense, and dynamically defend its integrity from attackers.
> incorruptible AGI
Not a lot of alpha in planning for scenarios where we get that
I'm assuming it's equivalent to lobste.rs implementation: https://lobste.rs/about#invitations
The cost of this is adding a ton of friction to joining.
Off the top of my head, a possible method is a proxy or two or three, each handling different components of authentication and without knowledge of the other components. They return a token with validity properties (such as duration, level of service). All the vendor (e.g., Polis) would know is the validity of the token.
I'm sure others have thought about it more ...