Internet identity is linked to accounts; accounts don't work together; and identity doesn’t work on the Internet. Internet users need easier ways to manage activities and safer ways to manage accounts.
Users need dynamic privacy and security to organize their data, activity, and settings across their accounts. What if you get a new job at a16z and wants to update your bio on Twitter, Farcaster, and Bluesky? You have to do them one by one. What if you want to move .2E Matic from account A and .2E Matic from account B to account C simultaneously? You can’t. Each account has different rules.
You will never have total privacy and own your data. The internet is decentralizing and accounts are not. Accounts are vulnerable as a centralized container with a parent owner and signer. Any model that relies on a single key to open a lock will fail. Any model that relies on the same key to open a lock will fail. Any model that relies on humans and trust will fail. Cryptography and signing schemes may seem secure because of math, but they don't prevent phishing attacks and human errors. We can’t get rid of accounts. We need to create products with zero-trust and “no-account” principles to improve what we cannot solve.
Identity is a goal.
Imagine Alice. Alice was born, feels the environment on her body, and reflects on herself as she experiences the world. Alice has a mind and body, with feelings and thoughts. Alice reflects on herself for identity. She wants to be safe and secure to survive and thrive. Identity is a goal - not a reflection.
Alice has many versions of herself. There are different versions of Alice's identity. These include who she is, thinks she is, and wants to be. Who Alice wants to be in her mind affects how she sees her identity.
Alice showcases multiple versions of herself. She creates opportunities to achieve her goals and fulfill her needs. She makes decisions based on risks and rewards. Alice wants to go from public to private, local to global, solo to social, and physical to digital. Alice wants to connect.
The more people Alice connects with, shares with, and receives feedback from, the more her identity and opportunities expand. Alice gets online and onchain. She uses accounts, wallets, browsers, and apps.
Alice's internet identity is tied to many accounts with different products and networks. Alice signs in. There is Tinder Alice. LinkedIn Alice. Playstation Alice. Zora Alice, ENS Alice, Mac login Alice, Netflix Alice, Spotify playlists Alice, or Chrome profile Alice. She uses an identity provider and gives an ID to an account provider; the provider swaps the ID with an account ID (address, user name). She gets keys or other means to “sign” and approve her actions. Her keys are linked to her account and address.
Alice verifies her identity. Her identity is more than just an account; it's an ongoing activity. If someone steals her information and uses it to commit fraud, her bank will call and ask -- did your identity do this activity? If not, the bank will help her fix the problem without charging her.
Alice has accounts for wallets and blockchain wallets. Accounts and wallets are like checking accounts and banking apps. She has a checking account and a debit card. She needs wallets that are compatible with accounts. Alice uses two blockchain account types: Normal Accounts (Externally Owned) and Smart Accounts (Contract). There are three different key management types (seed phrases, custodial key management services, and multi-party computation networks). Accounts and wallets exist in combinations of account type and key management.
Identity is abstract and does not fit in accounts. Internet identity is not who you “are,” what you have, or what you earn. Identity is not an address, a credential, or an account. You are only a signature online when you sign. Internet identity is what you do. Identity is what you want. Imagine Alice. If someone steals Alice’s credit card and makes fraudulent purchases, her account provider calls her and asks “Did your identity do that activity?” They want to confirm the activity not the account, not the account owner.
Alice doesn’t choose how she identifies. Her accounts define how she identifies. Account formats (fields) determine how she identifies. Accounts govern how she uses her accounts (permissions). She doesn't choose what to provide to the account. She doesn’t have a universal login. There is no standard for what information is required for what account. A phone number has seven digits, Sign In With Ethereum has seven message fields and job applications have ethnicity and gender, and name fields. She can use with no account to demo and guest mode, profile, no-ID, and ID accounts.
Alice doesn't own her accounts even though she uses them. Account providers provide her with the account she uses. In “Web2”: If she deletes her Facebook account, Facebook retains Alice’s “anonymized data.” In “Web3,”: Ethereum, for example, is worse. She can’t delete her Ethereum blockchain account and its history. The Ethereum network provides her account and defines messaging format.
Alice does not own her data history. Instead, Alice relies on account providers to manage and code if a blockchain network is a provider. She can't sync between accounts. She doesn’t have her account relationships and metadata. She can't take her data and use it in another app. She can't reuse the same account in other apps (Tinder bio in LinkedIn). She can’t take it with her, accounts don’t let her.
Alice does not control who sees who owns her accounts and who sees what about her account activity. Everything she does online and on-chain is part of her identity. There is a record and history. In people’s minds, on company servers and blockchain networks. There is a profile of her that others see. On blockchains, her activity and history are public and permanent.
Her accounts aren’t secure: Sub-accounts and new wallets are tied to the same parent key and passwords. If one is hacked, all wallets are hacked. She stores these in different places, such as a password manager, and has to copy and paste keys, make mistakes, and share secrets without intent. To maintain privacy, secret managers alone are not enough. Switching takes her away from apps.
Her accounts aren’t private: By default, she is not private; her transactions and accounts are public on the blockchain. Making mistakes or using correlated addresses can lead to doxxing. She cannot manage separate (private) accounts together and must log out and back in to use a different account.
Accounts are bad account managers. Interoperability is local, and multi-account management is not possible. Alice has no universal identifiers and no universal sign-in. Her app messages have no standard format and aren't human-readable. She relies on web2 third-party servers and has different usernames with dozens of services. She must recreate the basic profile again, manually entering and being unable to import. She cannot import all account types and organize them as she wishes.
Wallets are bad account managers. Her wallets focus more on what's in the wallet (swaps) than connecting her with contacts, getting her to apps, and managing her accounts. Not all of her wallets have browsers. Not all apps work with all wallets. Not all tokens work with all accounts. She has to disconnect from all apps manually. Alice can't sync her wallet contacts and browser bookmarks.
You will never have total privacy and own your data. We need to create products with zero-trust and “no-account” principles to improve what we cannot solve. Users can’t manage activities without flexible accounts. Users need dynamic privacy and security for control over their time and activities.