Decentralized Identity
In my LeWeb talk, I mentioned decentralized identity as one of the three big things I am looking for in the coming years. I think a protocol based approach is what is needed and the idea that Google, Facebook, Twitter, LinkedIn, or some other big tech company is going to control the database of all of our identities is a nutty idea in my mind.
We’ve been looking at a lot of things and to date, the namecoin protocol seems to show the most promise. Yesterday my partner Albert wrote a post explaining how someone could build this distributed identity layer on top of namecoin and pointed to two services, NamecoinID and OneName, that are attempting to do just that.
I have just started playing around with these two services and don’t yet have much of an opinion on them. But I did set up a onename profile at onename.io/fredwilson. You can send me bitcoin there if you’d like 🙂
This sort of thing has been tried in the past. OpenID comes to mind. They have all been too wonky and none got mainstream adoption. At this point, Namecoin, NamecoinID, and OneName are also wonky. But I am hopeful that something will emerge, most likely using the distributed autonomous organization funding model that I talked about yesterday, that will lead to an open global distributed identity system that everyone and anyone can use. If such a thing were to emerge, it would be transformative in many ways.
Comments (Archived):
Appcoin, Namecoin, Cachecoin…I’m getting me some Confusedcoin — if only I knew where to buy it.
yes, but namecoin and cachecoin are just examples of appcoin
You guys! Stawp beeng so coiny.
ConfusedCoin comes free. EducatedCoin will cost you $200,000 at Harvard.
With all these options, we’ll need TossACoin to decide between them.
Probably want to avoid an exchange called NameGox.
what was ‘gox’?
MtGox was: Magic the Gathering: Online Exchange (I believe)
thx.magic – now you see it, now you don’t.new lexis – to be ‘goxed’.
Ha. That’s great.
here, let me offer you one
If I have to engage in a data mining process to log in to a website, I’m quitting the internet.
Yup. That’s why this needs to happen.
If identity is decentralized, then place itself seems secondary and this turns marketing on its head.
You just made my head spin, not to mention an identity crisis.
I think I get the gist of what you’re saying but could you frame it a little more? Thanks:)
As much as I can do today Matt–Dreaming the future http://awe.sm/gJS9e
?I walk by your store and see something I like……..who cares if I participating in a distributed identity protocol?That scenario has about 2000 years of momentum.
How, specifically, does this cause marketing to turn on its head?
I will attempt to answer that tomorrow. Been a brutal day.Just pounded out this post to address some of the items.Dreaming the future http://awe.sm/gJS9e
Only marketing that focuses on place rather than identity. There is nothing about identity being decentralized that means that identity can’t be tracked and targeted. And even that doesn’t make place irrelevant because no matter how my identity is maintained I will still go to ‘places.’ eg stores
But seriously, what does decentralized identity do for the average consumer? What problem does this solve?
This piqued my interest in having an uber secure single login for all my different services. OneName claims to do that.
But wouldn’t OnePass or some other universal password service do that?
Yes, that’s what those services do. But in a centralized way.I’m not sure the avg consumer will get or care about the difference. On the other hand, she just might. Or maybe she will five years from now.
Will you get back to me then? 😉
Shhh! No one is supposed to know that I am The Avg Consumer.
If it is possible to gain this kind of trust, I think it may need to be a component of something else. I’ve had an idea around this kind of thing for a while now but haven’t chosen to pursue it yet for various reasons.
Right….like your bank or insurance company offering this kind of security. That makes sense to me.
Own and control your identity
Don’t I own and control my Twitter, Disqus, and LinkedIn identities?
hackers might.
What if you delete your account? Do you actually delete it and all related data?
Related data is not what we’re talking about per se. Identity and the trail it leaves are two different things.If I sell my house, three fact that I owned it is not erased from the public record.
Could this be a first-step towards users owning, controlling and also being able to BE PAID for the data they upload………?
Effluence is recycled into methane gas. But no one’s paying me for my shit. Ain’t gonna happen. Ever. As regards online user data, same story, different day.
Maybe it’s worth making a distinction between content created by the user and data of the socio-demographic type?For example, users monetize the designs they post on DeviantArt and the code they post on WordPress (fremium model) or CodeCanyon and the videos they post on YouTube.But the “exhaust data” of their online interactions isn’t currently “worth s*it” — except as aggregated, cleaned up and anonymized as representative sample consumer populations by the big social media platform and sold onto the brands?
Right.
There are people that pay to understand who you are, they just don’t pay you.
Yes, well aware. I’ve worked in that space. Which is why I don’t think users will ever get paid for their browsing and behavioral data.
I do think in the case of a Bitcoin exchange, you could get paid in some way for the amount of liquidity you provide (haven’t thought about the economic incentives around that)-perhaps in equity
Do you mostly mean own all of the content you produce and who has access to copies of it?
Doc Searls was writing about this back in 2005 and still offers the clearest explanations.http://www.linuxjournal.com…Leapy
Might enable easier and more hyperlocal. Might make it easier to interact with highly fragmented businesses-maybe Groupon ($GRPN) is onto something.
My case in defense of the idea:Your honor, If you’ve never watched a certain classic movie you might not realize what problem a dead fish on a bed solves. “Why would anyone put a dead fish on a bed?” you would ask?My personal feeling is that it doesn’t solve a problem the “average” consumer cares about. In mayorial elections people elect the guy who gets the trash collected and clears the snow after a storm.
I don’t think of it as Google/Facebook/Twitter “controlling” the database of all of our identities (awww how sad is LinkedIn you left them off).I just think of it all working together. Disqus has some of my online identity, twitter another, facebook another, my bank another…. they all tie back to my real name by choice (dat be proof, as @aweissman would say). I’m not sure I see the value in a protocol having some claim over my identity, unless that protocol gives me significant value in return, as disqus, twitter and likefolio (pluggers gon plug) do very well.Identity through participation…. I get it… I’m just not sure we don’t already have it and can’t see why we need a coin for that….nor why we would want it centrally decentralized.
Ooooh, DisqusCoin. I can haz?
I have cornered the market on disqusCOINS and will be releasing them into the marketplace over time in a fantastic progression that gets slower based on the complexity of the climate change models that are developed to answer why prior models failed to predict the failure of warming. We expect disqusCOINS to reach $1,000,000 in value by the time all 3.14159265 trillion of them are released into the ecosystem, which is projected to take 132.1 years.In other words… BUY NOW and figure out how to use them later, because SUPPLY IS LIMITED and the PRICE IS GOING UP.
Can I see a prospectus please?
Sorry all we have is a chart of price moving higher and some vague myths regarding the brilliance of its creator.
I am Satoshi Swanoto.
Liar, I’m Satoshi Swanoto.
No. I think you are Dorian Satoshi Swanoto Myers.Poser.
I heard a story from a developer recently that average people don’t like to use Facebook login on random products because they don’t trust what the product is doing on Facebook and what Facebook is getting from the product. I feel the same way and thus don’t use that option if I have a choice.I wonder if a login credential owned by something outside of one of these services has any more chance than Facebook, Google Twitter, et al.
Not sure I know the answer, but curious what you think their business/revenue model would be.
pretty simple playbook: http://www.theverge.com/201…
One customer solutions never scale.
Attached below.
They had lots of customers.
It’s true. At LikeFolio we get far more people logging on via twitter than facebook. It’s a bit of a tell regarding the value of the data behind that login.If you get into my twitter you might say something stupid and offensive. I doubt my followers would know the difference.If you get into my facebook you might call my niece ugly or message one of my exes in Texas.
exes in TexasI didn’t know you wrote lyrics to country music!
There seems to be a general mistrust of Facebook. Can’t figure out why. 🙂
You’re much more heavily tied into Twitter though no?
yes but that was only because users went that direction. We started off agnostic. Twitter won.
.This kind of real world data and reaction is the real thing.JLM.
Do stock hashtags play a large role in that you think?
No they make up a minority of our “matches”
Not sure what you mean matches. 🙂
We find brands and product names that tie up to publicly traded companies. So “you talk about Yahtzee a lot did you know that is Hasbro $HAS”
I set-up mine yesterday too, and will gladly accept donations 🙂 https://www.onename.io/will…The thing is I’d like to see more Apps built on top of this. Right now, it looks like a directory of bitcoin wallets.
That’s exactly right! It’s the very basic/first layer right now i.e., just a directory (or whitepages) of people and their bitcoin addresses. Many interesting things can be built on top …
not sure all that glitters is gold.centralized services do come with benefits, squatting prevention/’password reset’ to name a couple1.someone squats on your name, your families names and your businesses names. abuses them, costs you stress and money. your recourse = jack shit.2. you lose your private key effectively locking you out of your own identity for eternity. your recourse = diddly squat.
btw- I like what you’re doing with http://www.wollit.com/ . Where are you taking it?
thx, initially planned on it being a super-newbie friendly wallet but feel market pretty well served right now. current live app just testing water/scratching own itch. early days
ReeferCoin. Rad.http://www.wollit.com/cause…
Those problems would have to be addressed or this won’t happen
For #1, you can verify your various online identities and link them to OneName e.g., if someone creates onename.io/fredwilson2 but onename.io/fredwilson is “verified” to be linked to the twitter handle @fredwilson and to the domains avc.com and usv.com .. which user will you trust more to be the real Fred Wilson? Albert calls this “probabilistic identity”, grabbing someone’s real name is not important unless you can also compromise their domain/website, Twitter, Github, and so on.
peoples desire to use and invest in a service is directly correlated to them getting the username they want on said service
P.S: Just realized that if I post links then the SPAM detection fires up for Disqus. Hmm
True. You can think of usernames on OneName as domain names. You have to pay (a small price) to get them (right now we’re footing that bill) and they expire every 8 months. When Facebook really wanted their domain, they were able to buy it. This just creates a marketplace for usernames, just like DNS did back in the day for websites. People have three options a) be an early user and grab the username of their choice (equivalent to people getting good .com domains in the early days of DNS), b) purchase their username, if they need it that bad (this model has worked for domain name transfers), and c) be creative about new usernames (happens all the time when your the Twitter handle you want or the Github username you want is taken)
For #2, for currencies like Bitcoin to take off a) average users will have to become more aware of security and b) services and tools will emerge that will make safe-keeping of private keys easier and more dependable. I’ve been a developer/hacker since the late 90s and yet I’m shocked at how bad my own security measures were (e.g., the security of my linux servers, passwords for online services, and how I created data backups etc) until I discovered Bitcoin. Crytocurrencies are the first compelling reason for the world to upgrade their online security models. And it’s going to happen.
a good service would make it easy for people to designate multiple private keys, and to revoke lost keys
I agree with this. A protocol based distributed / decentralized approach is the way to go. But not just for identity!
But not just for identity!What else?
E.g. a tracker
This kind of thing is interesting.http://openlibernet.org/
Yes!
Identity is decentralized in nature. There are many ‘John Smith’ in the world and in graveyards! A name only something to the ones who know that person. My ‘John Smith’ os not your ‘John Smith’, why does Facebook’s John Smith be the same as Twitter’s John Smith?In the end, (and it pains me to say so), I don’t think it matter that some services are trying to centralize identity because it’s only centralized to them. So I don’t think namecoin and others are atcually addressing a real problem.Also, openId is more authentication than identity. It’s more about validating my claim of being someone than asserting that I am a given person.
We’ve outgrown the driver license, or its more credible relative; the passport on so many levels… Thanks for mentioning Albert’s post and pointing out namecoin – will be interesting to learn more!
If anyone wants a quick recap of Fred’s (excellent) talk at LeWeb about the 3 Big Megatrends, I put together a summary: http://www.datafox.co/blog/…
The most powerful parts of the shift to decentralized identity are the different decentralized pieces themselves, not the piggyback services that attempt to aggregate them.If people wanted their identity aggregated, they’d stay on Facebook and reject new services. The mere fact that identity is now spread across social networking platforms, professional networking platforms, hobbyist platforms, messaging apps, personal home pages, etc. shows that people are **fighting** aggregation, not embracing it.Back in the 2009 – 2012ish timeframe, people were getting social media fatigue. A bunch of services came out trying to aggregate all your profiles. This only contributed to more public fatigue, and lead to most people ignoring new social apps. While services from Hootsuite to Gravitar found small audiences of power users, most normal people think that if they’ve got to get a service to manage all their services, they’d rather simplify their lives and just not partake at all.The new apps that have grown in the meantime got to where they are by **not** standing for online identity. Whatsapp is a better messaging app. GitHub is a better professional networking experience. These services are experienced in separate bubbles; no one is sitting around thinking, “Geeze, I wish I could have central management for my Facebook, Whatsapp and GitHub profiles.”In fact, in the 2014 post-Snowden world, that kind of experience sounds down right awful. And while new protocols like Namecoin have a nerd caché that get the tech and VC communities revved up, real people are bound to see backend technologies, of which they understand nothing other than that they help make all the aspects of their identity easier to access online, as the enemy.Its pretty clear that the general public has little interest in aggregating identity, no matter how interesting the proposition sounds to the tech and VC communities.If you really want to capitalize on the decentralized theme, I’d make more investments in services like Kik — services that represent one of the decentralized pieces, like messaging — instead of trying to “own” every touchpoint of someone’s identity via auxiliary services that sit on top of everything. No one wants that.
Good post. I somehow would like to keep all of my identities separate, totally separate. Look at the 60 minutes piece on aggregation of data: http://www.cbsnews.com/news…If there were someway that I could keep my identity so humans could know it but obfuscate it to the rest of the world easily, that would be valuable to me. I know and do use a Private VPN, but it is not as easy as it could be. Kind of like having to SFTP files before Dropbox.This feels to me the same type of opportunity.
SFTP files before Dropboxrsync and cron to a server that you control in the cloud still works pretty well.
You know how Brad Feld has a quote “we suck less”I have one: “All of our customers are stupid, otherwise they wouldn’t be our customers”I don’t mean this literally but think about dropbox….I need to send you a big file, sure those work, but who won?
Conversely the more you know about security and how startups play lose and fast with their programming [1] the more you in no way can trust a third party company to be in charge of securing any sensitive data (I’m not talking about cat pictures). I guess in all honesty the same goes for Apple and Icloud. And ironically the larger a service is the more they are a target (so you can’t win). After all the only thing separating your data and someone who wants it is a bit of social engineering, right?”All of our customers are stupidCustomers are totally “don’t make me think” and just want a solution and/or handholding to their problem and will definitely pay for it. One big error small “lifestyle” web businesses make is assuming they have to price cheaply to get customers instead of pricing by value (I’m talking about ones that don’t intend to get funding..).While customers are stupid, the truth is it’s probably a combination of being uneducated and stupid. Stupid is not being able to process information that you have, being lazy, not paying attention [2] being of slow mind. Maybe even a bit of the “r” word. Uneducated is simply not knowing the answer and making the wrong decision as a result. You can make money off both of these groups of people. And they will be thankful because you helped them with something they don’t have the time or the brains to figure out themselves.[1] I’ve been hearing the same shit shoveled since 1996 about how secure things are and “we’ve got it figured out”.[2] Source: me
You are right I usually use the word lazy too. I agree, but here is the thing: BigCo person: I need that big Powerpoint now Phil!! Ok, let me put it on my SFTP Server and explain to you how to use it, frankly I’d prefer to bang my head on the wall for an hour because I might make more progress…..or let me dropbox it to you.
What’s interesting is that dropbox which started as a way for non technical people to do things that technical people could already do has marketing that doesn’t speak to a typical end user in a business. For example an accountant or a lawyer or the guy at the local design firm, architect etc.This page:https://www.dropbox.com/bus…Has things that are mixed together (using pharmacy lingo) OTC (over the counter) and BTC (behind the counter) that info is all on one page. So this speaks (even given their success) to shopping cart abandonment for sure.I mean what the fuck:Dropbox’s storage is SSAE16/SOC1, SOC2, ISAE 3402 and ISO 27001 certified on Amazon S3 and may provide data mirroring across other secure data centers.And if you order now you also get:Delta sync and LAN syncWho writes this shit? Why not organize the page in a way so that you don’t confuse the stupid customer with things they don’t care about.Edit: Organize means you can have all the stuff there but my mom doesn’t care about the rpm and torque on the car so make sure that is somewhere else so she doesn’t get scared.
Folder, that syncs, for business, and secure (ISO 27001 certified).
Agreed. C.f. my similar post on this thread.
Eek! That 60 Minutes clip is the basis for a real life horror movie.*shudders*
I will say this: Never go on 60 minutes if you know you are going to be cast as the villain. I know one guy they interview personally. He is genuinely a decent person. Really decent compared to the CEO of one of the companies that refused to be interviewed. I can tell that they probably did a one hour interview and picked clips right after they asked him questions like: So since you discriminate against X group, tell me your thoughts on regulation.
What did you think of the “new Lara Logan” they had on another feature?
I don’t watch the show. Somebody emailed me the piece. I think the either PowderPuff the piece or do a Hatchet job. I will admit to watching TV to relax, but I don’t understand watching shows that are built on conflict. I have enough at work. I was going to say the worst was catching my wife watching Nancy Grace, I just Googled her and found that just today a judge cleared the way for her libel trial.
I don’t watch Nancy Grace (I’ve seen it to just get a taste) but I used to watch both Larry Kudlow and Chris Matthews occasionally even though they are pretty much the opposite. I do this because I like to see what the opposing points are as biased as they are. Watching Matthews and his entire love of Kennedy is enough to make me eject food so I wouldn’t watch while eating. Otoh Kudlow was an addict or something like that which I find interesting.I definitely watch some conflict because I find it entertaining if done right. I don’t particularly like seeing people squirm or get caught in a lie (I hate those local news shows where they ambush a villain).
how do you keep it all separate
Well said.
I humbly disagree about no one having interest in aggregating identity. I agree with everything else though. 🙂
Sorry for the hyperbole. 🙂
.I think you were correct to start with, BB.There is a bit of Internet fatigue setting in in general.JLM.
Contact fatigue…the new cool is hanging with yer pals without once checking your phone.
There a lot more Namecoin usage cases to develop and implement like OneName:For latest Namecoin News take a look at:https://www.facebook.com/Na…ThxSupport and Like us!
Identity is a driver’s license or passport to most people. Their thinking doesn’t much travel beyond these. Where’s the need for the majority, what’s the use case where a sweetly engineered distributed identity scheme produces value beyond the simplicity of centralised identity for the average bear? I’m agreeing 🙂
Good and well thought-out post.
I like this post. And there is another element of concentrating identity (centralized or distributed!) and that is security and privacy. If someone cracks your identity and that identity is used across many services then are all such services vulnerable?
github doesn’t scale as an experience if you don’t write code
I don’t think the idea here is to aggregate identity at all, but rather to build apps like WhatsApp etc on top of a common core that is truly decentralized. It’s more of a shift to a new underlying architecture/model for building apps.
My problem with centralization (ala FB / twitter etc) is that it tends to treat your Identification and Personas as the same thing.Centralizing your Identity so you don’t need to authenticate yourself from first principles is great. Connecting your online Personas from different sites / products / real-life as a side-effect is terrible.
I got a namecoin id the other day. It was a confusing process. Remembering (writing down!) the long private password chain seems like the completely wrong approach.
These websites?http://namecoin.info/https://www.namecoin.org/Brought to you by geeks who make fun of business guys that they think add no value. Same type of people that think Jobs took advantage of Woz or Parc.
That’s called a “brainwallet” https://en.bitcoin.it/wiki/…. You could change that phrase to be unique in a way that you remember it more easily, e.g. “Brad Feld lives in Boulder and loves Amy, startups, running, sushi and books.”I agree it’s not something that the average consumer is going to embrace if that’s the only way of doing it. There is hope for other types of authentication methods to emerge like a bracelet that locks to your heart rate or something like that.
Thanks for the feedback, Brad. We’re looking at ways to simplify the signup process for OneName.io.
So I get the idea of centralized identity. You use FB or some other service to quickly login to others. The advantage is the quick sign-in and my data goes right over, the disadvantage is someone gets into my Facebook and they have EVERYTHING. Making accounts on every site prevents this, and to me seems decentralized enough already. I am not sure what problem OneName solves.
Problem is Facebook (a centralized service) having all your data in the first place. You upload your data on Facebook, then they show you ads to make money. You don’t own your data, Facebook owns it and can process it however it wants.In a decentralized system there is no Facebook. Users own their own data/identity and can talk to each other directly without needing to go through any third party. It’s a hard technical problem to solve, but the bitcoin protocol provides a solution to it.
It may be that the first step doesn’t include both “decentralized” and personally-owned/controlled.We need a public namespace where ultimate control is in the hands of its users. If it’s an open source service with free+hosted options, shouldn’t that be enough?Wordpress qualifies under that basic rubric, but we know that 90%+ of web users won’t publish long-form content without massive latency, and one of the qualifications for a global namespace is widespread adoption and participation.So the question becomes: who can build a massive and massively popular consumer service where users are in control of their data? And not just “data” in the sense of the content you publish, but control of your actual graphs. It only takes getting locked out of Facebook (or Twitter or …) ONCE to fully grok that it isn’t your network — they aren’t your friends — it’s Facebook’s. And personal ownership of your networks is the nuts.My guess is that an OSS About.me analog is a fair bet, but I also suspect that there are better publishing and communication tools + services that we can build that will be more content-focused. Build something that a billion people use and love, and that happens to feature “personal data ownership,” the ability to host your own instance, etc. (Correctly seeded and cultivated, an open source community of developers AND DESIGNERS will be able to ship more powerful product over the longer run).If the focus isn’t on delivering an amazing experience for mainstream users, it ain’t gonna happen.
This is highly interesting. When I traded, i participated in a peer to peer decentralized network that was managed by a central party clearing operation. I had a unique identity (“CR”). This is that on sterioids-but no centralized clearinghouse. My gut tells me there will be opportunities to set up several CCP’s that enhance and secure operations (and they will charge a very very small fee to do it)
I think there is a distinction that needs to be made between online public persona (which may or may not reflect the real you) which is distributed across a variety of platforms and the ability to verify your identity without giving information that can be resold, used to sell to you etc etc. I hate facebook login , twitter login because there is no granular control as to what you are giving away and in fact that changes as and when Facebook decides what information you can access through the api.I have no idea whether the latest and greatest bitcoin use is the way forward with this. I don’t really see a convincing argument. It just needs to be something that is so easy to use and understand and is sexy enough for the early adopters to get excited about it. Maybe why that’s it should be bitcoin based.
There exists a central control of our identities: the Social Security Administration.
YMMV but to me, what I want on the Internet is a lotof anonymity or identity via pseudonyms.So, it seems to me that as people learn some of therisks of loss of privacy on the Internet, they willwant solutions and that solutions are readilyavailable.(1) Have the ISP make it really easy to change theIP address. With IPv6, one user could change IPaddress once an hour and never reuse an IP address.(2) Have a Web browser with that sends only meagerdata in the HTTP_USER_AGENT string.(3) Have Web browser refuse to send third partycookies.(4) Mostly set Web browser not to accept cookies.(5) Use no remote or single login services, say, viaFacebook, Google, Microsoft, etc.(6) Give only meager and/or false personal dataon-line.(7) Use only on-line sites that state and followsevere policies on user privacy.(8) User encryption, e.g., HTTPS.So, net, I see no fundamental problem; that is, itappears that for the threats to user on-lineprivacy, there are simple solutions that sufficenow.Disqus? No, I do NOT like the fact that thestandard way to post to Disqus is with just a Disquscookie in my browser so that all my posts to all ofDisqus can be seen together. So, what I post to AVCcan be compared to what I post to (A) Radical RightPolitics, (B) Leftist Marxist Politics, (C) Hot,Radical, Liberated, (D) Autonomous California Babes,(E) Road Burning Muscle Cars, (F) Math + Algorithms+ Software + Internet = Money, etc.
your blog posts are being published so late in the day that i fear you’ve been kidnapped and replaced by an imposter (im..post..er), or is this just another clock issue?
Then you’re looking for Avatar: http://sneakpeek.avatar.aiIt is many things: a OS in the browser, a file storage cloud, a P2P, and a decentralized identity system. Worth checking it out.
Can you combine and script applications from third-parties, collect them as your own ‘installed’ applications, buy and pay for them and other subscription services?
I take back my question. This looks absolutely awesome and totally from the future. My concerns would be how you build the network and keep the nodes incentivized to remain, as well as how you prevent traffic attacks by agents controlling a number of nodes. Persistent DHT is the way to go.Somebody else can build the desktop environment for your OS.
But aren’t these systems centralized? So, someone could hack and compromise them (conceivably). That’s not ideal. Plus, for this to work well, everyone would have to use it.The silver lining will emerge if this is riding on a totally distributed infrastructure, so there isn’t anymore a single point to failure or weak links. And when this happens, it will fly in the face of the NSA and others who syphon info from the back of central systems. If there no central place, you can’t attack a single point anymore.
Why isn’t there some way for my central identity to sit on my own domain name? and then i authenticate my domain name w/ any site as my user account
It sounds like what you’re describing is Keyhotee, currently in development by Invictus Innovations.Not only are they developing a decentralized identity platform, they’re developing the first decentralized ‘bank’ & ‘exchange’ for cryto-assets. You can learn more about them at bitshares.org….I know their looking for people to speak at their conference in Vegas in July, might be right up your alley…
The Internet already has a decentralized name system — DNS.Your name is avc.com. Mine is scripting.com.That’s where we should start building.
But how do you prove that you own that domain? How do you sign a message stating you own that domain with both the registrar and ICANN also signing that message?
good point
There’s plenty of prior art for that.When Google webmaster tools wants you to prove you own a domain, they ask you to put a special file on the website, or add a meta element to the HTML text of the home page.Many other approaches are possible.
That’s a good question, but there’s plenty of prior art. Google webmaster tools, for example, gets you to prove it’s your domain by adding a file to the top level of the website pointed to by the domain. Or adding a bit of metadata to the home page (something like posting HI GOOGLE to the home page of your blog).Ownership of a domain conveys privileges. To prove that you own the domain, that it’s really you — the service just asks you to do one of those things in a very specific way.This comes up in banking too. My bank asked me for a picture and a slogan that they display when I sign in. That way I know it’s really them, and not a phisher. I chose something my brother and I used to say when we were kids. And a picture of the house my mother grew up in, in Prague. Doesn’t seem too likely that info would show up in my Wikipedia profile. 😉
don’t take this the wrong way, but I think it is a shanda that I have to buy shanacarp.comI’m the only one on the planet with that name (there is a Shana Karp though who graduated from Stanford and is a personal trainer)Its not my identity until it is always mine – the way my name is (hey, getting a name was free)
Did you get the onename.io?
i’m still meh on bitcoin
Yeah, this is actually infinitely more interesting to me though. I don’t get the whole electricity -> math -> thing of great value aspect of Bitcoin speculation. Nor would I have invested the time to figure out how to acquire a namecoin.
Okay — but birth certificates aren’t free. ;-)https://www.health.ny.gov/v…In NYS they cost $30, plus $15 if you want it “expedited.”:-)
the document I do have to pay for, my existence in them, nope
DNS is controlled by ICANN, which is a centralized identity. This is how domains are seized. With a truly decentralized DNS, like the one Namecoin provides you’ll need to get access to the person’s private keys if you want to take over his/her domain and there is no need for any centralized entity like ICANN.
Fred, you should really speak with Daniel Larimer of Invictus Innovations. They have already developed what you are looking for and it is called Keyhotee. http://invictus.io/keyhotee…
The most mind-blowing decentralized identity technology out there is Keyhotee (in development) check out this intro: http://www.youtube.com/watc…
What advantages do you think this has over a system like OneName?
You need to look into IndieAuth
I think this is the first time I understand why you like bitcoin – I can send out invites to me!!!!For some reason that makes me happy…
Part of the problem is much of the people who are trying to solve open/distributed identity problems are also ‘wonky.’ Where are the pragmatists willing to make the right compromises in order to achieve simplicity and, therefore, adoption?
This seemed like a no brainer in 2006 when I met Lifelock….and today http://blog.zwillgen.com/20…
You seem to forget about blogs (dns), email and chat (xmpp) which brought us free, decentralized and federated social communication for many years. I don’t think the issue is technical, but purely financial.The web economy strongly depends on the ownership of user information and thus on locking your users in a ‘silo’. A decentralized platform where you are free to move from one provider to another does not really support that kind of models unfortunately.
think we will move to a world where users pay for the services they use using micropayments?
My phone is my identity. Apps and the web gets mapped to my identity through Apple or Google account which is just an abstract layer in the middle. Contrary to what Apple or Google things — that *they* are the identity end-point.Company who controls your mobile identity controls the identity mechanism. So it’s either namecoin or some other distributed service, it must be the “WhatsApp for identity”. Telco or Google/Apple-forced identity must be broken, just like the SMS messaging had to be.But this time in an open manner, like bitcoin.
Whats wrong with disqus? works perfect. ppl use the preferred system. Should be USV biggest co.
From a lot of the comments, I think there seems to be some confusion between Profile Aggregation and Identity Cloud.Getting my ID locked down to a standards-based, security-focused, and protocol-switching environment is about me having control of my Authentication and its utilization is what I like about the decentralized identity space.It allows me to separate my Social Profiles, all of them, from my authentication scheme, thereby reducing risks, complexity, and friction of being in this pending Online 3.0 future of: “entirely online”.
You should look into Ethereum 🙂
In real life, I have multiple roles – startup-founder, boyfriend, friend, etc – I want to be able to create throw-away identities for use online. Just like a bitcoin wallet lets you create new bt addresses, I want an identity “wallet” and the calling card I show you is the one I want you to see.impersonation already happens in real life. There are lots of other Brian’s in the world. But it doesn’t matter because in real life, my friends know who “Brian Azzopardi” is. The reason the internet (DNS/NameCoin/Facebook/etc) have an impersonation problem is because each of these services keep identities in a single namespace (pun intended).Real life doesn’t have one namespace.The solution is not for each of us to create profiles on NameCoin. The solution is for each of us to have our own namecoin – all of us have our own namespace. Namespaces that can overlap with that of friends. If reputation is currency, then people will want to own your-name-coins. Your currency, literally, goes up.Stream of thought on bad coffee.
Someone pitches me about a new identity system once a month. All that strive to be the ring to rule them all have failed miserably. The shift to mobile is the only near term driver to bring about a new protocol, but Google and Apple are not heading in that direction. If you want to chat about Identity Fred, happy to take a call.
When we had done Oponia (webserver on a stick technically speaking) we had talked about the notion of a person’s personalization engine being housed with them – reputation would be portable from site to site, preferences, personal data etc. I loved the idea but thought the biggest hurdle was going to be big Corp adoption as everyone wants the data for themselves. It would have to be a series of innovative upstarts who cared about privacy to disintermediate and create demand. I’m still waiting for it and i would DEFINITELY pay for it.
Your Article is mentioned at Namecoin @ Facebook:https://www.facebook.com/Na…
Oh, how clever. You coined a term.
despite my multiple personalitiesI’m game to hear about stuff like that.