(Disclosure: I’m the CTO of Vidos, a company building such an identity layer.)

I believe in a version of the trust triangle. Where issuer, holder, and verifier remain clearly separated. Meaning no single entity, has full control over your data.

E.g. a government issues an ID credential to your wallet app, and you can use it to prove your age without any intermediary getting any extra data. The site gets a cryptographic proof “user is 18+” and nothing more. I'm pleased when I read standards like ISO 18013-5 for mobile IDs that support selective disclosure by design. You share just a yes/no or an attribute, not your whole ID document.

Crucially, this addresses the “Google as a single point of failure” fear. You just need credentials from issuers you trust (your government, your bank, university, etc.) stored in a wallet of your choice. The verifier (website/app) will accept a proof from any wallet/issuer that meets their criteria. We’ve built our system to be agnostic about credential sources for exactly this reason. It’s a universal verification layer.

If anything I hope we can agree, we must continuously surfacing and discussing these risks early rather that waiting until it's too late.