Could tie it to something like a biometric. That and storing it on a write-only device would keep it from being shared too wide. The trickiss to tie it to a true multi-factor and not just something you have (if unencrypted) or something you know (if ASCII armored).

I’ll address the second objection first regarding the phone or browser. You’re always going to rely on some technology for the solutions that use cryptography, you just can’t do those calculations long-hand realistically. That said, look up frameworks like CTAP that allow a potentially untrusted user terminal, like a browser, to interact with a trusted hardware token. Those hardware tokens can be made fairly tamper-proof, see FIPS authorized Yubikeys, such that the phone is pretty much removed from the attestation process. Yes these can still be stolen, but they make hardware keys that are fingerprint authenticated and the biometric stays on the device. Doesn’t get much more self-sovereign than that.

The existence of a trusted credential provider is a challenge. Fully self-sovereign credentials need to either be trust on first use or validated against a larger system everyone participates in. Even if we had some system of birth certificates tied to a distributed ledger, we would have to trust the third party recording that certificate in the first place, be it a hospital, doctor, or state entity. These trust and proof systems don’t create the trust, they just allow us to extend that trust from one claimant to a verifier. Whether you place that trust in the state, an individual, or an independent third party is up to you.

There already was a company called Brandless that tried to do the same thing with basic groceries like ketchup and paper towels. Looks like they’re in the process of getting back to market, but seems like they had the same mindset.

Would be really nice to have something similar for clothes.

This is a fundamental misunderstanding of how the FIDO2 standard works. It is not designed to be vendor specific and as other people in this thread point out, plenty of open-source secrets managers and hardware implement passkeys.

What we’ve seen is the typical Silicon Valley model of “embrace, extend, extinguish” so you’re right to be wary of any implementation by Google or Microsoft.

Same goes for biometrics - how you unlock the passkey isn’t specified in the standard. It is left up to the implementation. If you don’t want to use biometrics, you don’t have to.

Alright, devil’s advocate here - maybe this setup can prevent it. You plug something permanent, like a mouse & keyboard, into the leftmost port and leave the right two open. Then when you try the first one and it’s misaligned, move to the other port and it’s correct. No flipping of the USB connector required.

I don’t think that’s why they did it but hey…

For anyone unaware, there is a community effort to map these cameras. https://deflock.me/

I think you are overestimating the amount people will pay for convenience or cling to their old ways.

Did e-readers kill the bookstore? Some people will always prefer to cook out of a book or dive into docs to write code.

Or look at the modern streaming landscape. In the beginning there was basically Netflix and everyone was fine paying that monthly fee for the convenience of streaming basically everything. Now we have 20+ vendors all charging for some subset of content. And we have seen a corresponding loss in subscribers as people hit the limit of what they are willing to pay for convenience.

I’ll play devil’s advocate here: agreed that the rest of the (US) economy seems to be slowing or shrinking but remains buoyed by AI / Mag 7 stocks. That said, a lot of the investment reflected above is in data centers and hardware (Nvidia, Coreweave, Oracle, Microsoft).

The bubble pop will hinge on whether there is value in this data center buildup beyond AI. Unless everyone starts paying fistfulls of cash for AI chat, these companies may be able to find another use for all that compute and avoid a total crash. That could be a target for all that investment you mention.