The dangers of “decentralized” ID systems

Many decentralized identity protocols are being developed, which claim to increase users’ privacy, enable interoperability and convenient single sign-ons, protect against identity theft and allow self-sovereign ownership of data.

However, many of these protocols rely on government ID as a base layer (as proof of name, age or address, referred to as “Verifiable credentials”). In this system, users are required to upload a video with their passport or national ID card. After this, their name, age or address is marked as verified. Then platforms can query this API and ask is_over_18, full_name or country_of_residence, but have no access to the user’s ID scan or any additional information (e.g. is_over_18 only returns true or false, and doesn’t disclose the user’s name, home address or photo).

This reliance on government IDs means that DIDs cannot protect users against state surveillance. And just like the existing system, it continues to exclude millions of people who can’t get government ID: https://www.statelessness.eu/blog/each-person-left-living-streets-we-are-losing-society, https://unhcr.org/ibelong/about-statelessness, https://www.penalreform.org/blog/proving-who-i-am-the-plight-of-people

Problem 1: Reliance on government ID as a base layer

If decentralized ID is just an extension of the existing government ID system, it provides neither privacy nor financial inclusion.

Via government ID KYC, the state already excludes regular people from jobs, banking, apartment rentals, healthcare, receiving mail, sim cards, contracts and more.

If the state refuses to print ID for someone (which affects millions of people today), there are no appeals, alternatives nor NGOs who can help. Red Cross, United Nations and other NGOs don’t issue alternative identity documents. Flag Theory (such as St Kitts passports, Panamanian residency, Estonian e-Residency or RNS.id) requires an existing passport or birth certificate. Even IDs for undocumented people (such as Californian AB 60 driver’s licenses) require a foreign passport, national ID card or birth certificate, and can’t help people who have no state-issued identity documents at all.

This existing ID system is harmful, inaccessible and a single point of failure — and if decentralized protocols rely on this broken layer, they will continue to harm and exclude people.

Problem 2: The state won’t give up its monopoly on identity

Fortunately, some decentralized ID protocols aim to be inclusive, and instead of requiring government ID to verify a user’s name, age or location, they use social media, a web-of-trust or biometrics. This removes the ability for state censorship, and instead allows your friends to vouch for you, or allows you to gain access to services via fingerprints or an iris scan.

With a web-of-trust, friends or family could vouch for your name, age or location; landlords could vouch for your address; employers could vouch for your skills; customers could vouch for businesses; and so on. As it doesn’t rely on government databases, but rather the people you know, it is truly decentralized and accessible.

Biometrics also do not rely on state permission. If you have fingers or eyes, you can signup with a fingerprint or iris scan — no passport or national ID card required. As it is not dependent on state-issued documents, biometrics would be accessible for stateless people, undocumented people and people who weren’t registered at birth, who are often unfairly excluded from the mainstream economy. However, biometrics are dangerous for many reasons, including security (someone could force you against your will to give your fingerprint or decode your iris pattern from a photo), personal safety (e.g. escaping from domestic abuse or protesting against an authoritarian government), as well as privacy (such as the natural compartmentalization of work and home life and online personas).

Unfortunately, it is unlikely that the state, who forces government ID regulations onto businesses, employers, landlords and healthcare providers, will accept web-of-trust vouches or biometrics as “proof of identity”. It will therefore not be possible to apply for a job using a “Worldcoin” iris scan, or rent an apartment on the sole basis of positive reviews in a web-of-trust.

The state specifically uses its government ID system to whitelist citizens at birth (if you weren’t registered at birth, there is no way to “earn the right to exist” as an adult), and immigration is dependent on other countries’ whitelists (as it is impossible to get a visa without a passport and birth certificate). The state won’t allow people to bypass this whitelist by providing fingerprints or asking friends to vouch for them.

If the state chooses to incorporate biometrics or web-of-trust into its identity system, it will do so on its own terms, as an addition rather than alternative: a web-of-trust platform would require an existing government ID in order to signup, and “Worldcoin” wallets would require government ID in order to receive or spend funds.

Even the United Nations (https://www.unhcr.org/ibelong/about-statelessness) and World Economic Forum (https://www.weforum.org/agenda/2020/11/legal-identity-id-app-aid-tech) are aware of the damage caused by the state’s monopoly on identity, but are unable to convince the state to print IDs for stateless or unregistered people, nor issue their own recognized non-government IDs. Considering this, it’s unlikely that web-of-trust or social media-based ID protocols will become usable for mainstream jobs, banking or apartment rentals.

However, non-government DIDs could still find use in the informal economy, which already provides access to jobs, housing, healthcare and more, no ID required. Despite the war on cash and increasing KYC regulations, informal cash-in-hand economies exist around the world. In addition, cryptocurrencies have made it possible to send money to anyone around the globe, no bank or ID required, paving the way for uncensorable digital economies: https://anarkio.codeberg.page/agorism, https://bitcoinmagazine.com/business/kyc-free-bitcoin-circular-economies In these permissionless free markets, a web-of-trust could help with business reviews and reputation, proving education and skills when applying for jobs, or establishing trust for invite-only markets.

Problem 3: Decentralized ID can be censored

Some decentralized ID protocols use cryptocurrency addresses as identifiers, such as Ethereum or Bitcoin Lightning. However, there have been cases where platforms have censored users based on transaction history (such as using a KYC-free exchange, cryptocurrency mixer, gambling, or buying gray market products).

Connecting your identity and social life to your finances already creates privacy concerns (as anyone who you interact with could easily find out your wealth and surveil your earnings and purchases). Even worse, censorship via chain analysis or KYC means that users could be shut out of exchanges, marketplaces, social media websites and more. Imagine that you are permanently banned from Facebook or Twitter, because you recently sent money to a gambling website, bought a CBD product or didn’t want to disclose sensitive information, such as government ID (or are one of the 1 billion people worldwide who can’t get government ID, through no fault of their own).

From a technical perspective, cryptographic identifiers may provide better security than passwords. It is much easier to crack an insecure password compared to a (much stronger) Bitcoin private key. Cryptography also enables you to sign messages, proving that the content (such as a social media post, order or contract) really came from you, and not an impersonator.

That being said, PGP already offers cryptographic identifiers, to which you can optionally add your name (or pseudonym) and participate in a web-of-trust. You can use this PGP key not only to login to websites (by decrypting a code that the website sends you), but also verify content via PGP signatures and securely encrypt messages, emails and files. As PGP keys aren’t connected to your finances via a transparent blockchain and you can easily make pseudonymous and throwaway PGP keys, they offer a private and accessible identity framework.

Problem 4: Surveillance and the dangers of linking all your activity to one identity

But why do you need to verify a name? Why not take someone at their word, and allow them to choose what name they want to use? Why do all actions need to be linked to a single persistent physical identity?

Under the state’s government ID system, the state tracks people from “birth certificate” to “death certificate” — compiling details of individuals’ jobs, savings, purchases, home addresses, cars, vacations, medical history, phone calls, internet history and more. This level of surveillance is disproportionate and unethical.

An individual’s life should be private. Information should only be shared voluntarily on a need-to-know basis. For example, only your employer, colleagues and customers need to know about your job; only your doctor, pharmacy and insurance (unless you pay out-of-pocket) need to know about your medical history; and many people only share their home address with close friends or family.

Online, in the existing “username and password” model, users are free to create self-chosen identities, pseudonyms and throwaway accounts. It’s natural to want to compartmentalize your activities, such as using separate work and home profiles, not sharing your real life name or location with online chat groups, using a pseudonym for activism, artwork, music or writing, or creating an anonymous account to join a support group (such as for health issues, addiction or domestic abuse). Tying everything to a single identity could cause self-censorship, discomfort (in the case of sensitive or health-related topics) or even serious safety concerns (in the case of activism, discrimination or escaping from abuse).

For commercial transactions, such as shopping, jobs or apartment rentals, there are many ways to establish trust without a persistent or state-assigned identity, such as:

For many commercial transactions, a persistent or personal identity is not necessary. In cases where a name is required, simply saying your name should be enough (with optional verification via a PIN, PGP signature, web-of-trust or social media profile). In any case, neither a single persistent identity nor a state-assigned identity should be required for participation in the economy or social networks.

Conclusion

The surveillance and exclusion currently caused by gatekept government ID systems clearly shows the dangers of identity databases. If you are working on decentralized identity, allow users to participate without linking government ID, allow pseudonyms and throwaways, and keep a regular “username and password” login available for people who prefer it. Don’t create a clone of the existing broken system, but take this chance to create an alternative, inclusive and privacy-friendly ecosystem that everyone can participate in.

Further Reading

Identity Crisis – Privacy International https://privacyinternational.org/campaigns/identity-crisis

Busting Big ID's myths – Access Now https://www.accessnow.org/busting-big-ids-myths

True Names Not Required: On Identity and Pseudonymity in Cyberspace – DerGigi https://dergigi.medium.com/true-names-not-required-fc6647dfe24a

What's in a name? The case for inclusivity through anonymity – Common Thread https://blog.twitter.com/common-thread/en/topics/stories/2021/whats-in-a-name-the-case-for-inclusivity-through-anonymity

You Don't Need To See My ID – Jeffrey Paul https://sneak.berlin/20200118/you-dont-need-to-see-my-id

Proving who I am: the plight of people in detention without proof of legal identity – Vicki Prais https://www.penalreform.org/blog/proving-who-i-am-the-plight-of-people/

The rarely discussed dangers of KYC and what you can do about it – AnarkioCrypto https://vonupodcast.com/know-your-customer-kyc-the-rarely-discussed-danger-guest-article-audio

Passports Were a “Temporary” War Measure – Speranta Dumitru https://fee.org/articles/passports-were-a-temporary-war-measure

During World War II, we did have something to hide – Hans de Zwart https://medium.com/@hansdezwart/during-world-war-ii-we-did-have-something-to-hide-40689565c550

With each person left living on the streets, we are losing as a society – Petr Baroch https://www.statelessness.eu/blog/each-person-left-living-streets-we-are-losing-society