Whenever I see an online system with a single global namespace, I can't help but feel sorry for the next generation.
Gmail? Sorry, every variant of your name is taken. Twitter? Every witticism, every pop culture reference, every real name, all taken. Just add another number to the end, I guess. It must get you down when you feel like you're always part of the 3rd/4th/5th wave of everything.
How many people here have tried to get a Twitter account for their new company, only to find an existing account that tweeted some spam once eight years ago and has been dead ever since? For services that have global reach, the problem gets bad real quick.
We really should think hard about whether we can namespace the population in some way.
Contrary to the thrust of this article from Jon, I'd also like to see more aggressive cleanup for some services. If you have an S3 bucket and it has no activity for 15 years, you're just squatting and I think you should arguably be warned, and then finally have the name recycled. Same goes for Twitter accounts that have never posted, retweeted, liked a tweet, etc and not been logged into for over 10 years.
Discord and Blizzard games (maybe others?) let you choose your own username, but then assign a four digit disambiguation code to everyone, which seems like a decent compromise.
Also Xbox Live now, older accounts got just the nickname, the new ones get the four digit code. Seems like the gaming world is the one really pushing for solving this problem.
That's exactly why we should use domain names instead: having to pay prevents a whole class of people just registering for fun, and having them expire reduces the risk of squatting.
This is both sad and dangerous. A person I know has recently found out that their Coinbase wallet is empty. She has not used it in about four years or so and is disheartened. So disheartened that I am encouraging her by taking a few actions to recover her assets.
"One of the most obvious flaws in using blockchains for anything involving regular human beings is one I've not seen much discussion of:
Regular human beings cannot protect their passwords, credentials or private keys.
They just can't."
I guess I'm not a regular human or I wouldn't have an AWS dev account, but I still hardly feel secure w/respect to the continuity of my various digital assets.
Just being aware of the risks and counters helps a lot.
Most people don't understand the risks beyond "I can get hacked" and because they don't understand the how or basic counters they treat it like a freak weather event that can't be forecast.
The ability to remember a password or write down backup phrases really goes up when it’s not the access to facebook that can be lost but people’s own money.
At least when I was working in the area 10 years ago, most passwords were leaked via brute-force, phishing, or key logging trojans. The latter was far more common than you'd ever think, and also often harvested SSH private keys.
Probably because most people don't care if they get hacked. They've never had major consequences from it. They think that someone will always be there to hold there hand. I am confident in my security. My biggest concern is making sure I have a solid dead man's switch in place before I die or get dementia.
I use LastPass’s Emergency Access feature for this.
You can designate people who can access your Vault, after a certain waiting period. If they request access prematurely, I can revoke it during the waiting period.
There are written instructions for my next of kin on what to look for in the Vault.
The main difficulty is if my next of kin forget their LastPass master password.
I’ve been thinking of distributing a key via a set of USB stick using Shamir’s secret sharing, with written instructions to use them to recover a backup of the Vault kept offline… but have not gotten around to this.
It occurs with information transfer as well as storage. I've seen this with people at client organisations with password protected files in email. They understand the need for the security and how to apply it but fail to connect those thoughts to the next hurdle and send the password in another email to the same address. This is like keeping the password in a file in the same directory, or taping the key to the underside of a lockbox.
It can happen less obviously too: I've seen it internally where two channels merge: someone sends an encrypted file as an attachment and the password view Skype-for-business, but the Skype conversation is then archived and accessible in the same outlook account (at least not in the same folder, but someone who gets access to the account and scans for credentials will find it and know where to look for the payload).
I wish the user of PKI had become easy enough to take off generally, though that only really solves the transmission problem: you still have potential issues with people managing passphrases/passwords for their private keys.
Most things in life require regular maintenance or checking on. When my dad went to the garage and saw that some of the boxes of comics he'd left there for years had gotten damp, he was pretty sad, but ultimately accepted that that kind of thing is part of life.
If this person wasn't using their "wallet" for four years it sounds like it wasn't a huge part of their life.
what do you mean? it was an asset, a long-term investment. it's just supposed to be able to sit there growing in value. why is it gone, that's not supposed to be possible unless credentials were gotten and funds stolen
Anybody who thinks cryptocurrency is in the class of assets which are "supposed to be able to sit there growing in value" really hasn't been paying attention.
I mean, what's the point of long term held assets then? That's one of the points of investment. Most people don't do anything with index funds either and expect growth year over year.
Crypto isn't quite the same as an index fund, but many people use crypto as an investment with expected growth and they've been right so far.
> I mean, what's the point of long term held assets then?
Mainly as a hobby project, as far as I can tell. The overwhelming majority of categories of "long term investment" are either completely mathematically impossible to deliver on the promises (this is where most of the crypto investors are), or have already proven themselves to be complete crapshoots where you either win big or lose big (this is where the people "investing" in things like beanie babies and trading cards are).
There's no investment that can gain value indefinitely. There's some that will probably gain reasonably steady value for the length of your or my lifespan, but they're few and far between, and usually rely on active management, government backing, or both.
> Most people don't do anything with index funds either
It's rather the point of an index fund that those are actively managed. You don't just type "i want to invest" into your Compaq Presario, turn the computer off, and come back twenty years later expecting to have double the money.
Clearly, and if you had read a line or two down you’d have seen where I say they aren’t quite the same, and you entirely missed my point which is that people see them similarly as just another part of their portfolio.
And actually with most index funds I don’t even have to type, I just click a few buttons. They’re not managed by the end user.
It’s generally recommended to review your finances at least once a year, even if they are long-term investments in index funds. That helps people maintain the access and records they will need to benefit from their wealth someday.
If crypto on a hard drive is a significant part of your finances, an annual check on it for access or corruption seems reasonable to expect.
what happens when you lose your password, or move house so your address is no longer valid, or get a new cell phone number, or got married and changed your name, and you haven't updated your account in years?
You can always call up a financial institution and verify your identity via SSN and other documents. This should apply to Coinbase as well at least since exchanges were regulated so it's not a big difference anymore.
If you don't do that and leave the account dormant for too long then most institutions will attempt to contact you via any method they can until they get a current address. If they can't reach you after another period of time then they will/can liquidate your assets and send them your last known residence state's commerce department. The state will keep your money in your name until you or an inheritor claim it.
Exactly. My grandmother's best friend bought me a single share of American Express stock for my 1st birthday in 1985. I never knew about it, of course (I was 1), but years later, in my 30s, I started to get contacted by the transfer agent to claim my dividends, as described here: https://ir.americanexpress.com/resources/shareholder-service...
I was able to gain access to my stock, which had split into multiple shares several times in the intervening decades, and had also turned into two symbols, via a spin-out of Ameriprise. To my great surprise, this single share had turned into holdings worth thousands of dollars of value in modern times.
Because it was bought for me originally in the 80s as a physical stock certificate (and I had no clue where that certificate physically was, or whether it had been lost/destroyed), unfortunately some of that value would be eaten by fees if I wanted to liquidate the stock: a 2-step process involving a lost certificate printing/mailing fee, and then sending the certificate back in to sell it. My understanding is that Wall Street wanted to discourage the management of paper certificates over the last few years to make the backoffice much more efficient, and introducing fees for printing lost certificates is unfortunately one of the ways Wall Street accomplished that, among other incentives for digitization.
So, I just let the registered stock sit there in its digital form, rather than take the fee hit -- I figured there might be some chance AXP/AMP might be taken private, in which case I'd receive a check in the mail, now that my address was updated with the transfer agent.
Then, a couple of years ago, I was going through some of my Mom's old photos of me and I came across the original 1985 stock certificate in her records. A big elaborate document with a fancy seal on it, I am now wondering whether it might be worth more as a long-term collectible -- a memory of a prior era of "long term value", for collectors of economic history. Regardless of whether it is or isn't, at least my 1-year-old self didn't have to worry about its "AXP Wallet", or any other such absurdity 1-year-olds couldn't possibly manage for themselves.
---
Curious update: after I wrote this comment, I did some research on American Express's corporate history 1985 to present. That led me to this detailed LATimes writeup of their 1994 spin-off of... Lehman Brothers (!!!). No kidding. I love this line, and the unironic hubris it suggests: "The spinoff will give Lehman executives what they have dreamed of for years: freedom from American Express. [...] Long an independent pillar of Wall Street, the august Lehman Bros. was acquired by American Express in 1984 and merged with Shearson. But the Lehman culture never fit with Shearson or American Express, and the firms never developed the synergies
envisioned." https://www.latimes.com/archives/la-xpm-1994-01-25-fi-15121-... ... Of course, 14 years later, Lehman would collapse and enter the history books as the failed investment banking firm emblematic of speculative risk-taking during the 2008 financial crisis. I was working in my first post-college job in an office across the street from Lehman's building, and I still vividly remember the long line of suddenly-laid-off workers streaming out of the entrance, distraught, in September, 2008. Meanwhile, American Express keeps chugging along, a 171-year-old American corporation. Maybe corporate culture does matter, after all.
I’d do the same thing that I did to access 401k accounts before they were ever accessible on the internet. Write a letter. Call a person. Visit the office.
It’s a 401k, not a Google+ account. They legally owe me the money.
This post makes me wonder about your age. And not in a negative towards you, but in raising my awareness that a younger generation now accustomed to poor customer treatment by Google and other online providers might not realize that this money is still theirs and is extremely recoverable.
So many online companies have taken an approach of "virtual property is no longer yours if you can't remember a password, or change phone numbers" - but it's shocking to me to see someone assume that applies to physical property as well.
I am regularly surprised by old Gmail addresses I set up. Usually it's because I get a mail saying someone tried to log into it, so then I guess it must be mine. In the end there is/was a reason for them but life has moved on. Still accessable though even after many years.
Laser printed paper that is thermally laminated should last an entire human lifespan.
There are also little metal punch tools that let you record a BIP32 seed phrase onto a fireproof metal card, which should last at least a couple centuries.
Its not able losing them its about someone else stealing them.
If they are written down they can be taken.
Imagine if your birth certificate was transferable if someone just used the code on the paper they would now own your identification. You would probably burn it
Gmail? Sorry, every variant of your name is taken. Twitter? Every witticism, every pop culture reference, every real name, all taken. Just add another number to the end, I guess. It must get you down when you feel like you're always part of the 3rd/4th/5th wave of everything.
How many people here have tried to get a Twitter account for their new company, only to find an existing account that tweeted some spam once eight years ago and has been dead ever since? For services that have global reach, the problem gets bad real quick.
We really should think hard about whether we can namespace the population in some way.
Contrary to the thrust of this article from Jon, I'd also like to see more aggressive cleanup for some services. If you have an S3 bucket and it has no activity for 15 years, you're just squatting and I think you should arguably be warned, and then finally have the name recycled. Same goes for Twitter accounts that have never posted, retweeted, liked a tweet, etc and not been logged into for over 10 years.