The problem isn't technical but relates to the tendency and reflex of essentially every big company to not want to work with their competitors. Federated identity protocols have existed for quite long and as long as they've existed, companies have declined using them properly. I remember playing with OpenID as early as 2007.
It's successor, OpenID Connect is actually widely used. But with one important caveat:
None of the big identity providers actually accept each other's identities. Like literally none at all. You can't log in with your Google account to a Microsoft service and vice versa. Or Apple. Or Meta. Or X. Or whomever. That's because they all want to "own" your account and control where you are going. Which is why you need many accounts instead of just one.
If you had just one account, you could do sane things like add multiple layers of security and some sane fall backs. Including maybe some delegating to some legal representative if you are ill or incapacitated. Ideally, you should be able to use your government issued passport to prove who you are and recover your identity. A passport is a government issued paper assertion that you are who you claim you are. Anything important in life, you kind of need such a strong assertion for e.g. getting bank accounts, international travel, buying real estate, etc. And while they can be forged, it's getting pretty hard these days. That's a lot harder than getting your hands on some passwords.
Why do we settle for less protecting our online accounts?
The weird thing is that where I live, someone knowing your social security number can buy your medications in the pharmacy. My parents do this for me and all they need is the number, not even the card, the number is enough. I never had to provide any form consent either. It is scary. What do I do if I do not want them (or anyone else) to be able to do this?! I have no idea where to begin. Call up all the pharmacies in a radius? That is not going to work. Cops? Doubtful, or too late.
In the US you can pick up meds by giving someone's name and birthday. I'm shocked there doesn't seem to be abuse of it since it's so flimsy of a system
It's fail-safe instead of fail-secure. While I'm _surprised_ that the system works the way that it does (we're typically pretty willing to let people drop dead), if someone on a life-critical medication isn't capable of going to pick up their own rx, they can send just about anyone in their stead.
Yes, my parents pick up my medications because I have mobility issues.
But on the other hand, my grandma MUST talk on the phone (even if my mother is there) if we want to talk to the ISP's customer service. Then my grandma has to tell customer service that she is giving permission to my mother. Sure. What if something happens to my grandma? Pharmacies are too lax, ISPs are too strict. Certainly there should be a middle path, similarly to how post offices do it.
Pharmacies are less susceptible because you have to perform the "attack" physically present, under video surveillance. And you get very limited tries at one physical location until they start recognizing you.
That all makes sense given industry history. ISPs are accustomed to their threat model being more about fraud than patient death. And pharmacies have been around a lot longer. Not disagreeing with your conclusion that both could improve—just that the paths to arrive at the current local maxima are rational.
Of course, but that is assuming that many people did not "steal" other people's medications which in turn worsened their symptoms or they ended up dead because of lack of medications.
I think it is safe to assume (I would hope) that this did not happen, otherwise surely they would have made it more strict.
It's nice when a technical solution exists for a people problem, but as much respect as I have for both Sir Berners-Lee and Schneier, I don't think this is one of those instances.
The rights of individuals come into conflict with the interests powerful organizations precisely at the points in which the great documents deem it necessary to enumerate them as rights: this is by construction.
Whether you are reading the Bill of Rights or the Universal Declaration of Human Rights (or in a sense, the Magna Carts) the themes are around personal sovereignty, presumption of innocence, ownership and disposal of property, freedom from surveillance and coercion and other abuses of power. This is because absent such norms and their enforcement by principled leaders, the powerful in general find it in their interests to infringe the rights of the less powerful.
We are at such a moment today: the consolidation of power in the hands of unaccountable organizations and the capture of institutions by the unprincipled has met an explosion of activity and possibility in the digital realm, but it is not unique to it.
This is usually solved by violence, sometimes blessedly by negotiation, but it is always solved: once the wishes of ever smaller in number choke out the hope and dignity of the ever larger in number to sufficient degree: change happens as surely as winter turns to spring.
This really captures something important about how power operates across different eras you're drawing from some heavy hitting historical precedents.
I'm curious about the full sweep of political philosophy (Magna Carta through UDHR), it feels like it has something to inform us about people problems vs. technical problems.
That final image about seasons changing is quite evocative, really drives home the cyclical nature of these power struggles. A technical standard cannot prevent blood shorn for man's freedom.
> This is usually solved by violence, sometimes blessedly by negotiation, but it is always solved: once the wishes of ever smaller in number choke out the hope and dignity of the ever larger in number to sufficient degree: change happens as surely as winter turns to spring.
A friend of mine urged me to read 'War and Peace and War', Peter Turchin, last year. It's essentially a book-length confirmation, with examples, of your final point.
My reading of their comment: A piece of paper (or bit in a computer) means nothing if the person who wants to take your property puts a gun in your face.
I think this is a problem with most blockchain solutions. They purport to replace existing societal controls, but depend on them to actual enforce anything. So you are left in the situation where either traditional solutions work so why bother with a blockchain, or traditional solutions aren't working, in which case the blockchain isn't worth the imaginary paper its written on. Either way, the blockchain solution is worthless.
Edit: i commented before i rtfa. Shameful i know. Appearently this is not a blockchain thing. I still think most of my comment applies.
Couldn't that argument be applied to just about anything?
Policies that the powerful don't like can and do stay in place typically because of fait accompli - they waited too long to do anything about it and now it's too entrenched and changing it would be too difficult.
I notice you just blew right past my preferred outcome of negotiation: is it so unlikely that the current elite might negotiate to keep their position rather than lose it in bloodshed?
How does solid solve the social problem of what happens to copied data once it leaves the user's control?
>Users can specify who has access to what data with granular precision, using simple statements like “Alice can read this document” or “Bob can write to this folder.”
After this Alice and Bob have a copy of the data, and you end up still having to solve the social problem of preventing Alice and Bob from abusing their copy of the data by selling it to data brokers.
Solid would only work to centralize the attack surface. You now have one centralized data store with all the information about a person, and all tech giants would employ every dark pattern to extract this data. This is not an improvement, considering that every digital citizen has undergone years of conditioning to ignore permission requests.
In the article, it is mentioned that « we can grant temporary access to cardiac-related data » (paraphrased). This is where it gets difficult: how am I to know that some data is cardiac-related or not? Is it important to share my thyroid levels or not? This is a very difficult problem. I wouldn’t know what to share for medical history.
We have laws regulating what personal information you are allowed to ask for, and what you're allowed to do with it. These laws have teeth too, at least in the EU.
Passively snooping on health info you have no business looking on gets health personnel sanctioned regularly in the present system. It would be even more risky if they actively had to ask for the information they didn't need.
Of course, for medical information there often has to be emergency overrides because you might need immediate help and you (or your designated trusted person) might not be accessible and capable of giving active consent.
But doesn't this obviate the use of a specific protocol? The protocol itself does very little to help with this problem – only laws with teeth do that.
Meh, there's workarounds to the GDPR framework if you're a company outside the EU. I'd say if you had a big company outside the EU, like the US, you'd have even less regulation than EU companies have to adhere to.
I’ve been thinking about confidential data sharing in the food supply chain. Imagine using Solid pods as user-owned vaults for provenance docs and contracts under WAC, paired with Matrix’s federated E2EE messaging (via Solid WebID-OIDC SSO) and archiving chats/attachments back into your pod—yielding a fully decentralized, data-sovereign collaboration.
I see this Schneier's post as serving partly as business promotion of Inrupt, which feels different from the more neutral tone of his earlier essays. From readers like me, who have followed his public commentary extensively, the post creates a kind of dissonance. I expected a more open exploration of this vision.
From what I have seen about this it's all tied up with academic research projects, and if there is one group of people with absolutely no sense for engineering, it's modern academics. They seem to not get that software that can be used for some commercial application (i.e. something that serves some actual user) is much more important than software that can pad your resume.
the challenge with getting institutions to sign health information or other data and attributes is users will fight and haggle to get their medical information signed the way they fight to get insurance payments today.
you're an institution, someone gives you some data to sign for the integrity of, what else do you want from them to hold that risk? everything basically. these protocols push coordination problems to the edge, which sounds great, except they treat all the complexity as an externality. If you're a user and you want a flexible secure wallet to hold these data attributes you can put anywhere you want, I've got an unbreakable bitcoin wallet app to sell you and it comes with a bridge in new york.
As described, the SOlid protocol appears predicated on these two counterfactuals.
the purpose of cryptogrphic data integrity for digital identity is to absolve any person or institution of accountability for their decision to use it.
@"nutrition data" Could be done with grocery purchases specific receipt, might need to co-ordinate with visa or another point of purchase service (and the store's grocery list data which may vary) to do so. etc
Let's take this as a specific example of the general complaint lodged:
> Let’s take healthcare as an example. The current system forces patients to spread pieces of their medical history across countless proprietary databases controlled by insurance companies, hospital networks, and electronic health record vendors.
If by "system", you mean the available technical standards, they in no way force that. If by "system" you mean capitalism … then perhaps, but an additional technical standard is not going to fix that. People build systems the way they build them because of barriers such as the unwillingness of other players to share data, the lack of technical knowledge of those implementing the systems, and the technical but-non-standards-related barriers of having disparate entities sharing infrastructure (e.g., what if someone sends too much load, if the system housing the data is down, etc.).
> Patients frustratingly become a patchwork rather than a person, because they often can’t access their own complete medical history, let alone correct mistakes.
(IANAL.) This is one of those problems already solved de jure, but not de facto. By law, you have the right to access your own medical history, and with minor caveats, the right to correct mistakes in your data; not being able either of those is a violation of HIPAA.
Enforce the regulation, is what I'd say would be needed in that specific case, but good luck with that, of course. But that's the problem: even if Solid were amazing, did everything you ever wanted, what would cause industry to ever adopt it?
There's also HITECH, but it's vaguer, AIUI.
(HIPAA is about the only federal privacy law we've got; outside of that, I agree more firmly. Esp. the right to correct mistakes in other industries is practically non-existent. The end result of the argument above is still the same, though.)
I agree w/ Schneier, people need better control over their data. But I think that's a regulatory/legal problem, not a technical one. And that is the problem: the Dems are, at best, weak on privacy law and consumer protections, and the GOP is outright against it; worse, rulings like the striking of Chevron Deference are going to make enforcing existing laws hard enough.
I really don't get why I would want this. I like that the data that brokers have is fragmented, inconsistent, and out of date. That is the only thing preserving even a tiny bit of privacy.
A system like solid would absolutely be abused by police. It would be a windfall for data brokers and social scoring systems.
I don’t know the details about Solid, but I think one interpretation is:
One of your personal devices is a server. The (only meaningful) difference of the server node is that it is always online, and it’s reachable. This unlocks a lot of use cases - one of them is to be able to receive messages from other people when you’re offline. Another one is to run sync infra for your own apps. Think eg note taking- and calendar apps which you want to have sync with your laptop & phone. This currently requires the vendor to distribute their apps as services, even if it’s only your own data. If you control the server, these things can happen without relying on vendor services (you only need their software).
In this context, your criticism is similar to that of hardware vendors like Apple. Can they snoop on your phone? Privacy is not binary: you could run a Solid instance on a device you control (your own hardware), or self hosted on eg Hetzner, or (for the majority), by a managed hosting company. The latter is how consumer products like Google Photos or iCloud already works – except now you separate the vendor from the operator to change the incentive structure.
Well, as I remember, the thing about solid is it’s a protocol. So, if you don’t trust one vendor, you can trust another vendor or implementation without losing interoperability. So it goes the opposite direction of consolidation because it allows arbitrary storage services to be used transparently by arbitrary services in a secure fashion.
Maybe you're thinking like Facebook, but AIUI, login with Facebook is proprietary. The problem there isn't the protocol, it's that companies are massive. If anything OIDC lowers the barrier to entry, assuming RPs properly support it (which is a huge if, but if these were 3 proprietary protocols instead of 1 standard one, there would have never been a chance…)
The problem isn't technical but relates to the tendency and reflex of essentially every big company to not want to work with their competitors. Federated identity protocols have existed for quite long and as long as they've existed, companies have declined using them properly. I remember playing with OpenID as early as 2007.
It's successor, OpenID Connect is actually widely used. But with one important caveat:
None of the big identity providers actually accept each other's identities. Like literally none at all. You can't log in with your Google account to a Microsoft service and vice versa. Or Apple. Or Meta. Or X. Or whomever. That's because they all want to "own" your account and control where you are going. Which is why you need many accounts instead of just one.
If you had just one account, you could do sane things like add multiple layers of security and some sane fall backs. Including maybe some delegating to some legal representative if you are ill or incapacitated. Ideally, you should be able to use your government issued passport to prove who you are and recover your identity. A passport is a government issued paper assertion that you are who you claim you are. Anything important in life, you kind of need such a strong assertion for e.g. getting bank accounts, international travel, buying real estate, etc. And while they can be forged, it's getting pretty hard these days. That's a lot harder than getting your hands on some passwords.
Why do we settle for less protecting our online accounts?
Sometimes not even my government will accept my government-issued photo id.
The weird thing is that where I live, someone knowing your social security number can buy your medications in the pharmacy. My parents do this for me and all they need is the number, not even the card, the number is enough. I never had to provide any form consent either. It is scary. What do I do if I do not want them (or anyone else) to be able to do this?! I have no idea where to begin. Call up all the pharmacies in a radius? That is not going to work. Cops? Doubtful, or too late.
In the US you can pick up meds by giving someone's name and birthday. I'm shocked there doesn't seem to be abuse of it since it's so flimsy of a system
Damn... that is even worse. I thought they were more careful in the US. Apparently not.
It's fail-safe instead of fail-secure. While I'm _surprised_ that the system works the way that it does (we're typically pretty willing to let people drop dead), if someone on a life-critical medication isn't capable of going to pick up their own rx, they can send just about anyone in their stead.
Yes, my parents pick up my medications because I have mobility issues.
But on the other hand, my grandma MUST talk on the phone (even if my mother is there) if we want to talk to the ISP's customer service. Then my grandma has to tell customer service that she is giving permission to my mother. Sure. What if something happens to my grandma? Pharmacies are too lax, ISPs are too strict. Certainly there should be a middle path, similarly to how post offices do it.
Pharmacies are less susceptible because you have to perform the "attack" physically present, under video surveillance. And you get very limited tries at one physical location until they start recognizing you.
ISP contacts are remote and go to call centers.
That all makes sense given industry history. ISPs are accustomed to their threat model being more about fraud than patient death. And pharmacies have been around a lot longer. Not disagreeing with your conclusion that both could improve—just that the paths to arrive at the current local maxima are rational.
Of course, but that is assuming that many people did not "steal" other people's medications which in turn worsened their symptoms or they ended up dead because of lack of medications.
I think it is safe to assume (I would hope) that this did not happen, otherwise surely they would have made it more strict.
It's nice when a technical solution exists for a people problem, but as much respect as I have for both Sir Berners-Lee and Schneier, I don't think this is one of those instances.
The rights of individuals come into conflict with the interests powerful organizations precisely at the points in which the great documents deem it necessary to enumerate them as rights: this is by construction.
Whether you are reading the Bill of Rights or the Universal Declaration of Human Rights (or in a sense, the Magna Carts) the themes are around personal sovereignty, presumption of innocence, ownership and disposal of property, freedom from surveillance and coercion and other abuses of power. This is because absent such norms and their enforcement by principled leaders, the powerful in general find it in their interests to infringe the rights of the less powerful.
We are at such a moment today: the consolidation of power in the hands of unaccountable organizations and the capture of institutions by the unprincipled has met an explosion of activity and possibility in the digital realm, but it is not unique to it.
This is usually solved by violence, sometimes blessedly by negotiation, but it is always solved: once the wishes of ever smaller in number choke out the hope and dignity of the ever larger in number to sufficient degree: change happens as surely as winter turns to spring.
This really captures something important about how power operates across different eras you're drawing from some heavy hitting historical precedents.
I'm curious about the full sweep of political philosophy (Magna Carta through UDHR), it feels like it has something to inform us about people problems vs. technical problems.
That final image about seasons changing is quite evocative, really drives home the cyclical nature of these power struggles. A technical standard cannot prevent blood shorn for man's freedom.
Very kind of you to say, though I can't take credit for any of the ideas: they're all a lot older than I am.
Important to keep them in circulation in my view.
Sincerely, I do not think blood is ever shorn?
Lol yeah you're right I shouldn't have leaned into how epic I felt without at least checking XD
> This is usually solved by violence, sometimes blessedly by negotiation, but it is always solved: once the wishes of ever smaller in number choke out the hope and dignity of the ever larger in number to sufficient degree: change happens as surely as winter turns to spring.
A friend of mine urged me to read 'War and Peace and War', Peter Turchin, last year. It's essentially a book-length confirmation, with examples, of your final point.
So your response is....
Schneier's solution is bad and violent revolution is most likely the answer?
It's difficult to really parse your reply.
My reading of their comment: A piece of paper (or bit in a computer) means nothing if the person who wants to take your property puts a gun in your face.
I think this is a problem with most blockchain solutions. They purport to replace existing societal controls, but depend on them to actual enforce anything. So you are left in the situation where either traditional solutions work so why bother with a blockchain, or traditional solutions aren't working, in which case the blockchain isn't worth the imaginary paper its written on. Either way, the blockchain solution is worthless.
Edit: i commented before i rtfa. Shameful i know. Appearently this is not a blockchain thing. I still think most of my comment applies.
Couldn't that argument be applied to just about anything?
Policies that the powerful don't like can and do stay in place typically because of fait accompli - they waited too long to do anything about it and now it's too entrenched and changing it would be too difficult.
The idea using technology to solve a political issue has never gone well in the long run. Look at the nuclear proliferation issues.
It doesnt have to be violent, can also just be civil disobedience Gandi style and/or create parallel system as the parent article is recommending.
I notice you just blew right past my preferred outcome of negotiation: is it so unlikely that the current elite might negotiate to keep their position rather than lose it in bloodshed?
Why would you have respect for Berners-Lee? He sold out his own creation to corporate interests by supporting DRM.
How does solid solve the social problem of what happens to copied data once it leaves the user's control?
>Users can specify who has access to what data with granular precision, using simple statements like “Alice can read this document” or “Bob can write to this folder.”
After this Alice and Bob have a copy of the data, and you end up still having to solve the social problem of preventing Alice and Bob from abusing their copy of the data by selling it to data brokers.
Solid would only work to centralize the attack surface. You now have one centralized data store with all the information about a person, and all tech giants would employ every dark pattern to extract this data. This is not an improvement, considering that every digital citizen has undergone years of conditioning to ignore permission requests.
Solid doesn't do that. It can be part of a solution, but the other part is/would be regulation.
Then Solid doesn't restore digital agency.
Not by itself, no.
In the article, it is mentioned that « we can grant temporary access to cardiac-related data » (paraphrased). This is where it gets difficult: how am I to know that some data is cardiac-related or not? Is it important to share my thyroid levels or not? This is a very difficult problem. I wouldn’t know what to share for medical history.
Our[1] solution to that is to use a hierarchical semantic systems approach such that you can give access to a subsystem or entire biological systems.
[1] https://graphmetrix.com/trinpod-server
The requester would know what to request.
And he would request all you have... like many apps do today ( in case of permissions)... and refuse to provide service if not given all.
We have laws regulating what personal information you are allowed to ask for, and what you're allowed to do with it. These laws have teeth too, at least in the EU.
Passively snooping on health info you have no business looking on gets health personnel sanctioned regularly in the present system. It would be even more risky if they actively had to ask for the information they didn't need.
Of course, for medical information there often has to be emergency overrides because you might need immediate help and you (or your designated trusted person) might not be accessible and capable of giving active consent.
But doesn't this obviate the use of a specific protocol? The protocol itself does very little to help with this problem – only laws with teeth do that.
Meh, there's workarounds to the GDPR framework if you're a company outside the EU. I'd say if you had a big company outside the EU, like the US, you'd have even less regulation than EU companies have to adhere to.
Palantir solved this. They created "data wallets" for everyone on the planet. The only caveat is they keep them all to themselves.
I’ve been thinking about confidential data sharing in the food supply chain. Imagine using Solid pods as user-owned vaults for provenance docs and contracts under WAC, paired with Matrix’s federated E2EE messaging (via Solid WebID-OIDC SSO) and archiving chats/attachments back into your pod—yielding a fully decentralized, data-sovereign collaboration.
I wonder if this would work
I see this Schneier's post as serving partly as business promotion of Inrupt, which feels different from the more neutral tone of his earlier essays. From readers like me, who have followed his public commentary extensively, the post creates a kind of dissonance. I expected a more open exploration of this vision.
From what I have seen about this it's all tied up with academic research projects, and if there is one group of people with absolutely no sense for engineering, it's modern academics. They seem to not get that software that can be used for some commercial application (i.e. something that serves some actual user) is much more important than software that can pad your resume.
Actually, here is an example enterprise internet scale solid solid server: https://graphmetrix.com/trinpod-server
the challenge with getting institutions to sign health information or other data and attributes is users will fight and haggle to get their medical information signed the way they fight to get insurance payments today.
you're an institution, someone gives you some data to sign for the integrity of, what else do you want from them to hold that risk? everything basically. these protocols push coordination problems to the edge, which sounds great, except they treat all the complexity as an externality. If you're a user and you want a flexible secure wallet to hold these data attributes you can put anywhere you want, I've got an unbreakable bitcoin wallet app to sell you and it comes with a bridge in new york.
As described, the SOlid protocol appears predicated on these two counterfactuals.
the purpose of cryptogrphic data integrity for digital identity is to absolve any person or institution of accountability for their decision to use it.
@"nutrition data" Could be done with grocery purchases specific receipt, might need to co-ordinate with visa or another point of purchase service (and the store's grocery list data which may vary) to do so. etc
Let's take this as a specific example of the general complaint lodged:
> Let’s take healthcare as an example. The current system forces patients to spread pieces of their medical history across countless proprietary databases controlled by insurance companies, hospital networks, and electronic health record vendors.
If by "system", you mean the available technical standards, they in no way force that. If by "system" you mean capitalism … then perhaps, but an additional technical standard is not going to fix that. People build systems the way they build them because of barriers such as the unwillingness of other players to share data, the lack of technical knowledge of those implementing the systems, and the technical but-non-standards-related barriers of having disparate entities sharing infrastructure (e.g., what if someone sends too much load, if the system housing the data is down, etc.).
> Patients frustratingly become a patchwork rather than a person, because they often can’t access their own complete medical history, let alone correct mistakes.
(IANAL.) This is one of those problems already solved de jure, but not de facto. By law, you have the right to access your own medical history, and with minor caveats, the right to correct mistakes in your data; not being able either of those is a violation of HIPAA.
Enforce the regulation, is what I'd say would be needed in that specific case, but good luck with that, of course. But that's the problem: even if Solid were amazing, did everything you ever wanted, what would cause industry to ever adopt it?
There's also HITECH, but it's vaguer, AIUI.
(HIPAA is about the only federal privacy law we've got; outside of that, I agree more firmly. Esp. the right to correct mistakes in other industries is practically non-existent. The end result of the argument above is still the same, though.)
I agree w/ Schneier, people need better control over their data. But I think that's a regulatory/legal problem, not a technical one. And that is the problem: the Dems are, at best, weak on privacy law and consumer protections, and the GOP is outright against it; worse, rulings like the striking of Chevron Deference are going to make enforcing existing laws hard enough.
FWIW, Solid is mostly seeing interest in the EU.
I really don't get why I would want this. I like that the data that brokers have is fragmented, inconsistent, and out of date. That is the only thing preserving even a tiny bit of privacy.
A system like solid would absolutely be abused by police. It would be a windfall for data brokers and social scoring systems.
No thank you.
I don’t know the details about Solid, but I think one interpretation is:
One of your personal devices is a server. The (only meaningful) difference of the server node is that it is always online, and it’s reachable. This unlocks a lot of use cases - one of them is to be able to receive messages from other people when you’re offline. Another one is to run sync infra for your own apps. Think eg note taking- and calendar apps which you want to have sync with your laptop & phone. This currently requires the vendor to distribute their apps as services, even if it’s only your own data. If you control the server, these things can happen without relying on vendor services (you only need their software).
In this context, your criticism is similar to that of hardware vendors like Apple. Can they snoop on your phone? Privacy is not binary: you could run a Solid instance on a device you control (your own hardware), or self hosted on eg Hetzner, or (for the majority), by a managed hosting company. The latter is how consumer products like Google Photos or iCloud already works – except now you separate the vendor from the operator to change the incentive structure.
Well, as I remember, the thing about solid is it’s a protocol. So, if you don’t trust one vendor, you can trust another vendor or implementation without losing interoperability. So it goes the opposite direction of consolidation because it allows arbitrary storage services to be used transparently by arbitrary services in a secure fashion.
They said that about OpenID and now you have the choice of ~three bigtech ID providers.
…Google, …and? Who are the other two?
Maybe you're thinking like Facebook, but AIUI, login with Facebook is proprietary. The problem there isn't the protocol, it's that companies are massive. If anything OIDC lowers the barrier to entry, assuming RPs properly support it (which is a huge if, but if these were 3 proprietary protocols instead of 1 standard one, there would have never been a chance…)