Just over four years ago I founded LifeID to “give users power over how their personal identity data is used online and in the real world.” Our mission was to use Web3 technologies to solve Web2 identity problems – though when we wrote the original messaging the term Web3 was not common enough to frame our mission using the term Web3. I still believe in the mission of giving users power over how their personal identity data is used, but what I learned along the way prompted me to pause the project and reconsider our approach.To be successful in any endeavor you must be humble enough to realize when you get things wrong. And when it came to digital identity, I got a few things wrong. In this post I will highlight some of these learnings with the hope of dissuading others from trying to “solve digital identity” with the same tired ideas of Web1 and Web2 and instead, join me in focussing our energy on newer approaches that eliminate the need to identify humans in the first place.
Lesson 1 - Why are we doing this?
The most fundamental thing I got wrong in our quest to “solve digital identity” was not recognizing that the main reason most governments and businesses are desiring to identify humans in the digital realm is to settle contract disputes in meat space. At LifeID, like most other blockchain-based identity projects, we set out to solve this problem using public blockchains as an anchor for digital identifiers used to represent humans. The irony was that blockchains like Ethereum enable us to build systems where transaction finality and counterparty risk management are solved in code (smart contracts), not legal contracts. It forced me to ask the question, why are we still building systems to identify humans, when we could be building systems that use cryptography and game theory to create desired outcomes. This irony was staring me in the face, but I did not initially see it.
There are some interactions where governments mandate identifying and recording the actual human involved, but for most business transactions this is not needed.
Lesson 2 - The term “digital Identity” is a meaningless - trying to “solve digital identity” is a colossal cave adventure
The language we use to frame the problems we solve matters. Using imprecise language, or language where the terms mean different things to different people results in confusion about problems we are actually trying to solve. The most egregious example of this confusion is jumbling the idea that the accounts you use to interact with others on the internet magically manifests themselves into becoming your “digital identity”. This was succinctly articulated in a tweet by Zooko:
Resist digital identity. You are not your account. You are not your email address. You are not your public key. Those things are all tools—tools which can either serve you or serve those who would be your masters. Don't let technologists trick you into making those your identity.
The tweet resonated with me and is largely what prompted me to write this post. Going forward you won’t hear me use the term digital identity unless I’m making a contemptuous sarcastic remark about it. My unofficial new year’s resolution was to never use the term digital identity again, which I suppose I just broke.
Trying to distill all the complications of human and business identity down to the two words “digital identity” masks the true underlying challenges. During an Ethereum Name Service (ENS) workshop, the former lead of the ENS project accurately captured this challenge when he said:
Identity is actually a 100 really hard problems. If you try to solve too many of them at once your chance of actually hitting the correct solution to all of them is extremely low.
By framing these hard problems in the simple term digital identity, or their cousins decentralized identity and self-sovereign identity, technologists presume solutions to these complicated identity problems in the digital world should mirror our existing approaches in the physical world. In doing so, we limit our pursuit of novel protocols and new trustless paradigms.
In the physical world, there is an emphasis on identifying the real humans mostly to send them to collections or take them to court in the case of any contract violations. So it’s no surprise that in the digital world, technologists have been overly focussed on ways to identify humans to mirror these same business practices. In taking this approach they completely overlook ways to use new protocols that remove the need to identify the humans in the first place.
We don’t need to know which humans are involved if the protocols we use handle all the counterparty risks. Just look at the NFT markets: humans can buy and sell extremely valuable art from other humans without ever learning the real names or any other information about the parties involved in the transactions. In fact for all we know these may be bots on the other side of the transaction. It doesn’t matter, because the protocol ensures the outcome that both parties desire.
Lesson 3 - leading with identity is a bad idea
LifeID was one one of many identity companies and projects that sprung up to “solve digital identity”. Most of them, including LifeID, were looking for a way to unify everyone to use their one true digital identity for every possible use case. It became a quest to build a magical digital identity unicorn - the mythical animal, not the $1B valuation. The magical ID unicorn would allow you to login to any website on the Internet without a password, satisfy “Know Your Customer'' regulations for the banks and also get you past the TSA agent at the airport. There are still many projects in the market today and many more springing up each month all over the world trying to get the world to buy and use their magic ID unicorn.
The reality is that leading with identity is a bad idea. When I pitched the concept of LifeID to a colleague who was the General Manager of AWS Identity & Directory and Access Services, he gave me this feedback, “Identity is the tail of the dog, not the head”. Users don’t join Facebook to have a unified login to all the other sites on the Internet. Facebook attracted a gazillion users to its service, then rolled out “login with Facebook” to create a tracking vector for every site on the Internet. If you are thinking of starting a new venture where identity is the product, save your energy and instead focus on tools needed for humans or businesses to make privacy preserving transactions.
Lesson 4 - Privacy is hard, and pseudonymous is not anonymous
On this quest to build the “one digital identity solution”, the most important lesson I learned was that building a universal digital identity solution has severe privacy implications and frankly building privacy-preserving technology is extremely difficult. The tools for wide-deployment of privacy preserving technology was not yet mainstream. With zero-knowledge technology in its infancy, we relied on a mistaken idea that pseudo-anonymity was good enough to preserve privacy. But, as we have learned with the Bitfinex hack, Bitcoin, which relies on pseudo anonymity, is anything but private. With Google-scale compute and data storage it is trivial to correlate identifiers back to real world transactions undermining any privacy benefits of pseudonyms. This is my biggest critique of the W3C’s DID efforts that we were once heavily involved in. A public registry of pseudonymous identifiers to represent humans is a horrible foundation if you want to preserve privacy in digital protocols.
This concern for privacy is also why I think it is irresponsible to push Bitcoin and Lightning Network as a global public payment system. I know this will displease many Bitcoin maximalists, but I don’t want to live a dystopian nightmare where large data brokers and nation states know all the financial transactions of everyone in the world. Bitcoin is great as a reserve cryptocurrency and for public entities like governments and public organizations, but it needs a privacy layer like Zcash if we want to use it as a global payment network for all humans on earth.
Lesson 5 - Resilient public digital identifiers are necessary for public and private discourse
One thing we got right was recognizing that humans need public digital identifiers in order to interact with each other in the digital world. In public squares or at local coffee shops, we use public names to interact with one another. Social networks like TikTok, Instagram, Twitter, chat apps like Discord, Slack and discussion platforms like Reddit are all digital versions of our public squares and coffee shops and each has its own native digital identifier. And for direct human to human communications the two most common digital identifiers we use are email addresses and phone numbers.
The challenge with all of these digital identifiers is that none of them are cryptographically secure enough to use in cryptocurrency transactions. And in some cases, such as social platforms, you can lose access to using these identifiers if you violate any terms of service.
There is a huge need for easy to remember human-readable identifiers that are as resilient as blockchain public keys and can be used the same way we use our email address or phone number. One that is public, but can be used to initiate private end-to-end encrypted communications.
A way forward
I’ve identified some lessons and things not to do, but what should we be doing?
Rather than building protocols that seek to identify humans or that selectively disclose information about humans, we should focus our energy on building protocols that eliminate the need for the counterparty to require this disclosed information in the first place.
One easy example is to replace credit card based payment rails with payments made using privacy-based cryptocurrencies. When using credit cards online, most sites ask for information like your name and billing address to help prevent fraud. With cryptocurrency, payments are cryptographically signed by the user and settle on the blockchain within minutes.
Another common scenario where merchants seek to determine the identity of an individual is when they want to extend credit. Mobile carriers are an example of this. The carrier collects a bunch of personal information about you so they can look you up in a central credit bureau such as Experian or Equifax to check your financial history They do this in order to determine whether or not you pose a risk of not paying your monthly mobile bill and also so they know who to turn over to collections when you don’t pay your bill. This business practice is why identity theft is so prolific.
What many may not know, when signing up for a mobile service without credit history, some carriers give you the option to deposit some cash that the carrier holds as reserve. With smart contracts, this approach can be implemented entirely on a blockchain without ever needing to collect personal information from the customer signing up. The mechanism used to lock up this deposit could be quite sophisticated. For example, allowing it to be used as a deposit across multiple services, or allowing the deposit to be locked in some yield farming contract earning passive income.
We need to rethink how we model trust relationships in these business interactions using privacy-preserving cryptocurrencies rather than trying to recreate the existing approach of identifying the legal entity that can be sent to collections. Instead of doing this privacy-invasive credit check, adding friction to the onboarding process and worrying about preventing fraud, businesses can focus on building great products and services.
Rather than spending energy building technologies that perpetuate a broken model, a couple years ago I decided to pause LifeID and consider a new approach. This new approach started with a question. Is there a way to convert an existing commonly used public identifier into one that is based on strong cryptography? If so, can it be used to transform existing communications into one built with Web3 principles? One that is easy for humans to remember and share and could be used as “Web3 avatars” in our public spaces for authenticated, censorship resistant public communications, and can also be used to bootstrap private communications and facilitate private payments.
The answer to this question is “yes” and I can’t wait to share it with the world.