You just need to deploy auditable (source-available, reproducible-build, firmware checksums LCD on-chip) biometrics booths that generate private keys from normalized biometric inputs, and then use those ephemeral private keys to generate and sign portable identity keys. Most people have fingerprints and retina patterns and that’s twelve signatures on an identity alone, allowing for continuity across severe biometrics events like regrown fingertips etc.

A nonprofit business could do this if backed by all existing dotcom and bitcoin billionaires. But they’d all want to profit from it, so either non-profit (NGO) or governmental it is.

Fun fact: this is already a core function of USPS. They serve as an identity verification hub for both US passports and their informed delivery and PO box services. They just have a human-dependent process rather than an identity-generator booth. So they’d be perfectly positioned to take your ID, hand you an attestation request QR code, and get your identity-signatures on it — without being able to reverse-engineer your biometrics from those signatures, but still being able to detect gross variances when someone else tries to lie about being you in a future verification.

Anyways, none of this will likely ever happen, but the rich tech folks could make it happen at any time if they cared to. Instead we get THE ORB which is doing retinas as a for-profit without auditable artifacts or hardware. Sigh.

▲

acgourley 12 hours ago | parent [-]

I think you can do it without any biometrics at all, although using it as a second factor could make it smoother.

I'd propose the primary factor is social - when a child is born there is a recorded attestation from the family and care providers about the minting of a new soul. When keys are compromised you similarly seek attestations from your social network (or social worker) that you need to furnish a new key.

The network could be attacked by literal force, blackmail, or deception, but it's very expensive compared the defense (strong legal punishment for attempts to subvert the network)

That last part is why I think the state has to do it, not technologists. There has to be a strong legal and cultural immune system in place to defend the network.

	▲	altairprime 12 hours ago \| parent [-]
		That’s adjacent to birth certificates and passports already, with some variations on a theme per country, but certainly I don’t object to it. But I’m still infuriated at having to provide a birth certificate to LinkedIn to support a legal name change, so I encourage further design at the interface between “citizen identity” and “online identity(s)”. Your idea has merits and isn’t like others I’ve seen, so it’s worth considering in more detail!