I've built Promise, to prove (to myself at least), that it would be technically possible to build authentication infrastructure, that can be used across sites, without having to store any data unencrypted, and furthermore, not storing any personal data at all.

And it works.

It's a bold choice of words, I acknowledge that. And the proof is only as strong as my abilities to write software.

This is yet another reason why Promise needs a movement behind it. To strengthen the proof. To strengthen security.

I understand, but don't you still have the capability to ban a domain/user? How is it different than Google in the context of the post?

Being a non-profit, collectively owned service, which Promise is, will make it difficult to ban users and relying parties.

Just like the DNS can block users, Promise can ban users and relying parties.

This is not something Promise should take lightly, but the fact that almost everyone has a say in Promise, unlike Google, where almost no one has a say, makes me full of hope that this can be solved in a transparent way.