> We already have universal tracking IDs, we just don't see them because they're opaque and proprietary.
This is simply not true. I can go to a public library, sign up for a free email account, sign up for Google or Twitter without it being tied to my name or face or work email etc.
If signing up for any of that required giving them something tied to your social security number, that wouldn't be possible, and that must not happen.
> We already use government identification online, we just do it in the dumbest way possible: "please upload a photo of your driver's license."
The vast majority of websites don't require this, specifically because it's a pain in the butt. It needs to continue to be a pain in the butt so they continue to not require it. Ideally we should create new ways to make it even more difficult.
> FaceGoogAzonRosoft have done everything related to auth that's profitable, but the one thing they will never do is build an office in your hometown and staff it with a person who can do deal with you as an individual and physically hold your two recent utility bills when corner cases or fraud or whatever require it.
That has just no security value whatsoever. A utility bill is a piece of paper. Anybody with a printer can forge one in five minutes.
On top of that, who still gets a utility bill in the mail?
First, I don't think you're being realistic about how tracking works nowadays. Google will will link your new "anonymous" account to your established tracking profile as soon as you access it from a device or geographical location associated with your existing account. This is true even if you never visit any Google owned domain, through the magic of shared tracking IDs.
Second, your position rests on the assumption that this hypothetical federal ID will be mandatory. How will it be "required"? By whom? If the government makes a federal oauth, and it works well, sure, some webapps might require it, but they can also just require your identity today. I think you haven't wrapped your mind around the idea that any big tech company that doesn't already have your identity doesn't want it. Google doesn't care about your SSN, they care about your browsing and shopping history, but the day they decide they want it, they'll demand it, and you'll comply or go without Google services (and they'll probably get it from data sharing partner anyway). None of that would change due to what I'm proposing.
> Google will will link your new "anonymous" account to your established tracking profile as soon as you access it from a device or geographical location associated with your existing account. This is true even if you never visit any Google owned domain, through the magic of shared tracking IDs.
A separate device is <$50. Local VMs are ~free. VPNs hide "geographical location" and anyway they were never unambiguous because there can be arbitrarily many people in the same place.
> Second, your position rests on the assumption that this hypothetical federal ID will be mandatory. How will it be "required"?
If you make it easy to use and use of it allows you to be tracked more effectively then websites that want to track you more effectively will require its use.
> but they can also just require your identity today.
That is more difficult to do now and so they do it less. Making it easier would allow them to do it more, which is bad.
I mean there are two options. One is nobody would use it, and then it shouldn't exist. The other is that people would use it, which is bad, and so it shouldn't exist.
This is simply not true. I can go to a public library, sign up for a free email account, sign up for Google or Twitter without it being tied to my name or face or work email etc.
If signing up for any of that required giving them something tied to your social security number, that wouldn't be possible, and that must not happen.
> We already use government identification online, we just do it in the dumbest way possible: "please upload a photo of your driver's license."
The vast majority of websites don't require this, specifically because it's a pain in the butt. It needs to continue to be a pain in the butt so they continue to not require it. Ideally we should create new ways to make it even more difficult.
> FaceGoogAzonRosoft have done everything related to auth that's profitable, but the one thing they will never do is build an office in your hometown and staff it with a person who can do deal with you as an individual and physically hold your two recent utility bills when corner cases or fraud or whatever require it.
That has just no security value whatsoever. A utility bill is a piece of paper. Anybody with a printer can forge one in five minutes.
On top of that, who still gets a utility bill in the mail?