<style> .reveal { font-size: 32px; } .reveal h1, .reveal h2 { font-family: "League Gothic", Impact, sans-serif; line-height: 0.9em; } .reveal ul { font-size: 1.1em; line-height: 1.3em; } .reveal p { line-height: 1.3em; } </style> # Sad State of Decentralized Identity ## and What To Do About It * Host: * Christopher Allen * Panelists: * Ryan Grant --- ## The Bad News * eIDAS captured by Apple & Google (mDL) * US states following suit _(its cheap)_ * DHS funding for DID/VC has collapsed, team resigned * KYC everywhere but insecure * Web3/Nostr: progress but no key rotation --- ## Why Decentralized Identity is Losing * Technical standards met geopolitical reality * Corporate capture of "decentralization" * Builder's Dilemma: pure but irrelevant vs. adopted but compromised --- ## Most Dangerous When systems **succeed** while **inverting their purpose** Infrastructure for sovereignty becomes infrastructure for control --- ## What We Haven't Addressed * **Property → Privilege**: You don't own your credentials * **Contract → Coercion**: Accept terms or be excluded * **Justice → Absolutism**: Algorithmic decisions without appeal * **Transparency → Invisibility**: Can't see who controls you * **Exit → Erasure**: Can't leave without losing everything * **Identity → Commodity**: Your identity becomes a product --- ## Some Hope * **Swiss e-ID**: Referendum passed, uses SSI DID/VS tech stack, potential transition path to LESS (legally enabled self-sovereign) Identity * **Utah**: State Endorsed Identity experiments * **Wyoming**: Law protecting private keys --- ## The Dilemma **Technology alone?** Not enough (failure of DID/VC proof) **Legislation alone?** Not enough (failure of eIDAS proof) --- ## So You Think You Have a Solution? ### Don't Waste My Time <font size=5.5> * Persistent keys as identifiers * Keys that can't rotate * Using same key material for different purposes * Naive BIP32 derivation tricks * Rely on DNS or X.509 * KYC-centric strategies * Global names or Global Proof-of-Personhood * Monetization via tokens * Over-identification (passports as root-of-trust, etc.) * VCs that phone home * Other solutions depending on centralized entities </font> <p/> ### DO YOUR HOMEWORK! --- ## These Might Impress Me <font size=5.5> * Self-revokable psuedoanonymity * Authorization strategies over identification strategies - Such as object capabilities (not ACLs) * Leverage multi-party computation (MuSIG2, FROST, FHE) * Leverage BitTorrent mainline DHT * Demonstrate understanding of Proof-of-Personhood (not a bot) vs Proof of Unique Personhood (not a bot and only represented once in this contextual domain) * Incorporate Progressive Trust (reveal over time) </font> --- ## Questions for the Panel * What's the path forward? * Build alternatives or constrain platforms? * Both? --- ## Resources **Musings of a Trust Architect:** https://www.blockchaincommons.com/musings/gdc25/ **The Path to Self-Sovereign Identity:** https://www.lifewithalacrity.com/article/the-path-to-self-soverereign-identity/ **Origins of Self-Sovereign Identity:** https://www.lifewithalacrity.com/article/origins-SSI/