Can I own my identity on the Internet?

The ultra secure messaging app, Signal, requires a mobile phone number in order to sign up to it. This, as my friend Tom Morris, points out, is madness.

People don't own mobile phone numbers. They are rented from mobile operators. Yes, you may be able to move "your" number between a limited set of providers - but it ultimately doesn't belong to you. An operator can unilaterally take your number away from you.

If you move to a different country, you will almost certainly have to change your number - thus invalidating any account which relies on a mobile being your primary identifier.

That's before we get on to how hideously insecure phone numbers are. Transmitting an SMS with a sensitive one-time code over a cleartext which can be easily intercepted is not a sensible approach to security. Modern phone networks are designed to accommodate Lawful Intercept - and suffer from a range of security weaknesses.

Fine. Whatever. Let's use emails as our primary ID. Bzzzt! Wrong! Email addresses are just as ephemeral as mobile numbers.

If you use a service like Gmail, Yahoo, or Hotmail, then you're at the mercy of those providers. They can revoke your access at any time. They can give away your cherished address. And, like phones, they can be legally compelled to give access to certain 3rd parties.

Social Media IDs are equally rubbish. Your presence on Twitter or Facebook is little more than virtual sharecropping. You don't own or control your ID. If the provider goes bust, you've lost the ability to identify yourself.

OK, here's an answer! What if I run my own domain? Then I'll be in control of my identity. And my email as well!

No. Not really. Your domain is only temporarily leased from your registrar. Perhaps you forget to renew your domain. Or renewal prices will jump and you can't afford your "home" any more. Perhaps a global corporation insists that they alone have the right to use your name and take you to court.
That kills off the ability to use something like IndieAuth.

Umm... How about IP addresses? Again, for most people these are leased from ISPs and are dynamic. Even with a switch to IPv6, there's no way to own an address permanently and move it between ISPs.

I want an online identity which is immune from 3rd parties to take back. Something unaffected by Eminent Domain. That - no matter the social and technological changes of the Internet - will remain valid throughout my lifetime.

Let's craft a problem statement

As a user, I want to have an identifier on the Internet which can only be revoked by me.

(That's not a perfect story, of course. It says nothing about security, access rights, or usability. But it is a simple starting point.)

Does such an identifier exist today?

Something like a Public/Private keypair is almost right. Ignoring the many usability issues with things like PGP, it is conceivable that you could authenticate yourself to a service by cryptographically signing a challenge they send you which is then verified against your public key.

This is more-or-less how FIDO UAF works. You generate and store your keypair on a piece of cryptographic hardware and use that for authentication and identification.

But there is a more fundamental flaw - a keypair doesn't provide a method for delivering a message or a service.

At the moment there's no way to say

  • "Visit my website at impossibly long cryptographic string" or
  • "Give me a call at ..." or
  • "Let's exchange data via ..."

OK, I can add multiple email addresses to a PGP key and hope that all the major email providers don't go bust, or sell me out.

I'm sure there are hacks which will turn 000D05F640557C62 into a DNS entry for a website. But that still falls back on requiring an existing domain name. Which can be taken away from you.

(As an aside, if you're an intergovernmental agency registered by an international treaty, you can apply for a .int domain. That's probably harder for someone to unilaterally revoke.)

The Internet, so we are told, routes around damage. But where does it route to?

I don't have an answer to this. It seems like a fundamental design flaw with existing Internet infrastructure. How can I carve out a permanent home here?

7 thoughts on “Can I own my identity on the Internet?

  1. Can we even do this in the physical world yet? Yes I can own a plot of land and by virtue of that have an address using one of a number of namespaces; postcode, lat/longs or even "what 3 words" but this is still subject to the masters of the namespace, and even the physical place could be subject to a compulsory purchase order to kick me out if the authorities decided to build a new motorway through my house or such.

    Your point about public/private keys is interesting but there's a difference between an identity and an address, I don't see keys solving the addressing/discovery issue

    1. I think your point about the physical world is well made: addresses can be changed (think street renaming), and the core of the UK addressing system, the postal code, is made available on a licensed basis (via the Postcode Address File).

      I suppose one potential difference between one's online residence — a domain name pointing to an IP address assigned to a server, at its most basic — and one's offline residence — let's say the ownership of a piece of land — is that the compulsory acquisition of someone's land, or eviction from a property, is subject to formal processes, and is challengeable before a court. In the online world, one's protection (if any) is limited to the terms of service governing the relationship between your provider and you. And it probably contains provisions about removal / withdrawal / service cancellation, often without cause. Your protection is only as good as your contractual relationship with your service provider, or perhaps your ability to enforce such a relationship if your services are removed in breach of that contract.

      The closest I came to permanence — echoing Dan's point — was that of a .onion address. There, it is not the operation of a law which offers any certainty, but the mathematics behind the recreation of the private key needed to assert control of the domain. So while the underlying infrastructure may change, your IP addresses become reallocated or whatever, as long as you can get your Tor hidden service connected to the Internet, and do not compromise your private_key file, your address should be reasonably secure. Ironic, perhaps, that a system designed for anonymity / lack of attribution may be the best way of preserving permanence online. For limited values on "online", and as long as your correspondents don't mind also being on Tor.

  2. Without thinking too carefully about this, it feels as if there must be something blockchain-like that could be used. A widely-distributed-and-duplicated sequence of contact details, where the most recent entry signed with your private key is the correct way to contact you, and revokes any previous entry?

  3. It feels like the community would need to be the authority for this. Perhaps some sort of distributed network like BitTorrent or *shudder* a Blockchain combined with something PGP-like. You could say "contact me at BF55AE33", and the network could convert that to a pgp-signed list of current pointers that you maintain. This could include IP addresses, so a DNS lookup for BF55AE33.distributed-identity is possible. Current email address. Social media accounts. Even a short profile, harking back to the .plan days.

  4. As Sam mentions, I think this somewhat confuses the concepts of identifier and address. Even in the physical world this is extremely complex.

    Some set of biographical information often is used as an identifier (name, nationality, DOB, place of birth, parent's details) but this is imperfect as it's often non-unique (one hospital district in Florida has 23 Maria Garcia's with the same DOB as patients), mostly non-revokable, and sometimes changes dependent on context (I'm American when dealing with the US government, British when dealing with the UK, and one/other/both when dealing with other countries). Biometrics likewise have issues with usability (especially remotely) and revocability. Importantly none of these gives anyone a method for communicating with me or for easily asserting my identity.

    Similarly a 'permanent' address doesn't really exist in the physical world either. Between the ages of 18 and 35, I've lived in 18 locations. In 15 of these my continued presence has been at the whim of the property owners, in the other three I at least theoretically was at risk of compulsory purchase or the mortgage company pulling the rug out from under us. Yes, the legal rights in the physical world are a bit better, but if someone really wants your address they can probably get it.

    I think with the speed in which internet communication methods (and companies) change, there is no real way we'll ever get a permanent communication channel. What I'd like to aim for is a reliable identifier and a secure directory of the current 'address' for this identifier. Perhaps something akin to a DNS server of public keys and then an email address (or phone/twitter/snapchat) signed by the private key? Lots of challenges in implementation though...

What do you reckon?

%d bloggers like this: