Decentralized Identity

In my LeWeb talk, I mentioned decentralized identity as one of the three big things I am looking for in the coming years. I think a protocol based approach is what is needed and the idea that Google, Facebook, Twitter, LinkedIn, or some other big tech company is going to control the database of all of our identities is a nutty idea in my mind.

We’ve been looking at a lot of things and to date, the namecoin protocol seems to show the most promise. Yesterday my partner Albert wrote a post explaining how someone could build this distributed identity layer on top of namecoin and pointed to two services, NamecoinID and OneName, that are attempting to do just that.

I have just started playing around with these two services and don’t yet have much of an opinion on them. But I did set up a onename profile at You can send me bitcoin there if you’d like 🙂

This sort of thing has been tried in the past. OpenID comes to mind. They have all been too wonky and none got mainstream adoption. At this point, Namecoin, NamecoinID, and OneName are also wonky. But I am hopeful that something will emerge, most likely using the distributed autonomous organization funding model that I talked about yesterday, that will lead to an open global distributed identity system that everyone and anyone can use. If such a thing were to emerge, it would be transformative in many ways.


Comments (Archived):

  1. David Semeria

    Appcoin, Namecoin, Cachecoin…I’m getting me some Confusedcoin — if only I knew where to buy it.

    1. fredwilson

      yes, but namecoin and cachecoin are just examples of appcoin

      1. JimHirshfield

        You guys! Stawp beeng so coiny.

    2. JimHirshfield

      ConfusedCoin comes free. EducatedCoin will cost you $200,000 at Harvard.

      1. Vasudev Ram

        With all these options, we’ll need TossACoin to decide between them.

    3. Matt A. Myers

      Probably want to avoid an exchange called NameGox.

      1. jason wright

        what was ‘gox’?

        1. Matt A. Myers

          MtGox was: Magic the Gathering: Online Exchange (I believe)

          1. jason wright

            thx.magic – now you see it, now you don’ lexis – to be ‘goxed’.

          2. Matt A. Myers

            Ha. That’s great.

    4. ShanaC

      here, let me offer you one

  2. jack

    If I have to engage in a data mining process to log in to a website, I’m quitting the internet.

    1. fredwilson

      Yup. That’s why this needs to happen.

  3. awaldstein

    If identity is decentralized, then place itself seems secondary and this turns marketing on its head.

    1. JimHirshfield

      You just made my head spin, not to mention an identity crisis.

    2. Matt A. Myers

      I think I get the gist of what you’re saying but could you frame it a little more? Thanks:)

      1. awaldstein

        As much as I can do today Matt–Dreaming the future

    3. JamesHRH

      ?I walk by your store and see something I like……..who cares if I participating in a distributed identity protocol?That scenario has about 2000 years of momentum.

    4. Brandon Burns

      How, specifically, does this cause marketing to turn on its head?

      1. awaldstein

        I will attempt to answer that tomorrow. Been a brutal day.Just pounded out this post to address some of the items.Dreaming the future

    5. Pete Griffiths

      Only marketing that focuses on place rather than identity. There is nothing about identity being decentralized that means that identity can’t be tracked and targeted. And even that doesn’t make place irrelevant because no matter how my identity is maintained I will still go to ‘places.’ eg stores

  4. JimHirshfield

    But seriously, what does decentralized identity do for the average consumer? What problem does this solve?

    1. Kirsten Lambertsen

      This piqued my interest in having an uber secure single login for all my different services. OneName claims to do that.

      1. JimHirshfield

        But wouldn’t OnePass or some other universal password service do that?

        1. Kirsten Lambertsen

          Yes, that’s what those services do. But in a centralized way.I’m not sure the avg consumer will get or care about the difference. On the other hand, she just might. Or maybe she will five years from now.

          1. JimHirshfield

            Will you get back to me then? 😉

          2. Kirsten Lambertsen

            Shhh! No one is supposed to know that I am The Avg Consumer.

    2. Elia Freedman

      If it is possible to gain this kind of trust, I think it may need to be a component of something else. I’ve had an idea around this kind of thing for a while now but haven’t chosen to pursue it yet for various reasons.

      1. JimHirshfield

        Right….like your bank or insurance company offering this kind of security. That makes sense to me.

    3. fredwilson

      Own and control your identity

      1. JimHirshfield

        Don’t I own and control my Twitter, Disqus, and LinkedIn identities?

        1. pointsnfigures

          hackers might.

        2. Matt A. Myers

          What if you delete your account? Do you actually delete it and all related data?

          1. JimHirshfield

            Related data is not what we’re talking about per se. Identity and the trail it leaves are two different things.If I sell my house, three fact that I owned it is not erased from the public record.

      2. Twain Twain

        Could this be a first-step towards users owning, controlling and also being able to BE PAID for the data they upload………?

        1. JimHirshfield

          Effluence is recycled into methane gas. But no one’s paying me for my shit. Ain’t gonna happen. Ever. As regards online user data, same story, different day.

          1. Twain Twain

            Maybe it’s worth making a distinction between content created by the user and data of the socio-demographic type?For example, users monetize the designs they post on DeviantArt and the code they post on WordPress (fremium model) or CodeCanyon and the videos they post on YouTube.But the “exhaust data” of their online interactions isn’t currently “worth s*it” — except as aggregated, cleaned up and anonymized as representative sample consumer populations by the big social media platform and sold onto the brands?

          2. JimHirshfield


          3. PhilipSugar

            There are people that pay to understand who you are, they just don’t pay you.

          4. JimHirshfield

            Yes, well aware. I’ve worked in that space. Which is why I don’t think users will ever get paid for their browsing and behavioral data.

          5. pointsnfigures

            I do think in the case of a Bitcoin exchange, you could get paid in some way for the amount of liquidity you provide (haven’t thought about the economic incentives around that)-perhaps in equity

      3. Matt A. Myers

        Do you mostly mean own all of the content you produce and who has access to copies of it?

    4. Leapy

      Doc Searls was writing about this back in 2005 and still offers the clearest explanations.…Leapy

    5. pointsnfigures

      Might enable easier and more hyperlocal. Might make it easier to interact with highly fragmented businesses-maybe Groupon ($GRPN) is onto something.

    6. LE

      My case in defense of the idea:Your honor, If you’ve never watched a certain classic movie you might not realize what problem a dead fish on a bed solves. “Why would anyone put a dead fish on a bed?” you would ask?My personal feeling is that it doesn’t solve a problem the “average” consumer cares about. In mayorial elections people elect the guy who gets the trash collected and clears the snow after a storm.

  5. andyswan

    I don’t think of it as Google/Facebook/Twitter “controlling” the database of all of our identities (awww how sad is LinkedIn you left them off).I just think of it all working together. Disqus has some of my online identity, twitter another, facebook another, my bank another…. they all tie back to my real name by choice (dat be proof, as @aweissman would say). I’m not sure I see the value in a protocol having some claim over my identity, unless that protocol gives me significant value in return, as disqus, twitter and likefolio (pluggers gon plug) do very well.Identity through participation…. I get it… I’m just not sure we don’t already have it and can’t see why we need a coin for that….nor why we would want it centrally decentralized.

    1. JimHirshfield

      Ooooh, DisqusCoin. I can haz?

      1. andyswan

        I have cornered the market on disqusCOINS and will be releasing them into the marketplace over time in a fantastic progression that gets slower based on the complexity of the climate change models that are developed to answer why prior models failed to predict the failure of warming. We expect disqusCOINS to reach $1,000,000 in value by the time all 3.14159265 trillion of them are released into the ecosystem, which is projected to take 132.1 years.In other words… BUY NOW and figure out how to use them later, because SUPPLY IS LIMITED and the PRICE IS GOING UP.

        1. JimHirshfield

          Can I see a prospectus please?

          1. andyswan

            Sorry all we have is a chart of price moving higher and some vague myths regarding the brilliance of its creator.

          2. JimHirshfield

            I am Satoshi Swanoto.

          3. Matt A. Myers

            Liar, I’m Satoshi Swanoto.

          4. JimHirshfield

            No. I think you are Dorian Satoshi Swanoto Myers.Poser.

  6. Elia Freedman

    I heard a story from a developer recently that average people don’t like to use Facebook login on random products because they don’t trust what the product is doing on Facebook and what Facebook is getting from the product. I feel the same way and thus don’t use that option if I have a choice.I wonder if a login credential owned by something outside of one of these services has any more chance than Facebook, Google Twitter, et al.

    1. JimHirshfield

      Not sure I know the answer, but curious what you think their business/revenue model would be.

        1. JimHirshfield

          One customer solutions never scale.

          1. LE

            Attached below.

          2. JimHirshfield

            They had lots of customers.

    2. andyswan

      It’s true. At LikeFolio we get far more people logging on via twitter than facebook. It’s a bit of a tell regarding the value of the data behind that login.If you get into my twitter you might say something stupid and offensive. I doubt my followers would know the difference.If you get into my facebook you might call my niece ugly or message one of my exes in Texas.

      1. JimHirshfield

        exes in TexasI didn’t know you wrote lyrics to country music!

      2. Elia Freedman

        There seems to be a general mistrust of Facebook. Can’t figure out why. 🙂

      3. Matt A. Myers

        You’re much more heavily tied into Twitter though no?

        1. andyswan

          yes but that was only because users went that direction. We started off agnostic. Twitter won.

          1. JLM

            .This kind of real world data and reaction is the real thing.JLM.

          2. Matt A. Myers

            Do stock hashtags play a large role in that you think?

          3. andyswan

            No they make up a minority of our “matches”

          4. Matt A. Myers

            Not sure what you mean matches. 🙂

          5. andyswan

            We find brands and product names that tie up to publicly traded companies. So “you talk about Yahtzee a lot did you know that is Hasbro $HAS”

  7. William Mougayar

    I set-up mine yesterday too, and will gladly accept donations 🙂…The thing is I’d like to see more Apps built on top of this. Right now, it looks like a directory of bitcoin wallets.

    1. Muneeb Ali

      That’s exactly right! It’s the very basic/first layer right now i.e., just a directory (or whitepages) of people and their bitcoin addresses. Many interesting things can be built on top …

  8. LIAD

    not sure all that glitters is gold.centralized services do come with benefits, squatting prevention/’password reset’ to name a couple1.someone squats on your name, your families names and your businesses names. abuses them, costs you stress and money. your recourse = jack shit.2. you lose your private key effectively locking you out of your own identity for eternity. your recourse = diddly squat.

    1. William Mougayar

      btw- I like what you’re doing with . Where are you taking it?

      1. LIAD

        thx, initially planned on it being a super-newbie friendly wallet but feel market pretty well served right now. current live app just testing water/scratching own itch. early days

    2. fredwilson

      Those problems would have to be addressed or this won’t happen

    3. Muneeb Ali

      For #1, you can verify your various online identities and link them to OneName e.g., if someone creates but is “verified” to be linked to the twitter handle @fredwilson and to the domains and .. which user will you trust more to be the real Fred Wilson? Albert calls this “probabilistic identity”, grabbing someone’s real name is not important unless you can also compromise their domain/website, Twitter, Github, and so on.

      1. LIAD

        peoples desire to use and invest in a service is directly correlated to them getting the username they want on said service

        1. Muneeb Ali

          P.S: Just realized that if I post links then the SPAM detection fires up for Disqus. Hmm

        2. Muneeb Ali

          True. You can think of usernames on OneName as domain names. You have to pay (a small price) to get them (right now we’re footing that bill) and they expire every 8 months. When Facebook really wanted their domain, they were able to buy it. This just creates a marketplace for usernames, just like DNS did back in the day for websites. People have three options a) be an early user and grab the username of their choice (equivalent to people getting good .com domains in the early days of DNS), b) purchase their username, if they need it that bad (this model has worked for domain name transfers), and c) be creative about new usernames (happens all the time when your the Twitter handle you want or the Github username you want is taken)

    4. Muneeb Ali

      For #2, for currencies like Bitcoin to take off a) average users will have to become more aware of security and b) services and tools will emerge that will make safe-keeping of private keys easier and more dependable. I’ve been a developer/hacker since the late 90s and yet I’m shocked at how bad my own security measures were (e.g., the security of my linux servers, passwords for online services, and how I created data backups etc) until I discovered Bitcoin. Crytocurrencies are the first compelling reason for the world to upgrade their online security models. And it’s going to happen.

    5. ZekeV

      a good service would make it easy for people to designate multiple private keys, and to revoke lost keys

  9. Pete Griffiths

    I agree with this. A protocol based distributed / decentralized approach is the way to go. But not just for identity!

    1. JimHirshfield

      But not just for identity!What else?

      1. Pete Griffiths

        E.g. a tracker

        1. JimHirshfield


  10. Julien

    Identity is decentralized in nature. There are many ‘John Smith’ in the world and in graveyards! A name only something to the ones who know that person. My ‘John Smith’ os not your ‘John Smith’, why does Facebook’s John Smith be the same as Twitter’s John Smith?In the end, (and it pains me to say so), I don’t think it matter that some services are trying to centralize identity because it’s only centralized to them. So I don’t think namecoin and others are atcually addressing a real problem.Also, openId is more authentication than identity. It’s more about validating my claim of being someone than asserting that I am a given person.

  11. Niv Dror

    We’ve outgrown the driver license, or its more credible relative; the passport on so many levels… Thanks for mentioning Albert’s post and pointing out namecoin – will be interesting to learn more!

  12. Niv Dror

    If anyone wants a quick recap of Fred’s (excellent) talk at LeWeb about the 3 Big Megatrends, I put together a summary:

  13. Brandon Burns

    The most powerful parts of the shift to decentralized identity are the different decentralized pieces themselves, not the piggyback services that attempt to aggregate them.If people wanted their identity aggregated, they’d stay on Facebook and reject new services. The mere fact that identity is now spread across social networking platforms, professional networking platforms, hobbyist platforms, messaging apps, personal home pages, etc. shows that people are **fighting** aggregation, not embracing it.Back in the 2009 – 2012ish timeframe, people were getting social media fatigue. A bunch of services came out trying to aggregate all your profiles. This only contributed to more public fatigue, and lead to most people ignoring new social apps. While services from Hootsuite to Gravitar found small audiences of power users, most normal people think that if they’ve got to get a service to manage all their services, they’d rather simplify their lives and just not partake at all.The new apps that have grown in the meantime got to where they are by **not** standing for online identity. Whatsapp is a better messaging app. GitHub is a better professional networking experience. These services are experienced in separate bubbles; no one is sitting around thinking, “Geeze, I wish I could have central management for my Facebook, Whatsapp and GitHub profiles.”In fact, in the 2014 post-Snowden world, that kind of experience sounds down right awful. And while new protocols like Namecoin have a nerd caché that get the tech and VC communities revved up, real people are bound to see backend technologies, of which they understand nothing other than that they help make all the aspects of their identity easier to access online, as the enemy.Its pretty clear that the general public has little interest in aggregating identity, no matter how interesting the proposition sounds to the tech and VC communities.If you really want to capitalize on the decentralized theme, I’d make more investments in services like Kik — services that represent one of the decentralized pieces, like messaging — instead of trying to “own” every touchpoint of someone’s identity via auxiliary services that sit on top of everything. No one wants that.

    1. PhilipSugar

      Good post. I somehow would like to keep all of my identities separate, totally separate. Look at the 60 minutes piece on aggregation of data:…If there were someway that I could keep my identity so humans could know it but obfuscate it to the rest of the world easily, that would be valuable to me. I know and do use a Private VPN, but it is not as easy as it could be. Kind of like having to SFTP files before Dropbox.This feels to me the same type of opportunity.

      1. LE

        SFTP files before Dropboxrsync and cron to a server that you control in the cloud still works pretty well.

        1. PhilipSugar

          You know how Brad Feld has a quote “we suck less”I have one: “All of our customers are stupid, otherwise they wouldn’t be our customers”I don’t mean this literally but think about dropbox….I need to send you a big file, sure those work, but who won?

          1. LE

            Conversely the more you know about security and how startups play lose and fast with their programming [1] the more you in no way can trust a third party company to be in charge of securing any sensitive data (I’m not talking about cat pictures). I guess in all honesty the same goes for Apple and Icloud. And ironically the larger a service is the more they are a target (so you can’t win). After all the only thing separating your data and someone who wants it is a bit of social engineering, right?”All of our customers are stupidCustomers are totally “don’t make me think” and just want a solution and/or handholding to their problem and will definitely pay for it. One big error small “lifestyle” web businesses make is assuming they have to price cheaply to get customers instead of pricing by value (I’m talking about ones that don’t intend to get funding..).While customers are stupid, the truth is it’s probably a combination of being uneducated and stupid. Stupid is not being able to process information that you have, being lazy, not paying attention [2] being of slow mind. Maybe even a bit of the “r” word. Uneducated is simply not knowing the answer and making the wrong decision as a result. You can make money off both of these groups of people. And they will be thankful because you helped them with something they don’t have the time or the brains to figure out themselves.[1] I’ve been hearing the same shit shoveled since 1996 about how secure things are and “we’ve got it figured out”.[2] Source: me

          2. PhilipSugar

            You are right I usually use the word lazy too. I agree, but here is the thing: BigCo person: I need that big Powerpoint now Phil!! Ok, let me put it on my SFTP Server and explain to you how to use it, frankly I’d prefer to bang my head on the wall for an hour because I might make more progress…..or let me dropbox it to you.

          3. LE

            What’s interesting is that dropbox which started as a way for non technical people to do things that technical people could already do has marketing that doesn’t speak to a typical end user in a business. For example an accountant or a lawyer or the guy at the local design firm, architect etc.This page:…Has things that are mixed together (using pharmacy lingo) OTC (over the counter) and BTC (behind the counter) that info is all on one page. So this speaks (even given their success) to shopping cart abandonment for sure.I mean what the fuck:Dropbox’s storage is SSAE16/SOC1, SOC2, ISAE 3402 and ISO 27001 certified on Amazon S3 and may provide data mirroring across other secure data centers.And if you order now you also get:Delta sync and LAN syncWho writes this shit? Why not organize the page in a way so that you don’t confuse the stupid customer with things they don’t care about.Edit: Organize means you can have all the stuff there but my mom doesn’t care about the rpm and torque on the car so make sure that is somewhere else so she doesn’t get scared.

          4. Timothy Meade

            Folder, that syncs, for business, and secure (ISO 27001 certified).

      2. sigmaalgebra

        Agreed. C.f. my similar post on this thread.

      3. Brandon Burns

        Eek! That 60 Minutes clip is the basis for a real life horror movie.*shudders*

        1. PhilipSugar

          I will say this: Never go on 60 minutes if you know you are going to be cast as the villain. I know one guy they interview personally. He is genuinely a decent person. Really decent compared to the CEO of one of the companies that refused to be interviewed. I can tell that they probably did a one hour interview and picked clips right after they asked him questions like: So since you discriminate against X group, tell me your thoughts on regulation.

          1. LE

            What did you think of the “new Lara Logan” they had on another feature?

          2. PhilipSugar

            I don’t watch the show. Somebody emailed me the piece. I think the either PowderPuff the piece or do a Hatchet job. I will admit to watching TV to relax, but I don’t understand watching shows that are built on conflict. I have enough at work. I was going to say the worst was catching my wife watching Nancy Grace, I just Googled her and found that just today a judge cleared the way for her libel trial.

          3. LE

            I don’t watch Nancy Grace (I’ve seen it to just get a taste) but I used to watch both Larry Kudlow and Chris Matthews occasionally even though they are pretty much the opposite. I do this because I like to see what the opposing points are as biased as they are. Watching Matthews and his entire love of Kennedy is enough to make me eject food so I wouldn’t watch while eating. Otoh Kudlow was an addict or something like that which I find interesting.I definitely watch some conflict because I find it entertaining if done right. I don’t particularly like seeing people squirm or get caught in a lie (I hate those local news shows where they ambush a villain).

      4. ShanaC

        how do you keep it all separate

    2. JamesHRH

      Well said.

    3. Matt A. Myers

      I humbly disagree about no one having interest in aggregating identity. I agree with everything else though. 🙂

      1. Brandon Burns

        Sorry for the hyperbole. 🙂

        1. JLM

          .I think you were correct to start with, BB.There is a bit of Internet fatigue setting in in general.JLM.

          1. FlavioGomes

            Contact fatigue…the new cool is hanging with yer pals without once checking your phone.

      2. Sudo Wonder

        There a lot more Namecoin usage cases to develop and implement like OneName:For latest Namecoin News take a look at:…ThxSupport and Like us!

    4. robertdesideri

      Identity is a driver’s license or passport to most people. Their thinking doesn’t much travel beyond these. Where’s the need for the majority, what’s the use case where a sweetly engineered distributed identity scheme produces value beyond the simplicity of centralised identity for the average bear? I’m agreeing 🙂

    5. Vasudev Ram

      Good and well thought-out post.

    6. Pete Griffiths

      I like this post. And there is another element of concentrating identity (centralized or distributed!) and that is security and privacy. If someone cracks your identity and that identity is used across many services then are all such services vulnerable?

    7. ShanaC

      github doesn’t scale as an experience if you don’t write code

    8. Muneeb Ali

      I don’t think the idea here is to aggregate identity at all, but rather to build apps like WhatsApp etc on top of a common core that is truly decentralized. It’s more of a shift to a new underlying architecture/model for building apps.

  14. Peter McDonnell

    My problem with centralization (ala FB / twitter etc) is that it tends to treat your Identification and Personas as the same thing.Centralizing your Identity so you don’t need to authenticate yourself from first principles is great. Connecting your online Personas from different sites / products / real-life as a side-effect is terrible.

  15. bfeld

    I got a namecoin id the other day. It was a confusing process. Remembering (writing down!) the long private password chain seems like the completely wrong approach.

    1. William Mougayar

      That’s called a “brainwallet”…. You could change that phrase to be unique in a way that you remember it more easily, e.g. “Brad Feld lives in Boulder and loves Amy, startups, running, sushi and books.”I agree it’s not something that the average consumer is going to embrace if that’s the only way of doing it. There is hope for other types of authentication methods to emerge like a bracelet that locks to your heart rate or something like that.

    2. Muneeb Ali

      Thanks for the feedback, Brad. We’re looking at ways to simplify the signup process for

  16. Matt Zagaja

    So I get the idea of centralized identity. You use FB or some other service to quickly login to others. The advantage is the quick sign-in and my data goes right over, the disadvantage is someone gets into my Facebook and they have EVERYTHING. Making accounts on every site prevents this, and to me seems decentralized enough already. I am not sure what problem OneName solves.

    1. Muneeb Ali

      Problem is Facebook (a centralized service) having all your data in the first place. You upload your data on Facebook, then they show you ads to make money. You don’t own your data, Facebook owns it and can process it however it wants.In a decentralized system there is no Facebook. Users own their own data/identity and can talk to each other directly without needing to go through any third party. It’s a hard technical problem to solve, but the bitcoin protocol provides a solution to it.

  17. LukeG

    It may be that the first step doesn’t include both “decentralized” and personally-owned/controlled.We need a public namespace where ultimate control is in the hands of its users. If it’s an open source service with free+hosted options, shouldn’t that be enough?Wordpress qualifies under that basic rubric, but we know that 90%+ of web users won’t publish long-form content without massive latency, and one of the qualifications for a global namespace is widespread adoption and participation.So the question becomes: who can build a massive and massively popular consumer service where users are in control of their data? And not just “data” in the sense of the content you publish, but control of your actual graphs. It only takes getting locked out of Facebook (or Twitter or …) ONCE to fully grok that it isn’t your network — they aren’t your friends — it’s Facebook’s. And personal ownership of your networks is the nuts.My guess is that an OSS analog is a fair bet, but I also suspect that there are better publishing and communication tools + services that we can build that will be more content-focused. Build something that a billion people use and love, and that happens to feature “personal data ownership,” the ability to host your own instance, etc. (Correctly seeded and cultivated, an open source community of developers AND DESIGNERS will be able to ship more powerful product over the longer run).If the focus isn’t on delivering an amazing experience for mainstream users, it ain’t gonna happen.

  18. pointsnfigures

    This is highly interesting. When I traded, i participated in a peer to peer decentralized network that was managed by a central party clearing operation. I had a unique identity (“CR”). This is that on sterioids-but no centralized clearinghouse. My gut tells me there will be opportunities to set up several CCP’s that enhance and secure operations (and they will charge a very very small fee to do it)

  19. RichardF

    I think there is a distinction that needs to be made between online public persona (which may or may not reflect the real you) which is distributed across a variety of platforms and the ability to verify your identity without giving information that can be resold, used to sell to you etc etc. I hate facebook login , twitter login because there is no granular control as to what you are giving away and in fact that changes as and when Facebook decides what information you can access through the api.I have no idea whether the latest and greatest bitcoin use is the way forward with this. I don’t really see a convincing argument. It just needs to be something that is so easy to use and understand and is sexy enough for the early adopters to get excited about it. Maybe why that’s it should be bitcoin based.

  20. Emily Merkle

    There exists a central control of our identities: the Social Security Administration.

  21. sigmaalgebra

    YMMV but to me, what I want on the Internet is a lotof anonymity or identity via pseudonyms.So, it seems to me that as people learn some of therisks of loss of privacy on the Internet, they willwant solutions and that solutions are readilyavailable.(1) Have the ISP make it really easy to change theIP address. With IPv6, one user could change IPaddress once an hour and never reuse an IP address.(2) Have a Web browser with that sends only meagerdata in the HTTP_USER_AGENT string.(3) Have Web browser refuse to send third partycookies.(4) Mostly set Web browser not to accept cookies.(5) Use no remote or single login services, say, viaFacebook, Google, Microsoft, etc.(6) Give only meager and/or false personal dataon-line.(7) Use only on-line sites that state and followsevere policies on user privacy.(8) User encryption, e.g., HTTPS.So, net, I see no fundamental problem; that is, itappears that for the threats to user on-lineprivacy, there are simple solutions that sufficenow.Disqus? No, I do NOT like the fact that thestandard way to post to Disqus is with just a Disquscookie in my browser so that all my posts to all ofDisqus can be seen together. So, what I post to AVCcan be compared to what I post to (A) Radical RightPolitics, (B) Leftist Marxist Politics, (C) Hot,Radical, Liberated, (D) Autonomous California Babes,(E) Road Burning Muscle Cars, (F) Math + Algorithms+ Software + Internet = Money, etc.

  22. jason wright

    your blog posts are being published so late in the day that i fear you’ve been kidnapped and replaced by an imposter (, or is this just another clock issue?

  23. André Staltz

    Then you’re looking for Avatar: http://sneakpeek.avatar.aiIt is many things: a OS in the browser, a file storage cloud, a P2P, and a decentralized identity system. Worth checking it out.

    1. Timothy Meade

      Can you combine and script applications from third-parties, collect them as your own ‘installed’ applications, buy and pay for them and other subscription services?

      1. Timothy Meade

        I take back my question. This looks absolutely awesome and totally from the future. My concerns would be how you build the network and keep the nodes incentivized to remain, as well as how you prevent traffic attacks by agents controlling a number of nodes. Persistent DHT is the way to go.Somebody else can build the desktop environment for your OS.

  24. William Mougayar

    But aren’t these systems centralized? So, someone could hack and compromise them (conceivably). That’s not ideal. Plus, for this to work well, everyone would have to use it.The silver lining will emerge if this is riding on a totally distributed infrastructure, so there isn’t anymore a single point to failure or weak links. And when this happens, it will fly in the face of the NSA and others who syphon info from the back of central systems. If there no central place, you can’t attack a single point anymore.

    1. Drew Meyers

      Why isn’t there some way for my central identity to sit on my own domain name? and then i authenticate my domain name w/ any site as my user account

  25. Brian Falther

    It sounds like what you’re describing is Keyhotee, currently in development by Invictus Innovations.Not only are they developing a decentralized identity platform, they’re developing the first decentralized ‘bank’ & ‘exchange’ for cryto-assets. You can learn more about them at….I know their looking for people to speak at their conference in Vegas in July, might be right up your alley…

  26. dave

    The Internet already has a decentralized name system — DNS.Your name is Mine is’s where we should start building.

    1. Timothy Meade

      But how do you prove that you own that domain? How do you sign a message stating you own that domain with both the registrar and ICANN also signing that message?

      1. ShanaC

        good point

      2. dave

        There’s plenty of prior art for that.When Google webmaster tools wants you to prove you own a domain, they ask you to put a special file on the website, or add a meta element to the HTML text of the home page.Many other approaches are possible.

      3. dave

        That’s a good question, but there’s plenty of prior art. Google webmaster tools, for example, gets you to prove it’s your domain by adding a file to the top level of the website pointed to by the domain. Or adding a bit of metadata to the home page (something like posting HI GOOGLE to the home page of your blog).Ownership of a domain conveys privileges. To prove that you own the domain, that it’s really you — the service just asks you to do one of those things in a very specific way.This comes up in banking too. My bank asked me for a picture and a slogan that they display when I sign in. That way I know it’s really them, and not a phisher. I chose something my brother and I used to say when we were kids. And a picture of the house my mother grew up in, in Prague. Doesn’t seem too likely that info would show up in my Wikipedia profile. 😉

    2. ShanaC

      don’t take this the wrong way, but I think it is a shanda that I have to buy shanacarp.comI’m the only one on the planet with that name (there is a Shana Karp though who graduated from Stanford and is a personal trainer)Its not my identity until it is always mine – the way my name is (hey, getting a name was free)

      1. Timothy Meade

        Did you get the

        1. ShanaC

          i’m still meh on bitcoin

          1. Timothy Meade

            Yeah, this is actually infinitely more interesting to me though. I don’t get the whole electricity -> math -> thing of great value aspect of Bitcoin speculation. Nor would I have invested the time to figure out how to acquire a namecoin.

      2. dave

        Okay — but birth certificates aren’t free. ;-)…In NYS they cost $30, plus $15 if you want it “expedited.”:-)

        1. ShanaC

          the document I do have to pay for, my existence in them, nope

    3. Muneeb Ali

      DNS is controlled by ICANN, which is a centralized identity. This is how domains are seized. With a truly decentralized DNS, like the one Namecoin provides you’ll need to get access to the person’s private keys if you want to take over his/her domain and there is no need for any centralized entity like ICANN.

  27. Mike

    Fred, you should really speak with Daniel Larimer of Invictus Innovations. They have already developed what you are looking for and it is called Keyhotee.

  28. C

    The most mind-blowing decentralized identity technology out there is Keyhotee (in development) check out this intro:

    1. Tera J

      What advantages do you think this has over a system like OneName?

  29. kevinmarks

    You need to look into IndieAuth

  30. ShanaC

    I think this is the first time I understand why you like bitcoin – I can send out invites to me!!!!For some reason that makes me happy…

  31. Greg Biggers

    Part of the problem is much of the people who are trying to solve open/distributed identity problems are also ‘wonky.’ Where are the pragmatists willing to make the right compromises in order to achieve simplicity and, therefore, adoption?

  32. Laurent Eschenauer

    You seem to forget about blogs (dns), email and chat (xmpp) which brought us free, decentralized and federated social communication for many years. I don’t think the issue is technical, but purely financial.The web economy strongly depends on the ownership of user information and thus on locking your users in a ‘silo’. A decentralized platform where you are free to move from one provider to another does not really support that kind of models unfortunately.

    1. Drew Meyers

      think we will move to a world where users pay for the services they use using micropayments?

  33. Ahti Kitsik

    My phone is my identity. Apps and the web gets mapped to my identity through Apple or Google account which is just an abstract layer in the middle. Contrary to what Apple or Google things — that *they* are the identity end-point.Company who controls your mobile identity controls the identity mechanism. So it’s either namecoin or some other distributed service, it must be the “WhatsApp for identity”. Telco or Google/Apple-forced identity must be broken, just like the SMS messaging had to be.But this time in an open manner, like bitcoin.

  34. Vineeth Kariappa

    Whats wrong with disqus? works perfect. ppl use the preferred system. Should be USV biggest co.

  35. ldouglas

    From a lot of the comments, I think there seems to be some confusion between Profile Aggregation and Identity Cloud.Getting my ID locked down to a standards-based, security-focused, and protocol-switching environment is about me having control of my Authentication and its utilization is what I like about the decentralized identity space.It allows me to separate my Social Profiles, all of them, from my authentication scheme, thereby reducing risks, complexity, and friction of being in this pending Online 3.0 future of: “entirely online”.

  36. Stephan Tual

    You should look into Ethereum 🙂

  37. Brian Azzopardi

    In real life, I have multiple roles – startup-founder, boyfriend, friend, etc – I want to be able to create throw-away identities for use online. Just like a bitcoin wallet lets you create new bt addresses, I want an identity “wallet” and the calling card I show you is the one I want you to see.impersonation already happens in real life. There are lots of other Brian’s in the world. But it doesn’t matter because in real life, my friends know who “Brian Azzopardi” is. The reason the internet (DNS/NameCoin/Facebook/etc) have an impersonation problem is because each of these services keep identities in a single namespace (pun intended).Real life doesn’t have one namespace.The solution is not for each of us to create profiles on NameCoin. The solution is for each of us to have our own namecoin – all of us have our own namespace. Namespaces that can overlap with that of friends. If reputation is currency, then people will want to own your-name-coins. Your currency, literally, goes up.Stream of thought on bad coffee.

  38. Dick Hardt

    Someone pitches me about a new identity system once a month. All that strive to be the ring to rule them all have failed miserably. The shift to mobile is the only near term driver to bring about a new protocol, but Google and Apple are not heading in that direction. If you want to chat about Identity Fred, happy to take a call.

  39. leigh

    When we had done Oponia (webserver on a stick technically speaking) we had talked about the notion of a person’s personalization engine being housed with them – reputation would be portable from site to site, preferences, personal data etc. I loved the idea but thought the biggest hurdle was going to be big Corp adoption as everyone wants the data for themselves. It would have to be a series of innovative upstarts who cared about privacy to disintermediate and create demand. I’m still waiting for it and i would DEFINITELY pay for it.

  40. JimHirshfield

    Oh, how clever. You coined a term.

  41. LE

    despite my multiple personalitiesI’m game to hear about stuff like that.