2023: Outwith Identity

Time-saving tip:

This article is intended for a niche audience: primarily technologists, product folks, and identity enthusiasts.

Disclaimer:

• There is no blind promotion of web3 on my part. I recognize that the decentralization so far has been more of a re-centralization. Multiple data points already started to indicate this re-centralization: 80% of NFT and 95% of Bitcoin are owned by 9% and 2% of participants, respectively. Soon more to come from me on this point.
• I'm an authentication expert but am high-speed learning and building in the identity space.
• In spite of my tone in this article, I don't believe Identity has been a market failure. There is definitely a visible and measurable value chain supported by multiple service providers, but I believe we are only doing well in an old problem space needing a redefinition of what digital identity really is.

Ok with that out of the way. Let's start!

There's no artifact called an identity in self-sovereign identity"

Pill Windley (God father of SSI), 2020

The Gist

Identity has increasingly become about relationships of a person with other people, orgs, and things. It's now less about your SIN, date of birth, and background checks, and more about a whole set of data points that's evolving every minute:

• You being 18+ without disclosing your name or any other personal data
• Synthwave as your Spotify #1 listened to genre in the last 5 years
• Tennis is your most read sport-related content on all your devices in your entire existence
• Your Roblox avatar. A fitting joke to insert here: If you don't have a Roblox account, chances are you should, so to have a remotely meaningful relationship with your under 10-year-old kid in their formidable years.

When Web2 was in its infancy, identity was not federated. In fact in its most digital form today it's still not federated. At the inception of big tech, a vast ecosystem of applications started needing users to identify themselves daily. That need shortly became more demanding to the point when today online users can identify themselves in the order of minutes. Leading the pack in Web2, big tech, and even big banks started to federate user identities.?

Big tech federated a thin part of us across a wide net online. Big bank did the opposite: It attempted to take a deeper portion of our digital identity but for a narrower net online.

Although Web3 has enabled the technology stack to address web2 shortcomings, there is still a long way to go but we are equipped to shorten this path drastically. I believe 2023 will look at this shortening challenge as one of the most fundamental problems worth solving in our technocratic reality.

A Web2 failure

In the form of SIM cards and chips, there have always been technologies for handling user relationships for at least 20 years. The technologies have allowed digital signage of assertions bound to keys and allowed users to present that assertion again in multiple formats.

Having said that, in the past 2 decades, the well-intentioned Web2 identity oracles managed to achieve an incredible level of failure in innovating these technologies.?

Failures of this sort can be attributed to both obvious and less obvious reasons:

Identity is not rooted

• Identity was never part of the original version of the internet. According to the founders, HTML, CSS, and Javascript did not include identity standards. Even the evolutions of web technologies never included identity.
• Companies worked around identity. In computer science, you've got a data model problem at the bottom if you see the same problem occurring repeatedly at the top level. Our data model for the internet missed a whole slew of fundamental concepts as part of that model. Identity was the cardinal miss.

The vain attempt: Federation

The federation effort. Let's do a reality check again about what identity is: it feels still grey but it's all about credentials and relationships. It's becoming less about your 'government' issued things and more about 'anybody' issued things: your education, skills, game profile, whether you are a criminal or not, without disclosing anything but, your verified claim that you worked in company x for y years, and so on.?

Identity is not about static, once-in-a-while-to-be-updated, transaction and contact level user data.

Well, who went around federating relationships? Who tries to overcook these credentials?

Let's start with the fintech industry. This industry went on a wild goose chase to federate identities. A great deal of time was spent on that and is still being spent on developing a federated ID to be used in banks and non-bank sectors. In addition to bad execution and a lack of vision, the starting point was the wrong one to begin with.?

It was a poor at best and naive at worst way to think about identity.

To be fair, this is less a reflection on fintech and more on the entire technology sector. Identity can not and should not be contained within a guarded wall of any entity for it to meet its full potential.

From the Vain to the Pain

It is easy for small and painful incidents to turn into even bigger nightmares if you don't pay enough attention to your digital hygiene.

The way identity is built online is just plain wrong.

1. A whole lot of data is running and being shared in the background: Device type, geo-location, browser-level data. There are backdoors to this channel of data and there are backdoors to those backdoors themselves and so on.
2. Massive friction on high-value flows like checkouts, onboarding, and on-ramping.
3. Increasing risk and liabilities through CCPA and GDPR.
4. Simple one: customers are becoming more worried. Less tolerable toward frictions.
5. Users are on more devices (on average 3), and they have more credentials (150 to 200 per person)
6. The 'vainy' federated solutions are all becoming one race against time, hackers, big tech, big banks, and billions of users' demand for far less friction UX.

The biggest blind spot: Sybil resistant thinking

A traditional governance model has been perceived as incapable of giving more power to the identity system. If a large number of participants participate in the same investment round, more allocations cannot be claimed.

Known among the most prominent and knowledgeable critics of the crypto and Web3 industries, Molly White is a believer in the Decentralized Identity Trilemma.

In her 2018 view, there can be no system to satisfy all 3 needs and web3 initiatives have been focused on the first 2 challenges at the expense of the last.

In web2 today (which in Molly's view is the pinnacle of the sybil-resistant system), we have built brilliant anti-private systems that block all sybil attacks. Yet the truth is these systems are only Sybil resistant when they need to be. In other words, the centralized model will enable anyone closer to the center to lower the resistance when needed. An example of this happens daily in the stock market via market manipulation. SEC's The Securities Act of 1934, and the Commodities Exchange Act prohibit three types of market manipulation activities. The key word is prohibit ie you will get into trouble if you commit. As in the system is not solving that, the regulation is (almost for a century now!). All of these three manipulations are triggered by whales and/or unidentified individuals/orgs. Somehow and wrongfully, we have been indoctrinated to NOT think of these manipulations as Sybil. My years in trading, lending, and wealthTech point me to the fact that these are exactly Sybil attacks by definition but not necessarily in a technical sense.

So when I read Molly-like, articulately overhyped and half-baked opinions on this matter, in the back of my mind something rings like:

"Is it surprising that senior Google/FB execs wouldn’t understand the value of computing networks that are not run by Google/FB execs?'

Most definitely not.

A design-thought version of Identity

This is what I am working on. I spent just less than a year now focusing on this problem space. As usual, I saw answers from an abductive, design thinking angle which led me to multiple actionable insights, pain points, gain creators, etc. All of that to an eventual set of use-cases worth solving for.?

From some basic use-cases

The ones where end user scream 'it's 21st century, please build this right now. I beg you'

• One-click on-ramp of users without putting them through the tedious KYC they just went through 1 month ago on another site where they had to look for 3 minutes for their ID card and failed 5 camera captures.

To less basic use-cases

• I'd like to prove my residency in my state and NO I do not want to disclose my address.
• I'd like to do a background check for my new employee without waiting for 5 business days.

To some what I call 'Avant-garde self'

This refers to the ultimate digital projection of 'self'. Identity is contextual, so its attributes should be as well. I mean an overview of an identity's attributes in real-time and holistically.

I've so far crafted and identified 12 possible 'Avant-garde' use cases across multiple verticals. Let's visualize the value for the user through 3 less advanced use-cases.

Congrats! you can skip the first round of interview

Sub-minute underwriting for a mortgage application.

Since account ownership and asset ownership can be at best pre-verified or at worst instantly verified, the same user could go through a similar UX when it comes to applying for their mortgage.

Congrats Otto You just saved $18 for simply being you on on this purchase. (Otto just moved to NY. It’s his first day in the city, first online food order, and first restaurant that happens to have a? chanting welcome campaign for newcomers in 5-mile radius).?

There are a few more advanced use cases I” 'm exploring on this that do not meet my timing requirements for public disclosure today. Having said that, if you are in the identity domain and resonate with this article please do feel free to DM me. It could be a great discovery call on both ends to validate ideas mutually.?

Other topics I am exploring:

1. The product and tech stacks needed for the 'Avant-garde self'. My heavy bias toward verifiable credentials is still waiting for evidential challenges before their demise.?
2. Digital property and digital reputation
3. Self Sovereign Identity (SSI). The only sustainable way to do identity and why it will fail. This is the top topic of interest for me now.
4. How to maneuver identity in the inevitable realities: CBDC 2030, real-time payment, rising formation of fringe-community not adhering to handover PIIs.

2023 is likely exciting. 'You' will be even more exciting.

Disclaimer:

The views and opinions expressed in this article are those of myself, based on my own secondary research, and do not reflect the official policy or position of any other agency, organization, employer or company. Assumptions made in the analysis are not reflected of the position of any entity other than myself - and since we are critically thinking human beings, these views are always subject to change, revision and rethinking at any time and are not meant to be held in perpetuity.

My work is protected under Attribution-NonCommercial-NoDerivatives 4.0 International License.