Agreed. One solution could be restricted access. Government of Maynmar not allowed to access this. Same of Houthi and Yemen or Syrian rebels/Assad etc. Idea 2: it could potentially help hold these government's more accountable if everyone in the world has access to a record and thus proof of what they are doing.
Ordinarily, I’d agree with this, except to look at how this series of events transpired, one gets the sense that the aggressors in this scenario did not give a shit about identity as they went about (and continue to go about) dealing death (and worse) to pretty much anything in front of them.
In this case it seemed to be based on regions or zones in rural territories. Anybody in those towns or villages, was in the wrong place at the wrong time, and no amount information was going to make a difference.
I don’t think they were going around, checking names and marking clipboards. By all accounts, there was nothing orderly about this one. Little more than a perimeter walked down to a kill zone. The people that got away had to move fast, and of the ones that made it out of the round up, it seemed to be children and people who played dead.
So, add computerized record keeping to the mix. Will it be used to hunt people down? It’s probably a concern worth considering, but really the modus operandi seems to be search and destroy eviction from a territory, to clear out an area, not understanding and targeting network nodes in a constellation of peers.
So-called "recognized states" make monumental efforts at disallowing creation of new states and at making citizenship scarce, to help keep their monopoly. This doesn't seem to be in the benefit of Earth's people, and also amount of "unrecognized states" grows year by year. Previously, this backlog could only processed by holding a World War.
It's an elephant in a room and I'm quite surprised I've never seen this idea discussed seriously anywhere.
The creation of new states is far from a panacea for solving these sorts of conflicts. South Sudanese and Eritrean independence appears to have generally made their lives more miserable, for example.
The real issue is that cultural identity is a very fluid concept, and states can try to steer their citizenry to express a very broad, inclusive notion of cultural attachment (as France and Germany did in the late 19th century) or a very narrow and exclusive sentiment (as the Ottoman Empire did).
> I think being South Sudanese or Eritrean is much better than being murdered for being a separatist, on ethnic cleansing scale.
Oh, there's still ethnic violence on a large scale in South Sudan. It's between different groups inside the new country.
> Since the outbreak of conflict, armed groups have targeted civilians along ethnic lines, committed rape and sexual violence, destroyed property and looted villages, and recruited children into their ranks.
This is the most plausible rationale for doing it with blockchains (see also: many other blockchains)
The whole system appears to rely on a trusted group certifying the [probable] authenticity of an individual's records and Rohingya refugee status, in which case you might as well let them host it on a well-backed up regular database...
It's possible, even easy, to insert fake attestations that biometric B corresponds to identity I. But an append-only log has the advantage over other databases that a simple older-record-wins heuristic is likely to prefer genuine identity records.
A regular database has no way to make it infeasible to insert fake old records. Sure, you can publish checkpoints. But that doesn't work so well when you're up against a government that wants to erase your entire ethnicity.
Isn't the sufficiently determined government with the ability to compromise an organization's computers almost as much of a threat to carry out 51% attacks on its private blockchain as to successfully target distributed copies of database checkpoints?
(In practice, I think the Myanmar government's strategy would simply be to disregard the database rather than to attack it anyway, on the basis the local prejudice against the Rohingya isn't based around their numbers or individual identities but the claim that they are actually Bangladeshi illegal immigrants lying about Myanmar ancestry and land)
Yes, it is a threat. That's why I'm not sure why they're not just using Ethereum. Well, I think I know why -- "let's use Ethereum!" isn't a fundable startup idea. But it's too bad, because I have a feeling Myanmar doesn't have even enough compute power to double-spend a single CryptoKitty.
And yeah, a government would certainly try to ignore facts it didn't like.
Who signs the identity certificates? And who are "they" who maintain the repository? And who decides which commits are legitimate?
Git is a distributed database only if every copy eventually syncs to tip, and only if everyone can agree what "tip" is. Each of those conditions is hard to meet if the problem statement assumes that malicious actors have write access to the repo and can arbitrarily assert which fork is master.
You have exactly the same problem with "blockchain". Whatever solution you propose for this new blockchain can equally be applied to write a git merge driver for this new git repository.
If your solution is "proof of work", then you have the additional problem that there is a large group of people with significant computational power who can take over your new blockchain for the appropriate fee.
When someone proposes a solution that involves throwing money at a problem, you should be jumping for joy, not asking what happens when someone then throws money at the problem. Such a solution is the economic equivalent of proving that an NP problem is actually a P problem.
Blockchain as implemented in Bitcoin takes a thorny sociopolitical problem (how to store monetary value) and turns it into an economic problem (how to calculate SHA-256 moving the smallest number of electrons).
As applied to the Rohingya situation, it switches out the political power of whoever is currently dominant and replaces it with monetary power (proof of work). It commoditizes political power. I don't know about you, but I'd take an economic problem of being the group with the most money (== computing power) over an intricate, shifting political problem any day of the week.
> As applied to the Rohingya situation, it switches out the political power of whoever is currently dominant and replaces it with monetary power (proof of work).
My assertion is that using a blockchain, as opposed to existing proven technologies, adds nothing of value.
You keep restating the opposite claim, but you have yet to explain how a blockchain adds any value over not using one.
You can facilitate git rewrites, but it's not computationally expensive (or expensive in any sense) to do that. So it's easy to erase history and start over. A proof-of-work approach (or proof-of-whatever, as long as the incentives are aligned) imposes a cost to rewriting history. And if you believe that there's some relationship between economic power and truth/goodness (debatable, but it's a tenet of most of Western societies), then creating a cost, even a wasteful one, is a good thing.
If existing proven technologies have a way of making rewrites hard (not reputationally hard but economically hard), then I'd appreciate the education. I'm not aware of such a power.
> A proof-of-work approach (or proof-of-whatever, as long as the incentives are aligned) imposes a cost to rewriting history.
That's not exclusive to blockchains. Blockchains impose a cost to rewriting history because peers follow a set of rules that make it so. You can impose a similar set of rules in any alternative solution, blockchain or not. Simply do not accept non-fast-forward branch updates. Validate all proposed updates against your standard rules, and if validated, use your custom merge driver to implement any required merging rules.
I have yet to see an description of a threat model here which explains how such a blockchain's decentralized consensus system solves this particular real world problem.
Either you're agreeing that you could stick proof of work into a more conventional database (not sure if that's what you mean by "You can impose a similar set of rules in any alternative solution, blockchain or not"), or you don't think the self-validating nature of a proof-of-work blockchain is interesting.
The alternative solution you describe in your first paragraph still has the flaw that a nation-state could delete all known copies of the real national database, publish a new one, and say "Here's the national git log. Oceania has always been at war with Eastasia." Someone finds a backup copy of the original and publishes it. Now, determining which one is right is basically a question of whoever shouts louder. There's nothing inherently better or worse about the fake log compared to the real one, since both follow the rules; it's a question of who you believe.
In a blockchain solution, on the other hand, the nation-state would have to say "here's the real blockchain," but either the amount of work required to produce the fake one was more than the work required to produce the real one (in which case congratulations, they win), or else it's self-disproving. Nobody has to argue whether the real one's real, because the real one by definition has the most work put into it. Unless I'm misunderstanding you, your example alternative solution doesn't have that important feature.
Myanmar obliterated all traces of the Rohingya, razing their villages, rebuilding entirely different structures on those locations, and then claiming that the Rohingya burned down their own homes and voluntarily left the country (listen to https://www.nytimes.com/2018/08/14/podcasts/the-daily/myanma... for more). It's completely within the threat model of this situation that a nation-state might want to rewrite its identity database and deny that it ever happened.
> Now, determining which one is right is basically a question of whoever shouts louder... It's completely within the threat model of this situation that a nation-state might want to rewrite its identity database and deny that it ever happened.
Now that Bitcoin exists, you don't need to trust a third party for trusted timestamping any more; you can insert hashes into an existing (stronger) blockchain instead.
I accept this is technically "blockchain" in that case, but I wouldn't really call it "blockchain technology" or "turning to blockchain" and there's no need to reinvent a new blockchain with all the risks that entail.
Take my git repository and add a rule that to be considered valid by a client an authority must have inserted the commit hash (or a child commit hash) into the Bitcoin blockchain. If an alternate branch appears, the earliest appearance wins. You get the property you're looking for, but you don't need to invent a whole new system to do it. Bitcoin (or any blockchain) isn't required; any trusted timestamp service will do instead. If you don't want to use a third party, then sure, use Bitcoin, but no need to invent anything new.
I argue that this is far better than "turning to blockchain". All the components are well understood. There is no risk in this model.
>When someone proposes a solution that involves throwing money at a problem, you should be jumping for joy
I'm sure that people who are starving to death are grateful to know that a bunch of rich techbros are dumping money into an exercise in patting themselves on the back rather than spending it on anything actually useful.
“Immutable record” doesn’t really work with “birth”, “death”, or “accidentally incorrect details”.
Allowing mutability to any of those things doesn’t work well with preventing hostile forces with far more resources from corrupting your records — even a bug free implementation should, on topics like this, presume the hostile attackers can mount a 51% attack.
(I’d go further and assume hostile actors could mount a 99.99% attack when it’s homeless stateless refugees fleeing hundreds of thousands of armed malitia).
if you treat the blockchain as an event-sourced datastore, you could publish amendment updates. Then you can rebuild the original record and all the amendments into a latest-accurate record.
It's impossible to know without eg signing the record with the person's key, but you can at least see the history of modifications so information can't be hidden by overwriting or deleting it.
Overwriting and deleting are not the only ways to hide things. Truth can be hidden if buried under a randomised pile of noise, of “corrections” and counter-corrections - who would rely on a database which needs to be cleaned up against deliberate hostile damage?
I'm not arguing that using a blockchain makes sense here - I'm firmly in the anti-blockchain-overuse camp. I was making a point about how you could provide a mutable record within an immutable event chain.
Putting disenfranchised poor people on a list to keep track of them that is controllable by whoever has the most electricity/money doesn't sound like a form of empowerment.
Did you read the article? The population has real, historical reasons not to trust the traditional centralized provider of identity. A trustless solution is an option worth considering.
Blockchain-overuse snark is not the solution to every blockchain proposal.... especially if you haven't heard the proposal yet.
Blockchain doesn't automatically mean decentralised. _HOW_ is this blockchain decentralised? _WHERE_ does the trust/authority come from? Theres very little information on it other than "because blockchain".
>Blockchain-overuse snark is not the solution to every blockchain proposal....
Yes, it is. At least until someone comes up with an actual use for it that isn’t a scam or something that could have been done much easier with existing technology.
But the difficulty is that the traditional centralized provider of identity is the state, and they are the arbiter of identity because they have power. Being the state in power is why they decide anyone's identity. Declaring your own identity does not change the power dynamic.
That's a good point, and I hope nobody is taking the position in this thread that someone has legal rights just because a digital signature matched. Unless the legal body grants that privilege, the match has no meaning.
A decentralized solution removes the question who maintains a centralized database. That's important because, as you say, the answer to that question has always been the state. Which means it's never really been a question.
If you're cool with the government owning your identity -- and truly having the power to erase your entire existence, so they're not denying you any rights because there is no "you" -- then it doesn't matter. But for some people, it might matter to be able to point to something other than the mirror and say "I exist, and not just because I say I do. This matters because [this entity] is taking actions that are inconsistent with my existence and implied rights."
It's a small step, but it's one that opens up options that don't exist today.
I don't know. Maybe on a Raspberry Pi running on your bookshelf and the bookshelves of 1,000 more people around the world. We wouldn't have that choice if it were centralized.
And when you've got this network of RPis running, the Myanmar government simply says "Nope we don't recognize those individuals as citizens. But thanks for compiling a convenient persona non grata list for us!"
> The population has real, historical reasons not to trust the traditional centralized provider of identity.
It doesn't matter because the provider of identity is the same entity that needs to accept the identity: the Myanmar government and they don't want to accept them. This "solution" is ridiculous.
A people's lack of identity in a nation is a civil problem. Technology does not solve civil problems. I don't see any indication in this article how blockchain-based identities will solve the civil problems faced by the Rohingya people; specifically, if the nation they are in does not want to grant them citizenship or basic rights, I don't see how asserting one's identity in the blockchain solves that.
The article states: "Noor’s goal is to give Rohingya the power to reclaim their identities with a resilient system that their host countries will recognise, allowing them access to social programmes, legal rights, education and healthcare." But that's begging the question. The problem is that the state won't recognize them. Why would a blockchain based solution change that?
Who decides if it's accurate? Granted, you might not need blockchain anyway. But I do believe some kind of cross signing setup at least is a better answer than just a normal database.
Who decides if the blockchain based solution is accurate?
An illustration: you do not trust Amazon because of a TLS certificate. That certificate means that you trust the entity on the other end is Amazon. But it doesn't make you trust them. You trust Amazon because of a bunch of soft reasons: you have ordered through them before, and it worked; they appear in the media a lot as a place people go to buy stuff online; a lot of your friends and colleagues buy things through them and are satisfied. All of these factors go into your soft judgement of why you're willing to give Amazon money.
(If you don't trust Amazon, substitute them for some online entity that you do trust. If there are none, please accept that some people do trust online entities enough to give them money and expect to receive goods or services in return.)
This is what I mean by technology does not solve civil problems: in this case, a specific technology solves the specific problem of establishing an online entity is who they say they are. But now you're back to the same problem that exists with any human interaction: do you actually trust the other side?
Back to the database: if we're going to trust some individual or institution to be the arbiter of accuracy, we're better off just using a normal database with whatever encryption we want. Because once your system has that basic level of trust, you don't need blockchain.
And back to my original point: this set of information (in whatever form) makes no difference if the people in power don't care. This information will not make the people in power care. The problem with any oppressed people is caused by those in power abusing that power. Those in power have power because they have might and the belief of the people that they will use that might to enforce their power. Blockchain doesn't change that.
I listened to some kind of "sales pitch" for that system. Their selling point was not to somehow force the state of Burma to recognise their citizens. It was to create a peoples registry of identities, without the aid of a nation state. Exactly how they collect these identities, I don't remember. I fell asleep.
This raises the "oracle problem" which is that blockchain-recorded assertions about things outside of the blockchain are not necessarily correct (unless a community has agreed to treat them as definitionally correct).
If you have a trusted oracle for people's identities, you might just be able to trust that oracle's assertions (maybe that's what you're referring to as "cross signing") without also recording them in a blockchain, unless you're concerned that the oracle will tell the truth initially and then lie later on.
> a central database can be manipulated to effectively rewrite history
That's true, and that's an important issue. But I might still ask, for each application, is there someone who's trusted to introduce records into the system but not to update them later?
(We can definitely envision applications where the answer might be "yes" -- often related to concerns about censorship -- but it doesn't seem like this is the case for every application.)
The last thing you want to do to an oppressed minority in an autocratic state is compile a public membership list. This article is someone tagging their pet fad to a humanitarian crisis.
I doubt an identity system designed today would have JPEGs and plain text in a great big XML file. More likely it'd contain digital signatures of hashed documents, including structures that could verify but not reconstruct biometrics. So the blockchain (or "list," if you prefer) would be able to answer yes/no questions, but that's it.
How does the printing press making books cheaper not help end widespread illiteracy? Why does better engineering allowing construction of sewers not drastically improve civil life?
Heck something as simple as street lights must have done a lot to make people feel safer going out of their homes at night.
Yes, technology can change society and culture over time, which has an enormous impact on civil problems. But rarely does one single technological solution neatly fit into society and all of a sudden solve civil problems - because such problems are based on soft things like trust in others, trust in institutions, trust in government and confidence in basic human rights protection.
The people can though. Centralization via the state entity can allow for efficient decicions (like corporate hierarchies) as everyone knows which direction to look for common consensus.
With a blockchain approach, rather than separate entities clamoring to be the source of truth in lieue of an ineffective state everyone can instead look to the blockchain. (Which theoretically has no agenda, distributed control, etc...)
I think you are inverting causality. Myanmar is denying the Rohingya people their identity because it does not want them in their country. It does not deny them participation in their country because they can't verify their identity.
Let's assume this blockchain-based identity exists. What problem is now solved? What does it matter if people can now point to the blockchain to say "Yup that's me"? The state has a monopoly on force - that's rather what makes them "the state." Why would people look to the blockchain rather than the entity with a police force and military?
Don't blockchains need miners to validate every transaction? Who exactly is going to be running all these computers, and why? What happens when the internet goes down?
I don't know. But all the questions asked by OP would be applicable to any computerized system, and I doubt that a identity system designed today would operate entirely offline.
I’m close to some aid workers in this part of the world. There appear to be a bunch of wide-eyed technologists desperate to foist blockchain on the whole crisis, from recording health records to this. That the “Rohingya are turning to it” rather than a few people are Really Excited About Blockchain is not well supported.
Sadly, the history of people faced with difficult, complex problems turning to opportunistc 'one weird trick' quacks out of desperation is long and depressing.
79 comments
[ 3.6 ms ] story [ 155 ms ] threadcrickets chirping
In this case it seemed to be based on regions or zones in rural territories. Anybody in those towns or villages, was in the wrong place at the wrong time, and no amount information was going to make a difference.
I don’t think they were going around, checking names and marking clipboards. By all accounts, there was nothing orderly about this one. Little more than a perimeter walked down to a kill zone. The people that got away had to move fast, and of the ones that made it out of the round up, it seemed to be children and people who played dead.
So, add computerized record keeping to the mix. Will it be used to hunt people down? It’s probably a concern worth considering, but really the modus operandi seems to be search and destroy eviction from a territory, to clear out an area, not understanding and targeting network nodes in a constellation of peers.
So-called "recognized states" make monumental efforts at disallowing creation of new states and at making citizenship scarce, to help keep their monopoly. This doesn't seem to be in the benefit of Earth's people, and also amount of "unrecognized states" grows year by year. Previously, this backlog could only processed by holding a World War.
It's an elephant in a room and I'm quite surprised I've never seen this idea discussed seriously anywhere.
The real issue is that cultural identity is a very fluid concept, and states can try to steer their citizenry to express a very broad, inclusive notion of cultural attachment (as France and Germany did in the late 19th century) or a very narrow and exclusive sentiment (as the Ottoman Empire did).
What's with the Ottoman Empire in the late 19th century? You seem to refer of it as of something well-know and yet I have no idea.
Oh, there's still ethnic violence on a large scale in South Sudan. It's between different groups inside the new country.
> Since the outbreak of conflict, armed groups have targeted civilians along ethnic lines, committed rape and sexual violence, destroyed property and looted villages, and recruited children into their ranks.
https://www.cfr.org/interactives/global-conflict-tracker#!/c...
The whole system appears to rely on a trusted group certifying the [probable] authenticity of an individual's records and Rohingya refugee status, in which case you might as well let them host it on a well-backed up regular database...
A regular database has no way to make it infeasible to insert fake old records. Sure, you can publish checkpoints. But that doesn't work so well when you're up against a government that wants to erase your entire ethnicity.
(In practice, I think the Myanmar government's strategy would simply be to disregard the database rather than to attack it anyway, on the basis the local prejudice against the Rohingya isn't based around their numbers or individual identities but the claim that they are actually Bangladeshi illegal immigrants lying about Myanmar ancestry and land)
And yeah, a government would certainly try to ignore facts it didn't like.
Git is a distributed database only if every copy eventually syncs to tip, and only if everyone can agree what "tip" is. Each of those conditions is hard to meet if the problem statement assumes that malicious actors have write access to the repo and can arbitrarily assert which fork is master.
If your solution is "proof of work", then you have the additional problem that there is a large group of people with significant computational power who can take over your new blockchain for the appropriate fee.
Blockchain as implemented in Bitcoin takes a thorny sociopolitical problem (how to store monetary value) and turns it into an economic problem (how to calculate SHA-256 moving the smallest number of electrons).
As applied to the Rohingya situation, it switches out the political power of whoever is currently dominant and replaces it with monetary power (proof of work). It commoditizes political power. I don't know about you, but I'd take an economic problem of being the group with the most money (== computing power) over an intricate, shifting political problem any day of the week.
My assertion is that using a blockchain, as opposed to existing proven technologies, adds nothing of value.
You keep restating the opposite claim, but you have yet to explain how a blockchain adds any value over not using one.
If existing proven technologies have a way of making rewrites hard (not reputationally hard but economically hard), then I'd appreciate the education. I'm not aware of such a power.
That's not exclusive to blockchains. Blockchains impose a cost to rewriting history because peers follow a set of rules that make it so. You can impose a similar set of rules in any alternative solution, blockchain or not. Simply do not accept non-fast-forward branch updates. Validate all proposed updates against your standard rules, and if validated, use your custom merge driver to implement any required merging rules.
I have yet to see an description of a threat model here which explains how such a blockchain's decentralized consensus system solves this particular real world problem.
Either you're agreeing that you could stick proof of work into a more conventional database (not sure if that's what you mean by "You can impose a similar set of rules in any alternative solution, blockchain or not"), or you don't think the self-validating nature of a proof-of-work blockchain is interesting.
The alternative solution you describe in your first paragraph still has the flaw that a nation-state could delete all known copies of the real national database, publish a new one, and say "Here's the national git log. Oceania has always been at war with Eastasia." Someone finds a backup copy of the original and publishes it. Now, determining which one is right is basically a question of whoever shouts louder. There's nothing inherently better or worse about the fake log compared to the real one, since both follow the rules; it's a question of who you believe.
In a blockchain solution, on the other hand, the nation-state would have to say "here's the real blockchain," but either the amount of work required to produce the fake one was more than the work required to produce the real one (in which case congratulations, they win), or else it's self-disproving. Nobody has to argue whether the real one's real, because the real one by definition has the most work put into it. Unless I'm misunderstanding you, your example alternative solution doesn't have that important feature.
Myanmar obliterated all traces of the Rohingya, razing their villages, rebuilding entirely different structures on those locations, and then claiming that the Rohingya burned down their own homes and voluntarily left the country (listen to https://www.nytimes.com/2018/08/14/podcasts/the-daily/myanma... for more). It's completely within the threat model of this situation that a nation-state might want to rewrite its identity database and deny that it ever happened.
Sorry if I'm still somehow talking past you.
This was a solved problem before Bitcoin: https://en.wikipedia.org/wiki/Trusted_timestamping
Now that Bitcoin exists, you don't need to trust a third party for trusted timestamping any more; you can insert hashes into an existing (stronger) blockchain instead.
I accept this is technically "blockchain" in that case, but I wouldn't really call it "blockchain technology" or "turning to blockchain" and there's no need to reinvent a new blockchain with all the risks that entail.
Take my git repository and add a rule that to be considered valid by a client an authority must have inserted the commit hash (or a child commit hash) into the Bitcoin blockchain. If an alternate branch appears, the earliest appearance wins. You get the property you're looking for, but you don't need to invent a whole new system to do it. Bitcoin (or any blockchain) isn't required; any trusted timestamp service will do instead. If you don't want to use a third party, then sure, use Bitcoin, but no need to invent anything new.
I argue that this is far better than "turning to blockchain". All the components are well understood. There is no risk in this model.
I'm sure that people who are starving to death are grateful to know that a bunch of rich techbros are dumping money into an exercise in patting themselves on the back rather than spending it on anything actually useful.
Your last paragraph is just hilariously naive.
Allowing mutability to any of those things doesn’t work well with preventing hostile forces with far more resources from corrupting your records — even a bug free implementation should, on topics like this, presume the hostile attackers can mount a 51% attack.
(I’d go further and assume hostile actors could mount a 99.99% attack when it’s homeless stateless refugees fleeing hundreds of thousands of armed malitia).
"Solve it with block-chains!"
"You've not heard my problem yet."
"Doesn't matter!"
Blockchain-overuse snark is not the solution to every blockchain proposal.... especially if you haven't heard the proposal yet.
Yes, it is. At least until someone comes up with an actual use for it that isn’t a scam or something that could have been done much easier with existing technology.
A decentralized solution removes the question who maintains a centralized database. That's important because, as you say, the answer to that question has always been the state. Which means it's never really been a question.
If you're cool with the government owning your identity -- and truly having the power to erase your entire existence, so they're not denying you any rights because there is no "you" -- then it doesn't matter. But for some people, it might matter to be able to point to something other than the mirror and say "I exist, and not just because I say I do. This matters because [this entity] is taking actions that are inconsistent with my existence and implied rights."
It's a small step, but it's one that opens up options that don't exist today.
It doesn't matter because the provider of identity is the same entity that needs to accept the identity: the Myanmar government and they don't want to accept them. This "solution" is ridiculous.
The article states: "Noor’s goal is to give Rohingya the power to reclaim their identities with a resilient system that their host countries will recognise, allowing them access to social programmes, legal rights, education and healthcare." But that's begging the question. The problem is that the state won't recognize them. Why would a blockchain based solution change that?
An illustration: you do not trust Amazon because of a TLS certificate. That certificate means that you trust the entity on the other end is Amazon. But it doesn't make you trust them. You trust Amazon because of a bunch of soft reasons: you have ordered through them before, and it worked; they appear in the media a lot as a place people go to buy stuff online; a lot of your friends and colleagues buy things through them and are satisfied. All of these factors go into your soft judgement of why you're willing to give Amazon money.
(If you don't trust Amazon, substitute them for some online entity that you do trust. If there are none, please accept that some people do trust online entities enough to give them money and expect to receive goods or services in return.)
This is what I mean by technology does not solve civil problems: in this case, a specific technology solves the specific problem of establishing an online entity is who they say they are. But now you're back to the same problem that exists with any human interaction: do you actually trust the other side?
Back to the database: if we're going to trust some individual or institution to be the arbiter of accuracy, we're better off just using a normal database with whatever encryption we want. Because once your system has that basic level of trust, you don't need blockchain.
And back to my original point: this set of information (in whatever form) makes no difference if the people in power don't care. This information will not make the people in power care. The problem with any oppressed people is caused by those in power abusing that power. Those in power have power because they have might and the belief of the people that they will use that might to enforce their power. Blockchain doesn't change that.
If you have a trusted oracle for people's identities, you might just be able to trust that oracle's assertions (maybe that's what you're referring to as "cross signing") without also recording them in a blockchain, unless you're concerned that the oracle will tell the truth initially and then lie later on.
If you have a web of signatures, similar to PGP, Keybase and a few other systems, you can't do that.
The same goes for a blockchain.
What you put in there is susceptible to the oracle problem, but that is another level. Both these things need attention.
That's true, and that's an important issue. But I might still ask, for each application, is there someone who's trusted to introduce records into the system but not to update them later?
(We can definitely envision applications where the answer might be "yes" -- often related to concerns about censorship -- but it doesn't seem like this is the case for every application.)
The last thing you want to do to an oppressed minority in an autocratic state is compile a public membership list. This article is someone tagging their pet fad to a humanitarian crisis.
How does the printing press making books cheaper not help end widespread illiteracy? Why does better engineering allowing construction of sewers not drastically improve civil life?
Heck something as simple as street lights must have done a lot to make people feel safer going out of their homes at night.
With a blockchain approach, rather than separate entities clamoring to be the source of truth in lieue of an ineffective state everyone can instead look to the blockchain. (Which theoretically has no agenda, distributed control, etc...)
Let's assume this blockchain-based identity exists. What problem is now solved? What does it matter if people can now point to the blockchain to say "Yup that's me"? The state has a monopoly on force - that's rather what makes them "the state." Why would people look to the blockchain rather than the entity with a police force and military?
Rohingya refugee: "But isn't a blockchain supposed to be trustless. Aren't we just trusting you to verify me?"
Blockchain person: "Yeah whatever, do you want to be on my blockchain or not? I got a lot of funding for this"
Rohingya refugee: "Sure okay"
Rohingya refugee Myanmar government: "Hey I'm a real person. I'm on this fella's blockchain. That proves it."
Myanmar govenrment: "We don't care."