Just over five years ago I founded LifeID to “give users power over how their personal identity data is used online and in the real world.” Our mission was to use Web3 technologies to solve Web 2.0 identity problems. I still believe in the mission of giving users power over how their personal identity data is used, but what I learned along the way caused me to pause and reconsider our approach.
At LifeID, like most other blockchain-based identity projects, we initially set out to solve the problem “prove which human is doing the transaction”. And like so many other projects, the approach was to use public blockchains as an anchor for digital identifiers that represent humans. Humans would then obtain digital verified credentials and use them as proof of who they are when transacting online.
The irony was that blockchains like Ethereum enable us to build systems where transaction finality and counterparty risk management are solved with smart contracts not legal contracts, eliminating the need to associate transactions back to the humans that initiated them. It forced me to ask the question, why are we still building systems to identify humans, when we could be building systems that use cryptography and game theory to create desired outcomes without needing to identify which humans initiate them. This irony was staring me in the face, but I did not initially see it.
To be successful in any endeavor you must be humble enough to realize when you get things wrong. In this post I will highlight some of these learnings with the hope of dissuading others from trying to “solve digital identity” with the same tired ideas of Web 1.0 and Web 2.0 and instead, join me in focusing our energy on newer approaches that eliminate the need to identify humans in the first place when possible, and by limiting personal data disclosure when not.
The language we use to frame the problems we solve matters. Using imprecise language, or language where the terms mean different things to different people results in confusion about problems we are actually trying to solve. The most egregious example of this confusion is jumbling the idea that the accounts you use on the internet magically manifests themselves into becoming your “digital identity”. This was succinctly articulated in a tweet by Zooko:
This tweet resonated with me and is largely what prompted me to write this post. We need to think of these accounts as identifiers that are loosely coupled to humans not tightly bound to them as an identity, and certainly not our “digital identity”.
Trying to distill all the complications of human and business identity down to the two words “digital identity” masks the true underlying challenges. During an Ethereum Name Service (ENS) workshop, the former lead of the ENS project accurately captured this challenge when he said:
By framing all of these hard problems in one non-specific term digital identity, or their cousins decentralized identity and self-sovereign identity, technologists argue – mostly on twitter – about various aspects of “digital identity” presuming everyone else is talking about the same subset of those 100 really hard problems.
LifeID was one one of many identity projects that sprung up to “solve digital identity”. Most of them, including LifeID, were looking for a way to unify everyone to use their one true digital identity for every possible use case. It became a quest to build a magical digital identity unicorn - the mythical animal, not the $1B valuation. The magical ID unicorn would allow you to login to any website on the Internet without a password, satisfy “Know Your Customer'' regulations for the banks and also get you past the TSA agent at the airport. There are still many projects in the market today and many more springing up each month all over the world trying to get the world to buy and use their magic ID unicorn.
The reality is, if you want product market success, leading with identity is a bad idea. When I pitched the concept of LifeID to a colleague who was the GM of AWS Identity & Directory and Access Services, he gave me this feedback, “Identity is the tail of the dog, not the head”. Users don’t join Facebook to have a unified login to all the other sites on the Internet. Facebook attracted a gazillion users to its service, then rolled out “login with Facebook” to create a tracking vector for every site on the Internet. If you are thinking of starting a new venture where identity is the product, save your energy and instead focus on tools needed for humans or businesses to make privacy preserving transactions.
Consider this: The Internet has been evolving for over four decades. Yet the most popular social identifier in use around the world today is your phone number. There are over 5.1 billion mobile subscribers in the world and only 4.1 billion users of email. The other surprising thing about this data is that mobile numbers cost money, while email addresses are free. Facebook has come the closest to challenging email addresses and phone numbers as the most popular social identifier with 2.9 billion users, but their growth is plateauing while mobile subscribers continue to grow. To all the identity projects out there that want to be the world’s social identifier, best of luck to you!
On this quest to build the “one digital identity solution”, the most important lesson I learned was that building a universal digital identity solution has severe privacy implications and frankly building privacy-preserving technology is extremely difficult. The tools for wide-deployment of privacy preserving technology was not yet mainstream – one could argue they still aren’t. With zero-knowledge technology in its infancy, we relied on a mistaken idea that pseudo-anonymity was good enough to preserve privacy. But, as we have learned with the Bitfinex hack, Bitcoin, which relies on pseudo anonymity, is anything but private. With Google-scale compute and data breaches commonplace, it’s trivial to correlate pseudonymous identifiers back to real humans and their transactions.
This is my biggest concern with how many projects are using W3C DIDs. A public registry of pseudonymous identifiers to represent humans is a horrible foundation if you want to preserve privacy in digital protocols. The only identifiers that should be stored on a blockchain, are those that are published for public human consumption such as names in the Ethereum Name Service (ENS). I look forward to the day when these ENS names can be purchased with zero-knowledge crypto, and only reference zero-knowledge public keys.
This concern for privacy is also why I think it is irresponsible to push Bitcoin as a global public payment system. I don’t want to live in a dystopian nightmare where large data brokers and nation states know all the financial transactions of everyone in the world. Bitcoin is great as a reserve cryptocurrency and for public entities like governments and public organizations, but it needs a privacy layer like Zcash if we want to use it as a global payment network for all humans on earth.
One thing we got half right was recognizing that humans do need resilient public digital identifiers if they want to publicly interact with each other in the digital world. In public squares or at local coffee shops, we use public names to interact with one another. Social networks like Twitter and Facebook, chat apps like Discord, Telegram, Slack are all digital versions of our public squares and coffee shops and each has its own native digital identifier.
The problem with all of these digital identifiers is that none of them are cryptographically controlled by the person that created them which means they cannot be used as an address for cryptocurrency transactions. Furthermore, if any of these services is unavailable, or decides to restrict access, users lose access to their identifier, in other words, they aren’t censorship resistant.
There is a huge need for easy to remember human-readable identifiers that are as resilient as blockchain public keys and can be used the same way we use our email address or phone number. One that is public, but can be used to initiate private end-to-end encrypted communications. ENS is the closest thing we have to this today, but it is currently too expensive for wide-spread adoption and suffers from the same privacy concerns as Bitcoin.
I’ve identified some lessons and things not to do, but what should we be doing?
One easy example is to replace our existing credit-based payment rails with payments made using privacy-based cryptocurrencies. When using credit cards online, most sites ask for information like your name and billing address to help prevent fraud due to credit card theft. With cryptocurrency, payments are cryptographically signed by the owner and settle on the blockchain within minutes, no identification is needed.
Another common scenario where merchants seek to determine the identity of an individual is when they want to extend credit. Mobile carriers are an example of this. The carrier collects a bunch of personal information about you so they can look you up in a central credit bureau such as Experian or Equifax to check your financial history. They do this in order to determine whether or not you pose a risk of not paying your monthly mobile bill and also so they know who to turn over to collections when you don’t pay your bill. This business practice of extending credit based on a score in these databases is why identity theft is so prolific.
We need to rethink how we achieve the desired outcomes in these business interactions using privacy-preserving cryptocurrencies and smart contract logic rather than trying to recreate the existing approach of identifying the human and asking for credit history. Instead of doing this privacy-invasive credit check, adding friction to the onboarding process and worrying about preventing fraud, businesses can focus on building great products and services. This is the promise of Web3.
Rather than spending energy building technologies that perpetuate a broken model, I decided to pause my work with LifeID and consider a new approach. This new approach started with a few questions. Is there a way to convert an existing commonly used public identifier into one that is based on strong cryptography? One that is easy for humans to remember and share and could even be used as a Web3 avatar? One that we could use online for authenticated, censorship-resistant public communications, and can also be used to bootstrap private communications and facilitate private payments?
The answer to these questions is “yes”, and the solution is called ΞNUM. The idea is deceptively simple, but powerful. Let anyone create public valid phone numbers rooted in cryptography. When looked up, the phone number returns only one piece of information, the cryptographic details needed to initiate privacy-preserving communications and privacy-preserving payments with the creator of the number. Because it is also a valid phone number, it can be used in the legacy telecommunications world allowing people to seamlessly transition to Web3. If this sounds interesting to you, we are looking for people to help us bring privacy and security to the 5.1 billion subscribers that use a phone number.