Agree that passkeys are the direction we seem to be headed, much to my chagrin.

I agree with the technical advantages. Where passkeys make me uneasy is when considering their disadvantages, which I see primarily as:

• Lack of user support for disaster recovery - let’s say you have a single smartphone with your passkeys and it falls off a bridge. You’d like to replace it but you can’t access any of your accounts because your passkey is tied to your phone. Now you’re basically locked out of the internet until you’re able to set up a new phone and sufficiently validate your identity with your identity provider and get a new passkey.
• Consolidating access to one’s digital life to a small subset of identity providers. Most users will probably allow Apple/Google/etc to become the single gatekeeper to their digital identity. I know this isn’t a requirement of the technology, but I’ve interacted with users for long enough to see where this is headed. What’s the recourse for when someone uses social engineering to reset your passkey and an attacker is then able to fully assume your identity across a wide array of sites?
• What does liability look like if your identity provider is coerced into sharing your passkey? In the past this would only provide access to a single account, but with passkeys it could open the door to a collection of your personal info.

There’s no silver bullet for the authentication problem, and I don’t think the passkey is an exception. What the passkey does provide is relief from credential stuffing, and I’m certain that consumer-facing websites see that as a massive advantage so I expect that eventually passwords will be relegated to the tomes of history, though it will likely be quite a slow process.

What is your suggestion for a superior solution to the problems passwords solve?

What an absolute failure of the legal system to understand the issue at hand and appropriately assign liability.

Here’s an article with more context, but tl;dr the “hackers” used credential stuffing, meaning that they used username and password combos that were breached from other sites. The users were reusing weak password combinations and 23andme only had visibility into legitimate login attempts with accurate username and password combos.

Arguably 23andme should not have built out their internal data sharing service quite so broadly, but presumably many users are looking to find long lost relatives, so I understand the rationale for it.

Thus continues the long, sorrowful, swan song of the password.

Not to mention they’re probably paying double for it - once through their taxes for the public school the kids aren’t attending plus the tuition for the private school.

Ah the ol’ security by obscurity plan. Classic.

Sounds weird from inside the echo chamber though

¿Porque no los dos?

Why couldn’t it be both?

Respectfully, you were the one who pointed out the impact of the Network Effect.

The adoption of a product by an additional user can be broken into two effects: an increase in the value to all other users (total effect) and also the enhancement of other non-users’ motivation for using the product (marginal effect).

Thus, users don’t need to understand the credentials of the platform if the network effect is strong enough, but as users leave the network, the value (credentials) of the platform as a whole decreases.

Another way to think about it is that the amount Twitter “matters” is directly related to how much we collectively agree it matters. While not directly transferable, I’d suggest that Keynes’ Animal Spirits concept can help us to understand why this might be the case - prevailing attitudes towards a platform can have a profound impact on their value.

Counterpoint: Twitter will continue to maintain a critical mass of users until enough people move somewhere else to make it irrelevant. Continuing to use it only serves to further credentialize the platform, making it even less likely that users will find a new home someplace else.

It’s not much but they try a whole lot more than most.

Thank you. I’m going to restate your explanation to be sure I’ve got it:

• authorities want platforms to comply with legal requests
• when Signal gets a subpoena, they open the key locker and show that it’s empty. They provide the metadata they can (sign up date and last seen date, full stop) and tell authorities they can’t do better.
• when Telegram gets a subpoena, they open the key locker and show all the keys, then slam it shut in the face of the investigator, telling them to get bent.
• conclusion: it’s easier to never have the keys in the first place than to tease the government with them

I’m no authority on it but from what I’ve read it seems to have more to do with the social features of telegram where lots of content is being shared, both legal and illegal. Signal doesn’t have channels that support hundreds of thousands of people at once, nor media hosting to match.

This is exactly what PG&E is hoping for, yes. ⭐

One of the few laws that we haven’t sorted out a way to break!

So what happens if you try to sleep outside? Do the cops pick you up and bring you to a shelter where they provide a bed, meals, and a roommate named Bubba who thinks you’re purdy?

Conservatives are so short sighted - this is just giving handouts with extra hands and limited humanity.

The same one they have now, perhaps with a steeper learning curve. The market for software developers is already saturated with disillusioned junior devs who attended a boot camp with promises of 6 figure salaries. Some of them did really well, but many others ran headlong into the fact that it takes a lot more passion than a boot camp to stand out as a junior dev.

From what I understand, it’s rough out there for junior devs in certain sectors.

Neat, well thanks for the heads up

For me it’s the inability to set my status to “invisible”.

It’s not that I don’t want to game with people, but sometimes I want to practice alone without being bombarded by invites.

Wait now it appears I’m the one out of the loop. When did that start?

Um actually, in the US

ACKTUALLY, whether or not you can get fired is a state issue, and some states such as California provide statutory protection for employees who use cannabis. It’s true that there are some states where you can get in trouble, but the federal laws are not being enforced by the Biden administration, who has given the green light on cannabis consumption and rescheduling, so there’s really no single answer that applies to the whole United States, and your mileage may vary.