Can I own my identity on the Internet?
identity internet thoughts · 18 comments · 750 words · read ~533 times.
The ultra secure messaging app, Signal, requires a mobile phone number in order to sign up to it. This, as my friend Tom Morris, points out, is madness.
People don't own mobile phone numbers. They are rented from mobile operators. Yes, you may be able to move "your" number between a limited set of providers - but it ultimately doesn't belong to you. An operator can unilaterally take your number away from you.
If you move to a different country, you will almost certainly have to change your number - thus invalidating any account which relies on a mobile being your primary identifier.
That's before we get on to how hideously insecure phone numbers are. Transmitting an SMS with a sensitive one-time code over a cleartext which can be easily intercepted is not a sensible approach to security. Modern phone networks are designed to accommodate Lawful Intercept - and suffer from a range of security weaknesses.
Fine. Whatever. Let's use emails as our primary ID. Bzzzt! Wrong! Email addresses are just as ephemeral as mobile numbers.
If you use a service like Gmail, Yahoo, or Hotmail, then you're at the mercy of those providers. They can revoke your access at any time. They can give away your cherished address. And, like phones, they can be legally compelled to give access to certain 3rd parties.
Social Media IDs are equally rubbish. Your presence on Twitter or Facebook is little more than virtual sharecropping. You don't own or control your ID. If the provider goes bust, you've lost the ability to identify yourself.
OK, here's an answer! What if I run my own domain? Then I'll be in control of my identity. And my email as well!
No. Not really. Your domain is only temporarily leased from your registrar. Perhaps you forget to renew your domain. Or renewal prices will jump and you can't afford your "home" any more. Perhaps a global corporation insists that they alone have the right to use your name and take you to court. That kills off the ability to use something like IndieAuth.
Umm... How about IP addresses? Again, for most people these are leased from ISPs and are dynamic. Even with a switch to IPv6, there's no way to own an address permanently and move it between ISPs.
I want an online identity which is immune from 3rd parties to take back. Something unaffected by Eminent Domain. That - no matter the social and technological changes of the Internet - will remain valid throughout my lifetime.
Let's craft a problem statement
As a user, I want to have an identifier on the Internet which can only be revoked by me.
(That's not a perfect story, of course. It says nothing about security, access rights, or usability. But it is a simple starting point.)
Does such an identifier exist today?
Something like a Public/Private keypair is almost right. Ignoring the many usability issues with things like PGP, it is conceivable that you could authenticate yourself to a service by cryptographically signing a challenge they send you which is then verified against your public key.
This is more-or-less how FIDO UAF works. You generate and store your keypair on a piece of cryptographic hardware and use that for authentication and identification.
But there is a more fundamental flaw - a keypair doesn't provide a method for delivering a message or a service.
At the moment there's no way to say
- "Visit my website at
impossibly long cryptographic string" or - "Give me a call at ..." or
- "Let's exchange data via ..."
OK, I can add multiple email addresses to a PGP key and hope that all the major email providers don't go bust, or sell me out.
I'm sure there are hacks which will turn 000D05F640557C62 into a DNS entry for a website. But that still falls back on requiring an existing domain name. Which can be taken away from you.
(As an aside, if you're an intergovernmental agency registered by an international treaty, you can apply for a .int domain. That's probably harder for someone to unilaterally revoke.)
The Internet, so we are told, routes around damage. But where does it route to?
I don't have an answer to this. It seems like a fundamental design flaw with existing Internet infrastructure. How can I carve out a permanent home here?
Whatever happened to URI Schemes?
Daniel Appelquist says:
Isn't this exactly how .onion domains work? There, arguably, you have your own site which can be owned by you and does not rely on any registry. See https://www.rfc-editor.org/rfc/rfc7686.txt
Of course, .onion domains rely on the an operational Tor network.
Sam Machin says:
Can we even do this in the physical world yet? Yes I can own a plot of land and by virtue of that have an address using one of a number of namespaces; postcode, lat/longs or even "what 3 words" but this is still subject to the masters of the namespace, and even the physical place could be subject to a compulsory purchase order to kick me out if the authorities decided to build a new motorway through my house or such.
Your point about public/private keys is interesting but there's a difference between an identity and an address, I don't see keys solving the addressing/discovery issue
Neil says:
I think your point about the physical world is well made: addresses can be changed (think street renaming), and the core of the UK addressing system, the postal code, is made available on a licensed basis (via the Postcode Address File).
I suppose one potential difference between one's online residence — a domain name pointing to an IP address assigned to a server, at its most basic — and one's offline residence — let's say the ownership of a piece of land — is that the compulsory acquisition of someone's land, or eviction from a property, is subject to formal processes, and is challengeable before a court. In the online world, one's protection (if any) is limited to the terms of service governing the relationship between your provider and you. And it probably contains provisions about removal / withdrawal / service cancellation, often without cause. Your protection is only as good as your contractual relationship with your service provider, or perhaps your ability to enforce such a relationship if your services are removed in breach of that contract.
The closest I came to permanence — echoing Dan's point — was that of a .onion address. There, it is not the operation of a law which offers any certainty, but the mathematics behind the recreation of the private key needed to assert control of the domain. So while the underlying infrastructure may change, your IP addresses become reallocated or whatever, as long as you can get your Tor hidden service connected to the Internet, and do not compromise your private_key file, your address should be reasonably secure. Ironic, perhaps, that a system designed for anonymity / lack of attribution may be the best way of preserving permanence online. For limited values on "online", and as long as your correspondents don't mind also being on Tor.
Without thinking too carefully about this, it feels as if there must be something blockchain-like that could be used. A widely-distributed-and-duplicated sequence of contact details, where the most recent entry signed with your private key is the correct way to contact you, and revokes any previous entry?
It feels like the community would need to be the authority for this. Perhaps some sort of distributed network like BitTorrent or shudder a Blockchain combined with something PGP-like. You could say "contact me at BF55AE33", and the network could convert that to a pgp-signed list of current pointers that you maintain. This could include IP addresses, so a DNS lookup for BF55AE33.distributed-identity is possible. Current email address. Social media accounts. Even a short profile, harking back to the .plan days.
Gustav Tonér says:
Sounds a lot like what https://namecoin.org/ wants to accomplish. Embrace the blockchain 😉
Alex says:
As Sam mentions, I think this somewhat confuses the concepts of identifier and address. Even in the physical world this is extremely complex.
Some set of biographical information often is used as an identifier (name, nationality, DOB, place of birth, parent's details) but this is imperfect as it's often non-unique (one hospital district in Florida has 23 Maria Garcia's with the same DOB as patients), mostly non-revokable, and sometimes changes dependent on context (I'm American when dealing with the US government, British when dealing with the UK, and one/other/both when dealing with other countries). Biometrics likewise have issues with usability (especially remotely) and revocability. Importantly none of these gives anyone a method for communicating with me or for easily asserting my identity.
Similarly a 'permanent' address doesn't really exist in the physical world either. Between the ages of 18 and 35, I've lived in 18 locations. In 15 of these my continued presence has been at the whim of the property owners, in the other three I at least theoretically was at risk of compulsory purchase or the mortgage company pulling the rug out from under us. Yes, the legal rights in the physical world are a bit better, but if someone really wants your address they can probably get it.
I think with the speed in which internet communication methods (and companies) change, there is no real way we'll ever get a permanent communication channel. What I'd like to aim for is a reliable identifier and a secure directory of the current 'address' for this identifier. Perhaps something akin to a DNS server of public keys and then an email address (or phone/twitter/snapchat) signed by the private key? Lots of challenges in implementation though...
@Edent This is a good post, and my first thought was to agree with you: it’d be great to have my own owned identity and to have full control over how much information it shares about me on a site by site basis. My second was how such a unique, lifelong online identity would be different from Government mandated ID IRL, and how many people might be hurt if it became a requirement of web use. Sometimes its an advantage to have an ephemeral identity online.
@Edent that sounds like a job for blockchain wallets! You have a set of keys which you can use to send messages through a global decentralized database, or verify your identity. You own it in every sense of the term forever.
@Edent
Perhaps the only method is to have multiple overlapping and widely separated forms of identity ownership or verification 🤔🤷♂️
Even if they are imperminent, imperfect or inaccurate they shouldn't all fail simultaneously in such a way as to be catastrophic.
@mrdalesmith @Edent I had high hopes for Tim Berners-Lee's Solid project: https://solidproject.org/
It seems to have stalled though, or been ingested into Inrupt (also by T B-L). At least on this site there are some more recent updates/coverage in the media:
https://www.inrupt.com/coverage Home · Solid
@Edent I find this a fascinating problem. It might be useful for a few people to own their identity, but I suspect the majority of users don't want to. People forget their passwords and misplace their keys all the time. If they are the sole owners of their identity, then that identity would be lost forever. If you lock yourself out of your home you can always call a locksmith or break a window. If you lose a private key nobody can help you.
@Edent Has anything changed in the 7 years since you wrote that? How fragile is cryptography really? It obviously needs to be quantum-proof. Most other options depend on a single source that could go away. Keybase tried to provide a way to prove identity and ownership, but it's not really taken off.
Like it or not, blockchains can be pretty robust as long as you have enough witnesses/miners/nodes.
I'm sure smart people can come up with something else.
@gundersen @Edent Also raises an interesting question of if you manage your own identity, how do you prove it’s you? Can we even do that now? 🤔
@beeb @Edent
Have you come across Veilid? The default distributed hash table schema (DFLT) is content addressible storage and service calls using the owner public key and a digest of the schema.
It seems to be very close.
https://veilid.com/
https://veilid.gitlab.io/developer-book/concepts/dht.html
#veilid veilid Veilid
@Edent
Certainly an interesting issue. There are probably many people who don’t value a single online identity enough to consider it necessary to prove it’s really them (“I’ve forgotten my password, here’s my new account” etc.).
It did send me off down a rabbit hole about proving identity IRL though… 🕳️🐇
Robert Atkins says:
I think this is the goal of ENS (https://ens.domains/)? But they screwed the pooch by not linking it with the extant DNS system.
In reality, even though we’ve been shown (by, eg, Twitter) how depending upon a third-party namespace as a source of your identity is a bad idea, I think as long as you do enough due diligence on the top-level registrar, “owning” your own DNS domain is sufficient for most people for most purposes.
The real way to do it is public/private keypairs (… pointing to a content-addressable linktree-like thing for actual contact details) but then the problem is key management as you rightly point out. You can indeed be self-sovereign if you’re willing to take on the responsibility of not losing your keys but again, the best tradeoff for most people is for Apple and Google to do it for them via their phones and associated cloud backup services.
@Edent I'm fairly confident that DIDs are the right starting point, because there is (will be) a wide choice of DID schemes. Ultimately even with a layer of indirection to the key material you have to choose some service to point to your public keys. That service doesn't have to be a crazy blockchain. But if your choice of service goes away, you're still sunk.