Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
jtrn 4 days ago

I actually thought a lot about this, and I feel it relates to my job in health services.

I'm tired of hearing the Norwegian government talk about AI and modernization. Before we chase the next big trend, we need to solve fundamental problems. We should have one public, centralized provider for digital identity and authentication. We also need a single, secure messaging service for healthcare personnel and residents.

This same principle of focusing on the basics should apply to other services in the domain of selfhosters: secure data storage. Instead of building a complex, all-in-one platform, a community project could offer just a "digital locker" for files.

Users would connect to this storage via open protocols (like WebDAV), allowing it to work with many different apps. This gives users the freedom to choose their own tools for photos, documents, and media. This approach has three main benefits: * Lower Cost: It is cheaper to manage only file servers instead of a full software suite. * Simpler Maintenance: The limited scope makes the service easier to secure and sustain. * Predictability: The service is stable for users, and the workload is predictable for maintainers. It treats data storage as a public utility—providing the essential infrastructure and letting people build on top of it.

And if a community can’t get this basic and manageable thing up and running, a thing that has immediate and obvious utility, then maybe it’s unrealistic to expect more complex community or public utility-like services.

drew_lytle 4 days ago | parent | next [-]

Thank you so much for your thoughtful comment! I think this is a great path to fight for. I think it's very funny that most people (in the U.S. at least) scoff whenever I talk about a "public, centralized provider for digital identity". There's so much governmental distrust. Meanwhile, everyone I know logs in with Google. Have a great day and thanks for reading!

4 days ago | parent [-]
[deleted]
isaacremuant 4 days ago | parent | prev [-]

> centralized provider for digital identity and authentication.

No. Stop pushing this crap. It's what all security companies are lobbying for to get that juicy money and surveillance heavy power hungry governments want to push on next to keep on the path of no anonymity and speech control. They already do it in many ways. Don't hand them the keys for the next oppression. I don't care if your intentions are good. The war on drugs and the prohibition and many invasions also claim good intentions.

lotsofpulp 4 days ago | parent | next [-]

Are you against governments issuing passports too?

I don't understand why a government that can be trusted enough to issue passports, but cannot be trusted to issue a digital passport.

Failing to do so will simply lead to Apple or Alphabet being the trusted entity that decides who is who.

Similarly, a government can be trusted to maintain a database of banks and insure the banks' customers' deposits, but a government cannot be trusted to maintain a database of all the people's electronic money accounts directly? (in the US, I know in some countries, the government does operate electronic money accounts and transfers)

isaacremuant 3 days ago | parent [-]

Not to access the Internet. In any case, many governments already have OpenId for their and other people's services.

Be transparent and honest with your exact "new thing" and we'll easily pull from the thread.

lotsofpulp 3 days ago | parent [-]

Providing an identity verification API does not mean it has to be required to access the internet. That decision would be for each website to make.

isaacremuant 3 days ago | parent [-]

This is like "X guidance" that then becomes mandatory because "To cover ourselves we'll just follow X guidance".

You're describing the same outcome pretending it won't happen.

There's already OpenId. The government can already use it with a YouGov or similar systems which you could integrate with. There's no problem here other than actually trying to force ID for internet access (one of the excuses is the old "who will think of the children", age verification for social media).

lotsofpulp 3 days ago | parent [-]

Is OpenID liable for identify verification? I don't see how they could be without physical offices everywhere in world.

Passports require people to physically go prove themselves to a government employee, an actual attempt at identity verification.

>There's no problem here other than actually trying to force ID for internet access (one of the excuses is the old "who will think of the children", age verification for social media).

There is a problem with people impersonating other people. There is economic gain from creating a trustable system in which to do business.

>You're describing the same outcome pretending it won't happen.

What outcome? The internet is still there, and all users can still do whatever they want. Including website owners that want to verify identity, and website owners that do not want to verify identity.

isaacremuant 2 days ago | parent [-]

Total security doesn't exist. You can also fake passports and many other things. Do you also want to add online ID verification to purchase alcohol in a convenience store because someone can trick the salesman with fake ID?

You're not analyzing any tradeoffs and going directly to the total surveillance total government power. I was spot on in my assessment from the first comment.

> There is a problem with people impersonating other people. There is economic gain from creating a trustable system in which to do business

There's economic incentives for lots of crimes. We don't install cameras in people's homes (or shouldn't) to make sure it doesn't happen. The possibility of a crime is not an argument for disregarding civil liberties.

> What outcome? The internet is still there, and all users can still do whatever they want.

This is the most disingenuous or naive comment I've read today.

Internet freedom is severely curtailed with different excuses around "protecting against foreign actors, drugs, porn, protecting the children, etc". The police can show up at your house and arrest you in a European country for posting political opinions on Twitter. ISPs will block websites and the government will force sites to require authentication to read about Israel criticism in relation to gaza.

> Including website owners that want to verify identity, and website owners that do not want to verify identity.

There's a lot of ways to silently encroach on liberties pretending it's "companies exercising freedoms" when it's actually governments directly or through payment processors forcing them to act in certain ways. Removing choice. Usually based on political leanings. Whether it's to ban specific types of journalism or forms of media.

You can pretend it's all correct and good limitation of freedom but we both know that's just an authoritarian position. Everything the government does in a country is good by definition, let's always ignore corruption and the natural desire to accumulate more power.

lotsofpulp 2 days ago | parent [-]

>You can also fake passports and many other things. Do you also want to add online ID verification to purchase alcohol in a convenience store because someone can trick the salesman with fake ID?

And yet we still use passports. And yes, it would be super convenient to not have to have a physical ID on me to verify my identity. Nothing is changing legal rights or government surveillance capability wise, except that people gain convenience.

>You're not analyzing any tradeoffs and going directly to the total surveillance total government power. I was spot on in my assessment from the first comment.

As if the government cannot secretly subpoena and force Apple and Google to reveal anything they want.

https://en.wikipedia.org/wiki/United_States_Foreign_Intellig...

https://en.wikipedia.org/wiki/Five_Eyes

At least if the government operates an identity verification API, it can be subject to the constitution. Businesses are not subject to the laws that restrict the government, and governments love that loophole. If all the banks or tech companies ban you, tough shit, that is their business right. If a government service bans you, then you can fight it in court.

>Internet freedom is severely curtailed with different excuses around "protecting against foreign actors, drugs, porn, protecting the children, etc". The police can show up at your house and arrest you in a European country for posting political opinions on Twitter. ISPs will block websites and the government will force sites to require authentication to read about Israel criticism in relation to gaza.

This has nothing to do with government providing an identity verification API. This is a separate issue about not having sufficient civil rights.

>Everything the government does in a country is good by definition,

Not at all, and that is why the government should be the one doing it, so that it can be litigated in court, transparently. Currently, governments are loving the use of businesses to do bad things, and throwing their hands up because it isn't the government doing it, it's the business doing it.

jtrn 4 days ago | parent | prev [-]

It's really hard not to become impolite with this kind of disrespectful comment, but I try. Let me articulate my thinking... The suggestion is not based on nothing; it's based on years of banging our heads against the wall with various governmental and non-governmental systems that we need to communicate with, in the context of our firm wanting to talk to government servers to, for instance, get money for providing health care, or communicate with a GP.

We already have a need to authenticate and communicate. In the same way we have passports and driving licenses, these kinds of basic utility services seem to be worth it.

I'm just advocating for the same thing, for the basic functionality, digitally, before we start dreaming of other kinds of solutions.

I'm really not happy with the solution that has emerged in Norway, where one private entity is basically the de facto identity provider for everything (BankID). Then there's a mishmash of all other providers with various levels of motives, usability, restrictions, technology, and cost.

The same way we found out national identity cards can be useful, to ensure we have proper basic communication and identification within our country when using that country's services and portals.

This is my logic: We already have to communicate and authenticate, no way around it. And our government is already mandating login and communication digitally. So, a service like I described would not affect the concern you seem to have, since we have already handed over the key, so to speak. But it would alleviate a lot of unnecessary and, frankly, security-reducing complexity.

I would assume you are extremely skeptical of anything governmental and centralized. Maybe you live in a country with more problems, so that your fear is more realistic. But here in Norway, we seem to have found a stable balance of powers and a stable relationship between the people and our government. So maybe your situation you live in makes the "tyranny" claim more palpable.

Sadly, this, to me, just reinforces my experience I have every time I run into libertarian values. There seems to be much more focus on angrily denouncing others' ideas and not contributing to any realistic or practical solution. And it's too bad you have to resort to absolutes, unnuanced ad hominem attack. I think a measured response would have been something like (my caricature of how I would have said it): "I see you want to improve inefficiencies, but I fear that you don't properly account for the dangers of abuse from the government." Instead, you come out swinging when all I suggest is that we just do what we are already doing, but better.

isaacremuant 3 days ago | parent [-]

If you think I'm impolite then you haven't realized how impolite and insulting you can be while seeming polite.

Let me say this. There may be a misunderstanding and you simply may want easy standards and auth for a specific gov service validation. Like what the UK gov does for tax and the like. Or Ireland. YouGov OpenId kind of access.

The way you were talking about centralization implies, at least to me, some sort of digital id for internet usage which is absolutely terrible and being extremely pushed by lobbyists and governments who love surveillance. If you think this is a conspiracy theory I don't care. It's all a conspiracy theory when it goes against powerful money.

As for calling me naive or libertarian or any of that crap. Ok. Then you're an authoritarian. You're a danger to me and others and you'll claim you do it for my sake or claim that I myself are dangerous for protection "my freedumbs"

> But here in Norway, we seem to have found a stable balance of powers and a stable relationship between the people and our government. So maybe your situation you live in makes the "tyranny" claim more palpable.

Hahahahahahahaha. Yeah right. I know and have lived in Norway. I know the kind of "don't rock the boat" mentality. Everything works right? Because there's money and media won't address the Barnevernet or military abuses nor anything that actually goes wrong.

People who talk in favour of authoritarian tenets and dismiss criticism as "libertarians who come from <bad countries unlike mine>" are super funny.

"I'm angry and not offering a solution", right?. That's just bullshit. You can use that to justify any government measure. The war on drugs, terrorism, etc.

Sweden already shows how surveillance can get insanely intense and nordics communitarian pushdown to prevent criticism of power is extremely effective. Not that you still don't consider yourself superior to others like you clearly express every time you think the world isn't looking. "Er typisk norsk å være god" eh? (Or however that phrase went).

Get offended. We've been through too much shit for me to care about your Overton window.