Walls have been going up on the Internet. The openness that characterizes the Net is under attack on several fronts.
With the death of cookies, you might think this is recent writing, but it actually comes from a manifesto from over 20 years ago. It was written by internet pioneers who even in 2004 were already aspiring to a Next Generation of the Internet, one with identity and trust built in.
Their proposed protocol has yet to materialize. For instance, two weeks ago George Hotz wrote
The reason the Internet sucks now is because it has a different ruling class from the 90s-00s. A subject mindset now vs a citizen mindset then.
Elon Musk agreed and asked for ideas. Hotz replied
I think the main problem is the friction of avoiding the major platforms.
HTTP, SMTP, and POP3 were open protocols that anyone could participate in, Facebook, Reddit, and X aren't.
However, just building the protocols won't work. I'm generally bearish on most crypto projects, particularly when I see things like metamask swap and the uniswap front end fee.
tl;dr: Make the self sovereign option lower friction than the centralized option.
We agree: You can’t save souls in an empty church.
We love the principles that crypto projects encode, but they’re paid for with complexity, cost, speed, and consumer ergonomics.
It’s time for little tech to get aggressive.
You don’t get self-sovereignty on principle alone. Consumers expect effortless experiences. They don’t want to run their own servers. You get self sovereignty because it delivers 10x better experiences that recast incumbent cost structures.
So – how do we get “self sovereignty” and lower friction? Self sovereignty and 10x products with entirely different cost structures?
In analysis, a common proof technique is to begin by starting with just what you know and pulling the thread in a forceful way to get what you want.
You can prove foundational results like the Intermediate Value Theorem this way. Just use the properties of what you know and have and continue to unpack them until you get what you want.
Taking a similar approach, we attempt to unpack self-sovereignty and see if we can find threads to pull to get it.
Law or ledger?
There are many candidate definitions of self sovereign identity. We like Christopher Allen’s 2016 Coindesk posing of self-sovereign identity and its associated 10 principles.
- Existence: Identity is based on a personal core that can't be fully digitized. [Just as in our Shape of You representation.]
- Control: Users must govern and manage their own identities.
- Access: Users need full access to their data without hidden information.
- Transparency: Identity systems must be open and understandable.
- Persistence: Identities should endure as long as needed by the user.
- Portability: Identity information must be transferable across systems.
- Interoperability: Identities should function globally and cross-platform.
- Consent: User consent is required for identity data sharing.
- Minimalization: Only essential identity data should be disclosed.
- Protection: User rights must be prioritized and safeguarded.
It seems that these principles have endured. Let us say that self sovereignty is the delivery of these principles.
Since Allen’s writing, global privacy laws have embraced these principles, delivering components e.g.,
- Control: Right to delete and correct
- Access: Right to access
- Transparency requirements
- Persistence and Portability: Right to access
- Consent and Minimization: CCPA 1798.100.a.1-3
Of course, these laws don’t have the same elegance as protocols. Compliance can be slow, high-friction, and leaky. Protocols resolve possible conflicts of interest on initialization.
On the other hand, laws like the Digital Markets Act are amping up costs of non-compliance to 20% of global revenues. Big companies (“Gatekeepers”) called out by the DMA like Google and ByteDance are taking it seriously, shipping, among other things, data portability APIs.
It’s unlikely Google would ship a Data Portability API if they didn’t have to – after all, they’re simultaneously attempting to restrict cross-context data flows.
Possible paths to self-sovereignty by policy not protocol can feel sacrilegious.
I think in the industry, because we love decentralization … we treat it as though it is sacred and always applicable and that's not true. Decentralization means means you will be very inefficient and very slow in exchange for being perhaps very secure or aligning incentives so that you don't have one group of people taking advantage of another group of people.
Jake Chervinsky Chief Legal Officer at Variant explained at ETHDenver in February.
Policy is making denying consumers access, control and transparency around their data and its use expensive. Chervinsky continued
What has worked is being very honest about what you are doing and why and what that includes when it comes to deciding whether and when you want to decentralize so to me decentralization is a trade-off.
We agree. Full self-sovereignty, depending on how it's posed, comes at a cost.
So the enforcement and demonstrated early compliance with laws like the Digital Markets Act feel like an opportunity. With another candidate option in hand and a clear set of principles needed to deliver self sovereignty, we have apparent opportunity to affirm the tradeoffs we might make to deliver self sovereignty, perhaps progressively.
Persistent Identity
It didn’t take very long for people on the internet to begin to long for a persistent identity.
We quote the Next Generation of the Internet manifesto because it is strikingly and uncannily prescient to the present moment.
Off-line the question of individual identity is fairly straightforward. ….
On the Internet, however, identity is a far less subtle, and more complicated issue. The Internet, as it is configured today, is poorly suited to support the multifarious nature of identity that we take for granted in daily life. … Each of us may have one, or several, e-mail addresses, but that specific identification says little about who we are, our interests, or our experience.
The World Wide Web is a super-set of the Internet built on top of the fundamental organizing principal of domain names, which are used in the creation of URLs. Each URL is a "Web site," or a location on the Internet that individuals can visit by clicking on hyperlinks. Once a URL is established, it essentially becomes the private property of the person or group that is administering it — the site becomes whatever the site’s director chooses for it to be, at a whim.
But while the Web has developed a sophisticated system for the creation of "sites," there has yet to appear a good means to represent each of us as individuals in cyberspace. Every time we visit a new Web site, we enter as an anonymous person. Then, with our own labor, we create an identity within that specific site, following the rules as they are presented to us (For example: "Please click here to register ..."). Once we establish our identity on that Web site, it effectively becomes the property of the Web site owner. For this reason, URL-based communities are like walled castles with one-way doors; once you have created an identity on that Web site, it is only of use on that same Web site; it can never escape.
This writing resonates with us deeply.
“The internet sucks” says Hotz. We've known why for over 20 years.
But the manifesto's solutions, particularly involving a decentralized consensus building on internet ontologies, have felt to us challenging to get off the ground. AI with growing data portability rights appear as a solution.
Federated meaning of life
Each of us makes our own meaning in life. But the idea of a decentralized approach to developing an open ontology – a formal shared map of concepts and meanings (that themselves are in flux!) – feels challenging.
The idea is beautiful – let the people define the matter of meaning. But decentralized governance is intentionally inefficient. Chervinsky explains
decentralized governance … [is] intentionally going to be inefficient. The best example of decentralized governance that we have before crypto is the United States Congress if you've spent a minute looking at the United States Congress you can see it is not efficient it is very slow it almost never gets anything done and that is by Design.
As we pointed out last week, even decentralized social protocol Farcaster takes an opinionated (and reasonable!) approach to ontology.
And in the age of AI, a blessed formal shared taxonomy may not be needed. As long as there is an open and well-formed standard for cataloging events (e.g., as recorded by other platforms), with AI data intoperability is just a prompt away. So while, per the manifesto, “commercial systems for forming ontologies have no incentive to use open standards” in the age of AI – where data interoperability only demands known provenance and ontological consistency – that might not matter.
AI makes closed ontologies difficult to defend.
Progressive self sovereignty
The manifesto seeks principles
- Open Standards: “it must be transparent so that all of the entities that participate in it are reasonably assured of its trustworthiness”
- Interoperability: “Interoperability between diverse environments and ontological frameworks is central to this effort.”
- Inclusivity: it “must be value-neutral, open, and inclusive, not unlike the open connectivity of the underlying Internet protocols.”
- Respect for privacy: “Every person online must be certain that private information remains private, and that neither governments nor commercial interests will use this information in any way without the individual’s knowledge and expressed permission.”
- Decentralization: the authors propose decentralization rather in how to integrate the protocol with the rest of the internet, namely “standards that can be added to existing community operating systems in a modular fashion — so they do not have to rewrite their software from scratch, but rather can "plug-in" these modules to their existing infrastructures.”
We’re building Crosshatch in support of these principles.
We were only kids when this manifesto came out. But we expect a better internet today. Governments do too.
The ideals espoused here are now not only written into law but enforced. AI releases us from the coordination challenge of creating a single way to describe things that we all agree on to one that’s just well-formed and openly documented. It also is poised to recast infrastructure costs of personalization, enabling activating personal context a mere API call away at marginal cost that’s falling over 80% year over year.
And for digital representations of identity just images of the ineffable self portable by expensive-to-violate state mandate, there appears a thread to pull to make a self-sovereignty option not only lower friction but a way to richer experiences than centralized option alone. With data represented once under the user, businesses wishing to activate the data can skip building and maintaining this infrastructure themselves, delivering "internet more you" exerperiences for less.
We view self-sovereignty on a sliding scale of tradeoffs. Stronger (protocol-enforced) controls over custody and data usage can come at the expense of consumer and developer ergonomics, costs and experiences. Controls via legal agreements and privacy laws are gaining stronger teeth and enable ergonomics more familiar to developers and consumers. We start with the latter and build toward the former to the extent it unlocks demand of people with fiercer preferences for control.
Enabling a more expressive and free internet – to make everything more you – is complex and going to take a lot of work to get right. But the principles are worth it. The upside of an internet 10x more you because it activates all the context you wish to share is worth it. Getting these principles with economies of scale is worth it.
It is progressive in that we begin with initial adherence to self-sovereign principles and build in a way that tightens the guarantees we're able to make over time. We start with what we know and pull the thread to its conclusion. That feels like a beautiful path.
And it's the one Crosshatch is building.