E45: Daniel Buchner on Building Decentralized Identity at Block
Episode Clips
show Notes

Daniel Buchner is the Head of Decentralized Identity at Block, the company formerly known as Square.

In our talk, Daniel helped me understand the concept of identity, why and how identity can be decentralized, and how having self-sovereignty over your identity can change the relationships and the power dynamics between users and the apps we use today.

→ TBD: https://tbd.website/

→ DIF: https://identity.foundation/


→ Voltage: https://voltage.cloud?utm_source=kevinrooke&utm_medium=Youtube&utm_campaign=1mo

→ ZEBEDEE: https://zbd.gg/

At the end of every show, I answer any questions listeners send in over the Lightning Network.

To ask a question, send a message, or to support the show, download Fountain from the App Store and load your wallet with a few sats.

→ Fountain: https://www.fountain.fm/

→ More Episodes: https://play.fountain.fm/show/P6XXuSPg6f2rj4ECB0fT

→ Lightning Address: ⚡kerooke@fountain.fm


→ Twitter: https://twitter.com/kerooke

→ Books: https://www.kevinrooke.com/book-recommendations

→ Blog: https://www.kevinrooke.com/blog


00:00 - Highlights & Intro

02:34 - Daniel Buchner Intro

08:38 - Taking Control of Your Public Identifiers

13:39 - Securing Decentralized Identifiers

22:59 - Building a Decentralized Identity Network

25:32 - Block’s Decentralized Identity Work

36:54 - Privacy for DIDs

45:00 - DIDs vs. Slashtags

49:24 - The Process of Developing Open Standards

56:31 - Applications for Decentralized Identity

1:00:07 - Personal Servers

1:03:00 - How Self-Hosting Changes the Relationships Between Apps and Users

1:12:24 - tbDEX

1:20:06 - The Lightning Round


Daniel Buchner Timestamp: 0:00

You know, the idea that people don't want their identity exposed is just nonsense, right? They do it every day and it doesn't mean that it has to be like your human identityD ID's are suit anonymous. It's not like your D ID is like Colin Daniel Park and you can have multiple of them where it's not just like one ID to rule them all. When Elon Musk talks about wanting to identify all humans. I do get a little scared of that. I don't think you need to identify people. So personally, I know everyone out there is like, wow, just pay $20. It's like, what if the scam you're pulling is worth $21? The core problem of Decentralized Identity having Identifiers that are wholly and solely yours, that really can't be interdicted through any centralized bottlenecks is like a 40 year problem. There's really two things we have to win to win the war in this ecosystem, and that is money, and Bitcoin is doing that and it's identity and all the app stuff that relates to it. And if you don't win both battles, you might just lose the work. What I want to do is I want to have the apps that we have today on your phone, but I just don't want the middleman between right? There's no reason it needs to be their server, their application server, my data lives and it can be mine. Life is going to change. Like if we were able to successfully do this as a community and people were to buy in and understand that this is the lifeline, this is the thing that they've actually been asking for, not people like Elizabeth Warren. Let's tear down all these tech companies. We don't need to do destructive things. We can do constructive things, and I think people will embrace it. I think they've been waiting for it.

Kevin Rooke Timestamp: 1:23

Daniel Buckner is the head of Decentralized Identity at Block, the company formerly known as Square. In our conversation, Daniel helped me understand the concept of identity and all that it entails, why identity needs to be decentralized, how we can achieve that, and how having self sovereignty over your identity can change the relationship that users have with the apps they use every day. I've also got Daniel set up on Fountain, he's got an account and I've added him to the show splits. So if you learned something new from this episode, the best way you can support the show is by sending in stats, comments and questions over the Lightning network. Daniel and I will each get half of the payments and we will both be able to see all the comments and questions you send in quick shout out before we get into the episode. Today's show is sponsored by Voltage. Voltage is the industry standard and next generation provider for Lightning network infrastructure. Today's show is also sponsored byZebedee. That is Zebedee, andZebedee is your portal into the world of Bitcoin gaming. We'll have more from Voltage andZebedeee later in the show. Daniel, thank you for joining me today. I'm excited to chat with you about identity, and there's a lot of questions I have. Maybe a way we can start off is by first defining identity because it's a term that I think means a lot of different things to a lot of different people. So I'd love to start off with your take of what identity is and how you kind of grasp this concept.

Daniel Buchner Timestamp: 2:57

Yeah. It's notoriously difficult in terms of the definition. So maybe I'll talk about how people perceive it today and then kind of what my personal perception is and a few people share it. I think when you ask people what identity is, they're probably skewed towards one of two concepts or definitions. One very common one is to think of when someone says identity, they think of identification, which is actually slightly different. And that typically is like pull out your driver's license and show me your government identification. And people kind of Munge that together and think that that's all of identity. Right. It's always just proving who you are as a human person. And it's common because those are the proofs that we show when we do have to show our identity in certain places. Another one is sort of a more personal one where if you ask someone what their identity is, they're probably going to start talking a little bit about who they are as a person. They might say, this is my childhood, this is the work I do is where I graduated from school, whatever. Right. And they kind of define it as their persona. Like the who, and those are both fine. Those are both parts of your identity. But I suppose my argument would be that your identity really is everything. Right. Like if we define the identity as anything said to from, by or about you, that's recorded in any sense that anyone in their minds has an awareness of or is like a medium that's actually written down other people can read later. That covers a lot, whether it's Wikipedia entries about someone or things on LinkedIn or all these apps you pour your data into which are part of your identity. Example I try to give often that people may not think about is your grocery lists. You might type those into a to do app. Those are part of your identity. I guarantee you what you buy from the store. And that list probably looks pretty different from any other person. And it's part of who you are. Right. Like the food you prefer and all these different things. So the statement really is that at least in the digital sphere, almost anything you do in terms of digital exhaust or put into apps is identity. So we think it covers pretty much everything interesting.

Kevin Rooke Timestamp: 5:12

So now in this transition from physical world to digital world, what's the problem here? We lost control of some of our identity. I want to get into the issue of why it's important to decentralize identity and why this is like a concept that needs to be explored. Is it that like in the process of going from physical to digital, we've lost control or what's the reason there we need to decentralize it?

Daniel Buchner Timestamp: 5:41

Yeah. I mean, I think that that's to an extent, true. Right. You definitely lose a bit of control going to digital with the current systems that we have today and some examples that everyone's seen at this point, they're a little fringe ten years ago, but now everyone's visually aware you have quite a few tech companies now who are asserting that and they are private. And it's their right to do this if they want to not have an account in their database, things like Twitter and others, deleting accounts, deleting people. You posted something I don't like. The hard part is in the systems of today, your Identifiers, which is what your Google At handle is. So if you claim you don't like identity but you're on Twitter, it's kind of like ridiculous because you're using an identity system every day to say that you don't like identity, which is a bit odd. But if you lose your Twitter ID, you're gone, right? And it's because they own the ID. It's the principal problem. So when they delete your ID, which is their database, you lose all your connections, you lose all your Tweet content, everything goes away. And this happens in many different platforms. Now, like I said, I support their right as a private business to do whatever they want with their business. But, man, it would be a lot better if we had Identifiers. We owned those ad IDs. Whatever form they take, they might look a little bit like an email address or public key. Right. As a form of identity. But it was under your control. So when you went to an app in the future, you're able to say here, like, bring my own ID, right? This is mine. You don't have to have just one. You could create multiple IDs for different personas. Like, you might have a gamer ID, you might have one for social media, you might have one for private, personal, family stuff. Right. You're kind of separating the contexts of your identity so that they don't all overlap and no one gets to know all about you. But the cool thing is, in the app landscape, if I was to be able to bring my own ID somewhere, any connections I form, all those followers and data that I'm generating, it's all mine, right? I'm letting them visualize it through this Snappy app that I have that I like the interface of, but it all stays with me and I'm in control. So if they say, hey, Dan, take a hike. We don't want to host your tweets anymore. I'm like that's fine. They were all with me anyway. I was just kind of allowing you to have them because it was made the service a little bit smoother, faster, more performant. But at the end of the day, I'm walking away with my ID. I can contact any connections I make, I can still disseminate my content, my thoughts, my beliefs, whatever I want, and I think it's a better world. I don't totally begrudge these companies and apps for doing this because we just didn't have the technology 10, 15 years ago. Right. To do it, and now we do. So I think we should move to a paradigm where we untwist digital identity of people and things and companies from these coupled systems that they did out of really technical necessity at the time.

Kevin Rooke Timestamp: 8:37

Right. Is there any precedent for people controlling their own identities before the digital world? Like when I think of a physical address or like a driver's license or something that exists pre Internet, or even like a telephone number, surely there's still some I don't own my telephone number, there's someone who owns it. I don't really know the details of it, but I know I don't have full control over that. Has there ever been a time where we've had full control over a significant portion of our identity?

Daniel Buchner Timestamp: 9:10

Not really over your Identifiers? Even in the physical world, you've never, ever been able to control an Identifier. And that's actually what Bitcoin does. Bitcoin is a pseudonymous identity system. You have public keys and addresses, and yes, it's through a trail of indirection where you're sort of like pay a public key hash, you're publishing public key, and you're signing against it. Well, public key is a pseudonymous Identifier, right? Whoever controls the key, it's referenceable. And Bitcoin really is the first decentralized public key infrastructure that we've really ever had in the world that was not in some way centralized. So I think you're accurate to say that we've never had an Identifier that you wholly own in the world until D IDs. And really, Bitcoin is the foundation, sort of in a slightly more primitive way thanD ID's showing the way forward. I think you have been able to own aspects of your identity in the physical world. Like we talked about the grocery list example. I could keep that very private, and I write it on paper, and only I ever have my receipts or my grocery list or it's me and whoever I choose to share them with. And so from that respect the things that make up your identity, which is different than an Identifier. Right. I should probably clarify. Identifier is just some string of some type that you can prove control over, either through a centralized intermediary or through a decentralized way, usually digitally signing with keys that control the ID. And then there's the identity, which is all the stuff that makes you up. And you've been able to control that to a large extent in the physical world. But you're right. Things like my address, I could get evicted from the house phone number. I could have that shut down. So it's rare.

Kevin Rooke Timestamp: 10:46

Yes. Okay, that makes sense. So the things that make up my identity, like if I was writing down lists or if I'm jotting in a personal diary or whatever, that I could have kept to myself. But it's not the Identifiers until the kind of digital transformation in Bitcoin, I guess, would be the first example. Can you describe how Bitcoin's identity system has led to this decentralized Identifier or did system that we're now seeing take fold?

Daniel Buchner Timestamp: 11:17

Yeah. So Bitcoin is, like I said, the first decentralized public infrastructure that's been run any scale and certainly works doesn't suffer a lot of the problems that early attempts have suffered. And it's interesting because the core problem of decentralized identity having Identifiers that are wholly and solely yours, that really can't be interdicted through any centralized bottlenecks is like a 40 year problem. It's a 40 year old sort of Holy grail problem in the digital identity community. And it really honestly comes down to recording like a time sequencing Oracle. That same thing that Bitcoin solved is actually the underlying problem in digital identity systems, which is typical identity systems. In the past, you would have some Identifier. Dns is a really good example of domain name. And how do you tell over time who owns it? Because they could be sold or you get approved control over time. And there was sort of no deterministic state machine out there that says, well, I recorded entries of who owned what. So if, like key changed in typical D ID systems, you'll be able to map a D ID like devices that you control so you can do things with it. And those things change over time, right? I might get a device and switch it out and I have a different key associated with it. I have to record those state changes because the minute you say, well, just trust me, right? It's this state, it's these keys. That's the point of centralisation. And that's why we have the CA system of today and all these other things is because there was no system for that. So they created these hierarchies where they basically just say, wow, we ordain this organization over here and they give you these magical certificates and just trust us. And if we want to wipe you away, we can. That's why when you go to certain sites, you'll see all these nice three letter government badges on there, because they certainly do own that system. From time to time, the D IDs changed that. There's no one in the middle, there's no one that's going to come and take this stuff from you. Well, Sansa $5 wrench attack, I suppose they could show up at your house and do what they do. But that's the huge difference. And that's what Bitcoin did. It solved the chronological Oracle problem, which is really the capturing estate from inception of every change in PKI, and it did, that really elegantly. And that's how we are building D ID stuff on top of that foundation as well.

Kevin Rooke Timestamp: 13:38

Right now, Bitcoin has its own system for securing the network, right? Like it has hash rate, it has nodes, it has an entire incentive system wrapped up in the token. That secures the token. And it makes it so that people can store value in it. What's that system for did, how do you secure a D ID? How do I establish if I get a new phone and now all of a sudden it's a different key? Like how do I make that transfer trustlessly? That's still a little unclear to me.

Daniel Buchner Timestamp: 14:11

Yeah, absolutely. So there's one thing you brought up, specifics of D ID. Maybe I'll give a little bit of a background. Right. So D ID, the Decentralized Identifier spec and W3C, which is still in limbo for final ratification for reasons that people probably have read about over the past year. It's essentially a data model spec. So when I say data model, I mean it is not telling you how to build a did system or implementation. It's telling you what things that must include if you were to build one right from the higher level. And then it's this output document format. Kind of like if you resolve a DNS name, a domain name today, there's zone files and there's like backing DNS documents that are resolved like name servers and C names, a records, all that stuff. Right. That's all standardized. Like that's a data model for the pieces of information someone looking at the domain name needs to have so that their computer can find the right resources. Right. The decentralized Identifier spec is analogous to that. It sets out the sort of JSON document format that contains two primary things that map to an Identifier in your implementation. One is public keys, so the person presenting the Identifier can prove that they own it, and then the other is endpoints because D ID systems don't actually and shouldn't contain actual identity data. That's not the purpose. The purpose is more like DNS. You wouldn't encode your website into your DNS records. It's just for triangulation security. So you're saying, like, I present this idea here's key to prove it, and you can go over here through this decentralized routing mechanism to find information about the ID if I want to disclose it to you. Right. So that's a key thing because people freak out. They think we're going to put personal information on a blockchain or Ion, which is one implementation, like putting it in there. And that's just not true. It's very much like a DNS look up. Okay, yeah, go ahead.

Kevin Rooke Timestamp: 16:05

So Ion is an implementation of this decentralized DID modeling, right? This data model.

Daniel Buchner Timestamp: 16:13

That's correct, yes. And there's many different implementations. Like one simple one that everyone can kind of rock is like the simplest D ID method. I call it a toy. One because it doesn't have all the features. But like did key, it looks like a Uri, like did colon key and then public key. So it's literally like you're just handing someone a public key and you prove control because you own the private key. There's some issues with did key. You can't roll that key. So if there's ever a need to switch it out or you need another key type that you want, like multiple keys associated with it, it's tough because you're bound by that one key and you just don't have the flexibility and then it doesn't have like endpoint support, stuff like that. But there are very simple ones. There are centralized ones like did web, where it's basically just somewhere on some domain host this document. And the problem with Did Web is I could see the Googles or the Facebooks of the world liking this because it's not too far off from what they have today, which is just a slightly standardized means of a centralized person kind of owning your identity. Because if they own the domain that it's actually rooted on, they own your ID. So that's why we encourage people to use truly decentralized implementations of that spec, not just any particular random one they find.

Kevin Rooke Timestamp: 17:26

Okay, I'm still trying to understand a bit about how you ensure this. If we take Ion, how do you ensure it's secure and how do we ensure it's stable?

Daniel Buchner Timestamp: 17:37

So the DID systems have a different sort of requirements set. I would say I on taking Ion, for example. The base requirements set is that you have some record of history that is as deterministic as you can get. It as decentralized that understands and records the state changes of an Identifier's PKI information. Whether it's like I changed a key or I changed an endpoint to where my data might live, it has to record those changes over time and replay them. It's sort of like the ship of Theseus. The classic identity example of the ship of Theseus is leaving from a dock and it's like a black ship with red sails, right? And over time, over the journey, which is like your PKI state changes, every board nails replaced and sails are removed and changed. And if you were on the dock when it left and you sort of saw the ship coming back, that was like Brown Cedar and green sale, you'd be like, Well, I think maybe that's the people. But is it the ship of Theseus? Right? If you don't see the state changes, you just have to trust them. And it's like, no, that was them, they trust us. But if you could see every nail and board replaced, then you can understand the assembly. It's sort of like the compilation over time. And so any good de system has to solve that problem. I mean, that is the chronological Oracle problem. Bitcoin does it because state changes are codified into Bitcoin blocks and they're sequentially numbered and they count upwards. That's why he called it time chain to begin with, right? Because it really is. It's capturing events in Synchrony over time and you have the ability to replay them. That's why when you boot up a node, you have to process certain things in order. So that's actually what Ion anchors into. It's not so much like open timestamps concerned with point in time publication. People look at our systems, it's just like timestamps. It's actually a much more complex protocol and it's not just saying like, there's some hash of some data and it existed at this point, at least here. It's more like there's operations to a D ID, like create update recovery that happen over time and you need all those associated in the correct order. So it's much more concerned about sequence and order than it is proof of publication at exact singular point in time, orthogonal than anything else. So Ion is a layer to deterministic system. It doesn't have its own consensus. There's no validators or special authorities in the system. It's kind of like lightning spiritually, even though the protocols are very different at the code level, in the sense that anyone can participate in Ions network just by running a node and sort of anchoring things in Bitcoin. And how it works is you can anchor 1000 to 10,000 of these did operations, which could be Alice creating an ID, Bob updating to roll his keys to a new device or whatever they are. You can anchor one to 1010 of those in one Bitcoin transaction and it uses an IPFS hash inside that anchor. And what all the nodes basically do is there's no agreement on consensus. That's subjective. They all go get those operations and they just compile global state. So they try and fetch, they're trying to replicate. It's basically a huge mirroring network. They just all want and are interested in these operations and when they have them, it's just math, they just compile them. There's no like, let me ask my neighbor what this should be. It's purely deterministic and what I would say in terms of incentive structure, right? So that's how it works in security terms, because where it falls in Bitcoin determines the outcome. So that's secured in the actual functional terms. Now, Monetarily, you ask, kind of like, well, there's a token and it backs this, right? People say, Why would I run an Ion Node? And I'd say, well, there's two really important things in life. There's money, right? You want to own your Bitcoin and then there's identity. And it turns out that to do really anything in the world, you kind of need to know identity. You want to know that this bank is a legit bank. You want to look them up. You just met this person at the conference, you want to give them your idea, maybe you exchange one, right? All these things require identity, fundamentally. So the reason why people would run an Ion Node or the companies of any size, that sort of thing is because they want to be able to interface with customers, individuals and partners. So if I want to look someone's idea, if I better have a way to do it. So it's sort of like a utility based need. The reason why you run it is because you need to run it. It's not like a question of can you run it? It's like you just have to because you want to resolve your customers. I always give like an insurance example, like if I'm Allstate and you tell me I need to run this system that's going to give me better connections to my users, like higher trust, greater proof, better security for all these business type purposes. And I say, hey, you got to run a server, it's going to cost like I don't know, we put a guy on it, it costs a grand or two a year. The costs are minimal in terms of the actual operation. Costs more Labor, I guess to have someone watch it and they're like a $50 billion. I don't know how much they're worth. The billion dollar company, they're going to laugh at you, they're going to say, oh, $2,000, what am I going to do? Of course I want to authenticate my customers for $2,000. It's like a rounding error. So they don't need a shit coin to convince them to run this. They're going to run it because they want to validate the driver's license of the person they're trying to give insurance, you know what I mean? Does that make sense?

Kevin Rooke Timestamp: 22:59

Now what about bootstrapping a network of a decentralized identity network from scratch? Is it the same problem that you would have faced in 20 09, 20 10 trying to bootstrap Bitcoin's network effect where you just need people to use it and it has to get a critical mass before it becomes useful to a Corporation?

Daniel Buchner Timestamp: 23:21

Let's say it actually is completely use case dependent. So yeah, there's lots of use cases where you would have to have a critical mess. Social media is one of them, right? You need everyone in the system talking to each other. Luckily, Blue Sky is very well positioned and associated with one of the major social networks and looks like they're trending in the right direction. Based on my latest read of their documents, others don't. Right. So when we come out with this stuff later this year, which I can detail a little bit about, that allows you to have your own ideas, create verifiable, trust relationships with peers or companies or whoever you want and then custody and own your own data, your own app data. There's a lot of apps that actually are singular, right? Like if I go right, a really great version. I always use this example, but Google Keep is my favorite to do with that. It is owned by Google. I'm pretty sure they're snooping over everything. In fact, obviously they are, but it's just really nice. Great. Ux. So I would love to have the Google Keep app, but it's storing data with me. Right. So I get value out of it just by being able to take my own nodes and do my own lists and things like that. I don't need a groundswell of note takers around the world helping me. It's my own data. Right. I'm doing it for that purpose. So if we can start replacing apps like that, maybe targeted things like tbDEX where banks and financial institutions and block and everyone wants to create a decentralized exchange. They're incentivized already and they're just going to onboard their customers. There could be sort of that middle ground where you have someone that's willing to onboard a bunch of people for a more network use case. We don't have to start at the end, which is the hardest thing of, like, social networking. Everyone's got to transfer their accounts. There's use case steps along the way to sort of build that momentum.

Kevin Rooke Timestamp: 25:10

Right. And so maybe it could start with either note taking or files, personal apps, personal apps.

Daniel Buchner Timestamp: 25:17

Maybe you and you and your family. If you have something that you share with your wife or kids or something like that, it's easy to get them set up, just like they already get set up with tech stuff that you bring home today. Those are where some cool use cases where we can start.

Kevin Rooke Timestamp: 25:31


Daniel Buchner Timestamp: 25:32


Kevin Rooke Timestamp: 25:32

So I'd love to get into the weeds of exactly what you're building now at Block and how that connects to the D ID spec system we talked about. And Ion, can you describe how those are all related? Yeah.

Daniel Buchner Timestamp: 25:47

So there are three principal components that we're going to put out. They're all standards based open source stuff, but we're going to try and put them out as sort of a cohesive thing for developers, primarily initially in a box. Think about it like you saw the puppet Jack video with the LDK LDK in a box for Lightning thing. We're going to try and do the same thing for decentralized identity maps. Right. And the three primary components areD ID's. And we're going to most very likely use Ion as one of the methods that we support. Maybe a couple of others, too, based on market demand or what's the ground swell of use there. Then the second pillar beyond D ID verifiable credentials. And it sounds scary. People get scared of credentials after the post-Covid era credentials. Just anything you sign over. Could be I could sign over something saying, I'm going to do a review of your podcast and I'm going to sign over at five stars. Right. That's a credential. I give it to you and you could prove that I set it. Same thing with, like, diploma or just anything that's in a tested piece of information. And these could be peer to peer reputational proofs, too. Like, I had a good interaction, sales interaction with you. I'm going to sign something so you could show people that that's true. And so that's the second piece. And the last one is these DWeb nodes, which they're just like basically personal data storage and relay nodes that can support any application data, be it binary or formatted data, that sort of thing. And that's where your app data and your interaction data and stuff can live encrypted on your devices. And if you choose to, you can host it in other locations as well. There's no dependence on a centralized provider because it's masterless system where you custody and own your own data at all times. Those three components we kind of like to call, I've heard them as a more decentralized web platform. You put those three in a box, you give people easy APIs, they can go build whatever they need to build. I guess this is an important time to kind of mention Tbdecks, because to this point, tbDEX has sort of been the most public part of TBD, our organization in block and how to Orient people in terms of thinking of this more decentralized web platform, box of tools for developers. And what TBD is. TBD is the first app that we're building that runs on top of this platform. Right. So it's obviously the centralized Exchange app. It's got its own unique qualities, but it really rides on top of this more generalized platform. You could go build social networks on this platform. You could go build to do list apps, whatever you want. Right? It's up to you.

Kevin Rooke Timestamp: 28:14

Interesting. So now in those three components you mentioned, one of them was Verifiable credentials. Is that built on top of D IDs or is that a separate component? I want to understand how related those two are.

Daniel Buchner Timestamp: 28:28

So Verifiable credentials are assigning data format like standardizing how you sign informed proofs. There's been more primitive formats in the past, like Jason Web signatures, which are another sort of serialized format for taking a piece of information and signing it. Right. Verifiable credentials are a little bit more robust form of that. It's a W3C standard. It's fully ratified. It was ratified in 2019. It exists out there. Anyone can use it. And it allows you to take an Identifier, which technically doesn't even have to be a D ID, according to the VC specs. But most people use D IDs for the Identifiers that are signing. And then you just sign some piece of information, whether it's like school transcripts or your proof of driver's license or proof of insurance, anything like that, anything one party is attaching to one or other parties. It just formalizes how the data model looks and the signature formats and everything that goes into it. So it's not just, hey, let me go read some random GitHub reading. I'm not trying to disparage any projects out there, but some people play fast and loose in these environments and it's like if companies, serious companies are going to build legit stuff on this stuff, they want to see like a spec that's been security audited, like all this stuff really formally proven and published. And so that's kind of what it is.

Kevin Rooke Timestamp: 29:45

Interesting. And the third component is storage. Anyone on any device can store their data. Is that the idea there?

Daniel Buchner Timestamp: 29:55

Yeah. So we have a reference implementation of DWeb nodes that's coming out. It'll run on device. It will also run as a server, the same package, and that allows you to custody your data on any devices you own so you can have it replicate. Like let's say I had it on my laptop and on my phone and might connect to my D ID's and then maybe I have an outbound remote. And the reason why you might want to do that, if you're not going to host it, like on a knock with a static IP at home is for most people that's pretty tough. Just like it is having your own Bitcoin node. Or if you're really not technical at all, it's hard to host something and get a static IP and do all that stuff from your own house. Why you might want an outbound node or high availability node like that is because it's just traffic. Right. If you're doing some sort of app that's meant to be highly collaborative and peer based, you can see this. We tested it, we were able to kill batteries in under 30 minutes. Right. If you open this thing up as a server, a your cell provider is not going to be too happy about it because you're probably going to do some numbers on that sucker and it also just melt your phone. So the sort of reality that we have, the feasible reality that we have for public, semi public data that's authorized for a small group or totally private data, to be able to have the ability to get at it quickly with authorization is to stick it somewhere that can handle it like an actual server. So how this looks, and I think this is the happy medium for this reason, you wouldn't want to be following 10,000 people on Twitter and making 10,000 Http requests every 30 seconds. Right. Really not feasible or have a million people, if you're popular, to come and try and hit your phone. So what you would do is have a copy of replica of your information that has permissioning and stuff there in an outbound source that has high availability. And so their first attempt would always be that node. It's going to be the one that can handle traffic. So the first request to go there, if that's down for whatever reason or doesn't exist, or that providers like, no, I don't want to do business with you. It's always possible to route those requests over decentralized conduits to devices that you're actually physically in possession of. But we think, like in the 99% case, it's good to have a high availability one. And you only really run into the thing where you need to custody at home for high availability. If you're talking about dissident scenarios or someone's been canceled or something like that, they'll have to take the responsibility to host it themselves. But it's yours. And the cool thing is, even if you have your high availability stuff out there, all the data is copied to your phone. So if there was to be an issue that we talked about and we kind of went over, you can reinflate yourself immediately, you can walk to anywhere else, set up a replica, and it's just going to start syncing and you kind of like you're alive wherever you want, right?

Kevin Rooke Timestamp: 32:56

Okay. Now is it right to think about this like this Outbound node or this high availability node? Is that similar to how you may have a cloud lightning node? Is that the idea? Or it's just like super high availability, high up time and has the input to handle a bunch of transactions?

Daniel Buchner Timestamp: 33:12

It's similar, but depending on how the lighting set up is, if you're not in control of your own keys, if you're really actually committing to a partner out there and you're not in control of that, it's even better than that in terms of because your D IDs are always owned by you on your phone. And the authorizations like if I am Alice and I give Bob authorization to be able to write to my logical set of devices and Outbound node, I'm the one who's signing him a capability sort of assigned proof that says you can do this. Like you can put photos up there, right. And that node that is not physically under my control could go rogue. And I could say, well, I'm going to let Bob put something you didn't allow him to put in your data, and then eventually that data is going to be attempted to be synced down to your phone. But the cool part is the permissions are all tied to your keys. So you would just immediately say, I didn't allow Bob to do that. Right. So there's actually a greater degree of control here because there's no way that you're not putting trust in the app unknown giving them keys, ever. They never have signatory control. They're kind of more like a dumb data store. So the worst I can do is make an attempt, but you're basically just going to toss anything Invalid like the second you see it.

Kevin Rooke Timestamp: 34:31

Right now this strikes me as something that requires a lot of transactions, and I don't know much about the scalability issues at play here. Can you talk about like is it scalable to have everyone in the world operating on a system like this? Is it possible?

Daniel Buchner Timestamp: 34:50

Absolutely. Let's get into Scalability. So D ID themselves. They're very infrequent in terms of their operations. Right. There are ways not to even have to do like an operation to switch phones and we're looking into those. So this may be like recovery. I mean, you're talking about an operation once a year. Maybe it's not frequent, right? You don't have to go into Ion and sort of touch that layer 2D ID, Bitcoin anchored system. Hardly ever. Right. Just like you don't have to update your DNS for what? I've been updating my blog one, and, God, I can't even remember how many years. Right. So it's more like that. So at that scale, we think we're appropriate for that layer, too. At the scale where you're talking about massive transactions happening, it's not transactions like any blockchain. Remember, these DWeb nodes are not blockchains. They're not like consensus systems that have to go through all this nonsense. They're essentially a special D ID based content server that talks to your devices and other known replicas, which are only the ones that you have under your control and maybe a couple outbound. Right. So we're talking about syncing between for a person's individual data, syncing between their devices. It's not crazy. Now, you might get a lot of inbound. Like, let's say you did something like Twitter on top of it or some high extreme use case where you get a lot of I. Oh, that's just like someone goes and pulls your tweets from some server, right. It's literally server requests. So to the extent you could scale like traditional systems, you can scale the system because it's not that different, right. It's using a lot, all the same tech, and it's not using any consensus system.

Kevin Rooke Timestamp: 36:23

I hope you're enjoying the show so far. I just want to give a quick shout out to our sponsor, Voltage. Voltage is the industry standard for Lightning network infrastructure. Creating layer two applications and services on top of Bitcoin starts with Voltage, where you can spin up nodes, get access to liquidity, optimize your node, and much more. Voltage is leading the way as the next generation provider of Lightning network infrastructure. And if you want to get a free trial and start using Voltage today, you can do so at Voltage Cloud. I want to also touch on Privacy because I know that's like an issue that often comes up in identity related discussions. Is there a way to make it so that the transactions, I guess they're private to some extent, but I can choose to reveal which information I need to reveal to certain apps. Is that the idea?

Daniel Buchner Timestamp: 37:16

Yeah. So your data by default, you encrypt it, right? With keys, you own control. So let's say you had one of these DWeb nodes running on your phone and your laptop and some outbound provider. Right. Which you could change easily. And everything I do at the onset, I have this one app, this cool note taking app, and I want it all to be encrypted. No one should see it. So you can connect that data locally as you're typing into the app. It's going to sync to your laptop and to the other node out there, the remote. And it's going to be encrypted with keys you own. And so the trust that you have in the remote is just that they're holding it. They're just holding it. And I guess they shouldn't propagate it even though it's encrypted. Obviously, we don't want them just handing out encrypted information either, but that's the degree of trust. So still completely with you. If I was Alison wanted to give Bob access to my nodes because I created a shared node, I would be able to sign an encrypted capability that includes an encrypted key to Bob. Right. I'd go contact his DWeb node, basically look his D ID up and send that capability through. He would get it on his phone and he would say, oh, great, now I have the right keys to be able to go fetch, decrypt, prove authorization to be able to do these things. And I can see it on my phone. So it's an end encrypted system where the data at rest is encrypted with keys that you own control and only people you authorize can see it. Now that covers entirely private data and semi private. I shouldn't call it semi private, but shared multi recipients shared data. But there's lots of times where you want parts of your identity to be highly public, right. What good would Twitter be if all your Tweets are encrypted with keys that only you could see, right? Yeah, it'd be pretty boring out there. So the idea that people don't want their identity exposed is just nonsense. They do it every day. And this is so funny because I've gotten in threads with people who yell about how they don't need identity on Twitter as they tell me things about their identity. And I'm just like, baffled, baffled. I'm like don't use Twitter, step on your iPhone, get ready. If you don't like identity, prove it. Right.

Kevin Rooke Timestamp: 39:22

So then it's level of like we're sharing our own identity, right. Rather than our own Identifiers in that circumstance.

Daniel Buchner Timestamp: 39:29

Yeah. And it doesn't mean that it has to be like your human identity D ID pseudonymous. It's not like your D ID is like colon Daniel Buckner and you can have multiple of them. Like I touched on before, it's not just like one idea to rule them all. You could create Pseudonyms, right? Like Shinobi on Twitter. It's a pseudonym. It's not who he is. He's not divulging who he is. Right. So you could be as pseudonymous as you want. But the reality is if you're interacting with anyone you want to, you have to at least use a pseudonymous Identifier so they can interact with you. So they can connect with you.

Kevin Rooke Timestamp: 40:04

Yeah. Now this brings up an interesting question that I don't really have a good answer for. I'd love to hear your thoughts in real life. I can't shed my identity very easily. I just can't just turn into a new person and have everyone just like, totally forget who I am. There's a trail. It's a level of accountability that it gives me. And it means that I know I can't shed my identity at any moment. So I'm not going to do stupid stuff. I'm not going to break the law and do all these things that could otherwise be just like, wiped away if I could. But in the digital world, if everything is pseudonymous, I can spin up a new profile or spin up a new node or create a pseudonymous account on Twitter. Is it realistic to replicate the same kind of constraints we have in the physical world in a digital world?

Daniel Buchner Timestamp: 41:03

So the same constraints can still be applied, albeit through sort of different avenues. Right. So one thing to understand is that D ID at birth are just gobblegook strings that map to some keys and potentially some endpoints. And they have no history. They're nothing, there's nothing associated with them. So they actually start out in a different state than scammers and bots and other things can start out in the world today. The world today. Like, if I go on LinkedIn, for instance, and you see someone's profile, it could look exactly like, I don't know, pick your tech CEO. Someone could just copy everything like word for word. Right. Copy everything about it and take their best shot at just scamming you, because they're going to from inception, give it the appearance of legitimacy. Right. And they can do that easily. You could programmatically do these things. Now, did start the opposite. They start out with no legitimacy and you have to build it and you have to build it through credentials and trust based reputation. So could you spin up a D ID quickly? Yeah. In Milliseconds. Right. Can you acquire the sign proof from institutions and from trusted sources and peers and whatever, whoever you're doing business with that say, yes, you can go validate my D ID. And there's this chain of trust, this web of trust. And I say that this is the person I have been buying supplies from for five years. This is the person who owns the house at this location. Really hard to go infiltrate the HSMs and other systems of all those signers and be able to take them all over, sign these proofs. I mean, you went from I could do it as a bot with a five line Python script to I have to literally drop ninjas into data centers. And I like the gap. Right. That's what we're going to do for infrastructure. So when Elon Musk talks about wanting to identify all humans, I do get a little scared of that. I don't think you need to identify people so personally. I think what we do need is we need, like, did some signaling proofs and reputational proofs that are very hard. Right. At least 99% harder to generate. That take a long time. It doesn't have to be money. I know everyone out there is like, well, just pay $20. It's like, what if the scam you're pulling is worth $21? People trying to hit everything with this hammer of money. It's so hilarious. It's like, yeah, for old people, a scammer probably would be willing to pay $20 because their come up is like 100K. So $20 is sort of like cost of doing business. Might be better if the scammer had to prove that they were a registered ARP business and also had a Secretary of state business license and other stuff. And that's pretty hard to replicate. Right. Got to create tax numbers like file. Every year, the barrier goes up significantly. So that's why I like identity. I'm not against using money as that barrier, but it's the crudest tool. It's like taking a jackhammer to, I don't know, like chip away like a wood sculpture or something. It's just not really the right tool for the job.

Kevin Rooke Timestamp: 44:13

That's fair. Okay. So I want to make sure I understand correctly. The Identifier will start out with no reputation and no status. And if I connected with another node on the network and they find something that says that I am this person or I have done something for them, or I have proven some level of status, I can accrue a level of reputation or trust. Is that the idea?

Daniel Buchner Timestamp: 44:42

Yeah. Okay, that's correct. That's correct. If you want to burn your whole ID, I mean, if you want to screw some of yes, I guess you could start with the new D ID, but you're going to lose a lot of that stuff, right? You're going to lose a lot of that trust. You have to build that back up. So it's your choice. But it is not a low bar. Okay.

Kevin Rooke Timestamp: 45:00

This sounds very similar to a conversation I had with John Carvalho at Synonym. I want to say maybe back in December, and he was talking about building a web of trust in Synonym, and he has slashtags and he has a bunch of different features he's working on there. Can you compare and contrast the differences here? For me? I want to understand what's different between send them system and the one you're describing.

Daniel Buchner Timestamp: 45:24

Yes. I always want to be really respectful, John. I like some things John says and good guy. I think that what we're talking about.D ID's is a standard version. It is all those things. It does the same things. Right. Slashtags are sort of like a nonstandard form of Identifier that were just created, I guess, by the startup. Right. But they have the same intentions, I think. Last I checked, they're using a public key, like sort of a non rollable public key. I don't know if they're still doing that. So things could have changed in the intervening months. But yeah, an Identifier strongly proved it with a key. I don't know what they're doing for their signature improved formats. We have an international standard for that. So hopefully they're using the international standard that's being rolled out in tons of places as the basis instead of creating some other one off format data stores. Yeah. They have a concept of data stores. I think the biggest difference is we're trying to do it open source and open standard, because the reality is if we're going to ask people to boot up a real decentralized web, not this Web3 stuff, but a real decentralized web of applications and services, it really needs a lot of eyes on at every single step. Right. And that's why we're going through some of these standards bodies, because it gathers a ton of stakeholders from a very wide array of communities to kind of make sure are we covering every use case? Like, we think in one way as blocked previously at Microsoft and others. We have our business cases and we come to it with a set of eyes. But it's a whole different thing when you purposely expose it to incredible scrutiny. Right. And that's what that standards process is. It's not fun. I personally don't even really like it that much, to be quite honest with you. But because it takes longer, it's harder, you get more arguments because it's not like the group think you have is one company. We're all doing this one thing for this one purpose. People are going to come in and challenge you. But it's a good thing. It's a good thing because it's like beating iron. Right. You're just trying to build strength into what you're doing and making sure you cover everything. So that's what I would say. Goals are aligned. I love that there's a person who really cares in the ecosystem, like John, who also wants these systems to exist. And John has even said he's like, I think that his folks and us are really the only two that are pursuing this sort of direction, the correct thing. And so, yeah, all respect to John, we're going a slightly different route.

Kevin Rooke Timestamp: 47:58

So the difference would be in opening the standard rather than having a closed standard. Is that the idea?

Daniel Buchner Timestamp: 48:03

Well, some of these things are like the code is the standard. It's like, oh, I mean, even for developers, that kind of sucks. I hope you documented it really well. Right. Because if we're going to make the code, the standard better be pretty damn good and easy to read. Or maybe my read me on my project site is the standard. It's like, what guarantees do I have in terms of versioning, in terms of like, are you locking that into before compatible? Is that versioning and that guarantee, like Codified a body or some sort of generalized group that makes it really hard for you just to switch directions on me? Because remember, we're talking about billion dollar companies like everyone in the world building in this. They're taking a huge dependency if they can't take them a decade at least a decade long dependency, typically, sometimes even more that's untenable. It's just not something they're willing to do. I mean, they got to deploy a lot of capital to implement some of these systems and then base the core of the products on it. So I just learned that through going through the process at Mozilla and at Microsoft, and it just is the way it works at a certain level. Are you going to convince a few Ram developers to build apps on something that you just kind of like you're just throwing up and updating your own readme? Maybe are you going to convince the world to change because of it and take a major flyer on underpinning critical infrastructure? Probably not.

Kevin Rooke Timestamp: 49:23

Interesting. Can you describe the process that you go through a block and maybe this is Mozilla and Microsoft as well, but in how to get these standards to be resilient and to be like something that the entire world could adopt. What does that process entail?

Daniel Buchner Timestamp: 49:43

Yeah. So I'll talk to you about when I first sort of got involved with standards, which is actually a little bit before Zillow, I was a contributor to a JavaScript library called New Tools. It was back when jQuery. It was sort of like, the more, I don't know, programmer depth, I don't know. I don't want to be disparaging jQuery, but I always thought of jQueries like spaghetti and MooTools was sort of like more of an object oriented framework, and you had to know JavaScript to do it. And so I contributed to that. And it sort of led me into thinking in terms of like, well, how do these standards get into ECMAScript, which is actually the foundation of JavaScript? There's a body called ECMAScript, and they publish these standards, and that's how JavaScript the language gets updated through a committee called TC 39, which Brendan and I helped start, and he probably has representatives that are still there. All the major browser vendors are part of the script folks like W3C. What WG. Those are the basic things that could affect all web technologies, those groups. And what I learned going to Mozilla was that was a formal process and that there's a reason it took time. I worked on a standard that took seven years, one time, which was not the most fun I ever had, but it's deployed in all browsers today called Web components. Right. So you can have standard based extended slashtags and HTML that you can define as your website and interoperate with across the web to finally have widgets that can be easily composable. And it took a long time and it was hard and we had fits and starts. But at the end of the day, it's going to be built in the web for 20 years. Right. And that process is as easy as it sounds simple. But you start a working group, you ensure that people come and sign on to the charter to ensure that you've got the right people in the room. Other people can come along as it goes. You have calls on a regular basis. You hash out and debate hard topics that there's going to be lots of disagreement on. Sometimes there's quiet periods of the month or two. Everyone should be building towards the current target and building the reference implementations to conform. And then at the end, after usually minimum of two years, you've got something that has been battle tested, that is hardened, that multiple implementers have picked up and created their own separate implementations of. And so that was something I just learned how to do at Mozilla. I went to Microsoft specifically because there was an opening to work on these centralized technologies and try to get them to a state of readiness. Because at the onset, it was just things people were talking about in small groups. Right. Let's get them mature. And we've, by and large, we're using the same process at Block. Luckily for Block, most of the technology has already been codified. D IDs they're just about to be ratified. Verifiable credentials were ratified three years ago. These new DWeb nodes. Things are very close to having sort of that beta draft of the standard. And if we can nail all those down, that's the platform. We've got a standards based open source platform.

Kevin Rooke Timestamp: 52:46

Interesting. So when you talk about things being ratified, who's the committee or what's the group? I don't know much about this sphere, so I'd love to just understand, because to me, it sounds a little bit like this is like the Federal Reserve of Web technology or something like Ratifying or approving a decision. Who makes those decisions?

Daniel Buchner Timestamp: 53:07

It's a signal, right? This is one of the craziest things. I heard someone say standards are centralization, and I'm like, not really. I mean, like a couple. You go to a doctor when you have a problem with your body and you might even get multiple points of view from multiple doctors. Are you going to claim doctors are the point of centralization or do you want to bring it to a body that can help security test things and have smart input and then eventually say, we're at this level? Because. And it's not always this way. I mean, there are some abuses of the system and all, but the idea that you're bringing it to a capable body of, likeminded, individuals who want the same outcome, who have signed on and who are going to bring all of the resources of their collective companies to bear to ensure and button things up is not a bad thing. And then at the end, if someone else doesn't want to use a standard, it's not because it's a standard. Like it's authoritarian forced upon you or something. Right. It's just a document that sits there at the end with maybe some implementations and you get to decide, is that valuable to do what I need? Right. Just like there's some standards that get codified that certain browsers just don't pick up. They don't have to. They're not mandated just because it went through WPC Apple for better or for worse, for some of them because they lag. It's kind of like the new Ie of the web doesn't pick up quite a few standards. And some I wish they would as developers, but some they disagree with and they just don't have to.

Kevin Rooke Timestamp: 54:34

I see. So it's not a requirement to abide by whatever this committee says. It's just like there are people to help out, integrate some of these standards into the web. And if anyone wants to participate, they're more than welcome, too.

Daniel Buchner Timestamp: 54:49

It's a bunch of individuals with some pretty good reputation behind them in terms of security and technology and development. And their history speaks for themselves. Like, these people have done this. They're professionals, and the process is a stamp. It's just a stamp to say, like, look, this is what you're getting in the box. You have this trust guarantee that this thing isn't going to change tomorrow because some CEO says, oh, I want to change the API, let's break everyone, right? You get these certain guarantees that you can rest on if you choose to implement and use that piece of technology. And there's a big thing with IPR too. We're members of Diff and W3C and as block. And what we're really interested in is that IPR means that anyone who uses the standard afterwards intellectual property is not bound to be hit by lawsuits from patents. How the IPR typically works is all the people who sign on to the charter, they voluntarily give up their patents to say, we are not going to be able to sue anyone on this work. These patents are not going to affect anything you choose to adopt. It was really important that Microsoft is in the early D ID work because honestly, Microsoft is a strict patent factory, man. I mean, I have a bunch of patents in my name, and the idea that they signed on to these specs and said, look, this is going to become something that is not there in the ecosystem to harm you is really important. And if you don't do something in an IPR protected group, you're taking your chances with something that may be open source but could have a bunch of patents that affect it. And it's just a different level of security you get as a company.

Kevin Rooke Timestamp: 56:28

Right. That makes a lot of sense. Okay, now I want to transition to the application layer. On top of all this decentralized identity discussion we've been having. What do you think developers will build?

Daniel Buchner Timestamp: 56:44

Yeah, this is actually why I started doing this. I started decentralized identity stuff in 2011 Mozilla, and the goal was not identity. I actually didn't really care much about identity at the time. I was like, oh God, I mean, I know email sucks. You can get it taken away. How do I hop over this identity problem and just get to like, I want to build a decentralized application that stores my data with me and I can share to whom I want and I don't have anyone in the middle. And sort of what I quickly learned in about a year of just self work at Mozilla, my 20% time was there really is no hopping over the identity problem because you can't really own your own stuff or do authentication or do authorizations without having an Identifier that you are in control. So that seven year period between then and 2019 or 2020 was all about just building the guts of this thing in the middle that I didn't particularly like. My goal in the end was like make cool apps for developers that were just in this new style. But it was like little did I know there was the better part of a decade in between and setting up the foundation. Right. Let's skip over to that and go to the apps. We have everything. What apps can we build? I want to see apps like the apps that are on your phone, not these weird Web3 apps, 150% collateralized loan to buy a fractional shit coin share of some NFT. Right. I don't wake up every day wanting to do that. I don't know that anyone who's not speculating does. I think it'd be nuts to find someone who's just like that's fulfillment in my life. What I want to do is I want to have the apps that we have today on your phone, but I just don't want the middleman in between. There's no reason it needs to be their server, their application server. My data is it can be mine. Like, I can connect more directly. This stuff should be more private. I don't need people reading my grocery list and showing me ads for something that I bought last month that I don't need anymore. I just don't need it. And I want to see I think it will start, like we said, with some of the smaller and more personal apps like to do list. You could bang that out in the weekend. You could do maybe a small collaborative thing that you could set your spouse up with. You could probably bang that out in a weekend. Right. These are the sorts of apps I think will be prevalent with the indie developer community. Like a single developer system does something pretty soon after lunch, then you're going to get larger scale things like what we're doing with Tbdex, which is everyone's using the same platform component, but they're using it for a purpose of creating decentralized exchange, which is data sync between these peers. Right. More elaborate, take a lot more planning time, all that stuff. But there are companies that I think will hop in and they want to build that next level of difficulty. Right. And what we talked about this with is you have to have. It's like a double sided market problem where if you can find people who want what the other one has to do, like in LinkedIn terms. I know Microsoft just launching the Verifiable Credential service here very soon. The one I kind of helped to work on, mostly for employment and Scholastic educational proofs and then LinkedIn. I believe it would make all the sense in the world for them to accept them. Why? Because they have a problem. This has been the solution. If you can find those sorts of application and service connections where both parties are three parties, however many parties involved all want the same outcome, it's a lot easier to sell, right? You don't have to do that hard like Stonewall pitch where the person is like, oh man, this is just a cost center for me.

Kevin Rooke Timestamp: 01:00:08

Now, in the first kind of bucket of applications that you mentioned, some of the note taking and some of the things you can do on your own, how does your vision for that stuff relate to the personal server movement with Umbrella and Start nine and some of the things that they are working on?

Daniel Buchner Timestamp: 01:00:26

Yeah, I've been in communication with those groups and one of them was like, as soon as the stack is ready, we could potentially roll that out as an option. I think that's a perfect fit. I mean, that's where we want to see this stuff. Let's get it into a document. Let's get it on those platforms so that in their respective app stores or whatever they use to be able to offer apps up to people, there can be this decentralized web platform enabled apps that people can install and immediately begin using. And so we want to make sure that the platform is tight, that people are able to develop on it very easily with APIs that make this stupid simple. And so that's our focus really for the next few months is getting that into a state where it's very easy for users and developers in the Indian community. And I think people will embrace it. I think they've been waiting for it. I mean, I think you've seen Jack talk about like how he laments parts of the internet and stuff like that just the centralization come to be and platform just kind of platforms choking out like different things. This is what we should have is the foundation. I think it took going through the pain of the last, I don't know, better part of the last decade and seeing it slowly become a problem that was at one point just technologists saw it. I was concerned about it ten years ago and people kind of brush it off. Oh, that's not a big problem. And then you see it grow. And now these election cycles and these crazy events happen in the world and now everyone's kind of intimately aware of it. So I think the timing is right and I think we'll see a lot of uptake for that reason.

Kevin Rooke Timestamp: 01:02:00

And so maybe the personal server movement, maybe it doesn't necessarily always have to live on like a home node. It can be one of those outbound nodes that you described earlier where it's like more high performance, but you still own the data as if it was sitting in your home with a lot.

Daniel Buchner Timestamp: 01:02:17

You should always have a copy of your devices. My belief is that your core data, be it for the apps or you're identifying credentials or whatever it is, should always be replicated on your devices. Now if you're like a movie buff and you're putting hundreds of terabytes out there, you're going to have to find a way to sync it or get extensions for storage. But I do believe that even if you're using one of those high availability nodes just to take the brunt of the traffic from people asking for, say, public data like your tweets or something like that, you still want that stuff here. So it'd still be synced and backed up. And that gives you the ability to walk away at any time and kind of reinflate yourself anywhere across any number of these things or self hosted at home on your own high availability.

Kevin Rooke Timestamp: 01:02:59

What do you think self hosting? And I'm more thinking of the complex apps like the Twitter, the Apple App Store and things like that. How do you think self hosting changes the relationship that users have with companies building products? Like, how does it change my relationship with Apple if now all of a sudden I'm self hosting my data or my relationship with Twitter and Google? Like 55% or 45% cut on YouTube videos. Facebook takes 100% cut on all the ads that they surface on the platform? How does that relationship change if now all of a sudden, hey, that data is mine. Actually, you can have it, but you.

Daniel Buchner Timestamp: 01:03:46

Can only rent it? Yeah, I think that it can't be understated, right? The enormity of that shift can't be understated. And how I would look at it is some organizations and models are hit harder than others. One of the reasons people ask, like, why would Microsoft get into this? Why would they do this? Right. If you look at Microsoft's revenue streams, it's actually very diversified. Microsoft doesn't get a lot of money from ads and data snooping. I'm not going to say they didn't do it at all. But compared to, say, the Googles and the Facebooks of the world, it's like a sliver. It's like almost nothing. Certainly not enough to build policy around where you're going to build your entire company on that model and defend against things that would hurt. So maybe there's some paper cuts for organizations like that that are not as heavily reliant on owning you, your Identifiers and data as the person. Right. Organizations that are almost solely built on that. I mean, life is going to change. Like, if we were able to successfully do this as a community and people were to buy in and understand that this is the lifeline, this is the thing that they've actually been asking for, not people like Elizabeth Warren. Let's tear down all these tech companies. We don't need to do destructive things. We can do constructive things like put this platform in place and kind of force the conversation at the point that it becomes prevalent. You can imagine that ad models change who holds a day? They're not scanning my grocery list anymore. I have that they have to be a lot more equitable in terms of if they want to learn something about me, like ads could change to where if they want to learn something about you, they ask you, they say, hey, are you in the market for a car? Well, can you give me some preference data? Would you be willing to give that to me? Maybe they defray some of your costs for your high availability that you're running out there so that you can tweet more, right? But you get to choose. You're in the driver's seat, they lose control and they don't own you as a person. And I think that's the point that we have to get to. And if we don't, I think we'll continue to see the growth of these massive walled gardens and platforms that ultimately control everything we do. So the stakes couldn't be higher. And I think it underscores that there are really two things we have to win to win the war in this ecosystem, and that is money, and Bitcoin is doing that, and it's identity and all the app stuff that relates to it. And if you don't win both battles, you might just lose the war because they're both highly interdictable points in people's lives.

Kevin Rooke Timestamp: 01:06:05

That's fascinating. In your Ad example, when you were talking about how a platform may have to ask you in the future if they can get access to some of your preference data, do you think that could also be paid? Do you think that's a use case where lightning does fit in or Bitcoin does fit in and go, hey, all of a sudden Facebook, if you want access to all of this data, you can pay me a little bit, send me a couple of stats every now and then, and I'll give you access to it, and that'll be kind of the new relationship. Do you think that's reasonable?

Daniel Buchner Timestamp: 01:06:34

Yeah, absolutely. I think if I was in the market for a car or something of a certain kind, you type anything in vaguely related, and you just see all these random ads from all sorts of car companies. Most of the companies I wouldn't buy from, most of the types of cars are wrong. They're going to give me like some three cylinder bucket or something. I'm like, dude, I'm not doing that. So to be able to give someone a solid lead just from me is great. Right. To be able to say, like, yeah, I'm actually going to move for a car. I wouldn't hate it if you like, shilled me some of this SUV or some of whatever your preferences, right? Yeah. The same cool thing happens with preferences. There's a little bit of dynamic to it with these sort of sites that provide like a rich experience, like say, Netflix and Spotify and even Title. Where there's Playlists, there's favorites, there's all this stuff. Right. And that stuff could be gathered organically over time. But then other people might want to know that, right. Or maybe you want to walk over to a different service provider and you're like, I actually want to boot up with my personalized experience in Play at once. It's not just ads. It's not just for vampires out there wanting to give you a couple of sats to divulge yourself. It's also for you. I don't like regurgitating Playlists or anything musical across apps. I use Groove on Windows and then on Android, there's a different app. And man, I just hate the idea that I can't sync. That be a heck of a lot better if those apps asked for access to a common source of data and could both party on it. Right. Because I changed something on this device. It's reflected here that should be the experience that comes with me wherever my digital self is portrayed. And that's just way better for consumers. I mean, that's sort of a more advanced world that we're going towards.

Kevin Rooke Timestamp: 01:08:17

Right. So instead of siloed apps that are trying to guess your preferences, it can be instead a bunch of apps that can communicate with you, telling them what your preferences are, and you give them access to those preferences on a case by case basis.

Daniel Buchner Timestamp: 01:08:38

Yeah, absolutely. There's a question that comes up where people will generally ask if they're stupid and it's like, well, why would someone want to do that? Why would Netflix want to put your data in this common form that you could give access to some other app for? In some cases, the answer would be no. They would try to defend the gates. Right. The moat. But I think this is sort of like it's just you've always got to find Brutus. Right. When you find these oligopolies of like five companies, seven companies, there's always like a clear winner or maybe two, but then there's like these other few, and they could get stabby at any moment. Right. Because they don't have all the customers. So if they're going to try and do something that's good for you as a person, they might use that as a differentiating factor. So they get together and they're like, yeah, this is the common data format. We're all going to put Playlists like this. And then they can start to chip away slowly at those incumbents. And so you always got to scan the future Pompey and wonder, who's my Buddhist, who are we going to partner up with who wants to take a stab at things. And I think that's how you can assault some of these large platform, walled garden type things. Is there's always someone willing to do it?

Kevin Rooke Timestamp: 01:09:45

Interesting. Now I want to shift the discussion to Twitter specifically because it's been in the news recently a lot. We have a new change in management, or potentially change in management, change in ownership. How would you design Twitter? Knowing if you were put in charge of running it, knowing what you know about identity and seeing this kind of like having this vision for what decentralized identity looks like. What changes would you implement in Twitter today?

Daniel Buchner Timestamp: 01:10:17

Yeah, I think D ID number one, we got to give people their own ID. And really, you really should implement a way. Even if you don't have that full DWeb node stuff that's out right now. Let's say they did it tomorrow. We wouldn't have certain that last pillar of the tech give it to someone in a downloadable format so they can keep their connections and all their stuff in a semantic format. Not just sort of like, hey, we're a random site like Facebook. We're going to use a dump of garbled bits. It's got to be something where you could walk away and eventually inflate it in one of these things, butD ID's, give people control of their Identifier. Another one is credentials. I think they should implement verifiable credentials. Those things should be replaced just the random Twitter badge that some process that they do that only the Minority Report cognates would know of, or something with something a little bit more transparent that's like, hey, if you can provide verifiable credentials from a reputable educational institution that we know the idea of like, that's pretty good. It's pretty hard to scam. I mean, you got to go drop like 100 grand to perpetrate that scam.

Kevin Rooke Timestamp: 01:11:23

You know what I mean?

Daniel Buchner Timestamp: 01:11:25

That would probably be a better basis, right? And then you could also expand those things to businesses. Like right now there's only one check Mark. Well, why not differentiate that? What if like Square or something was able to say, hey, you're a verified merchant. You're like a large scale merchant. You just do one $5 transaction once and walk away. But you're a legit business. They can give you a credential that says that maybe there's a different type of badge that you could show on Twitter, right? More differentiation. Maybe you build a little web of trust where you can Hover over it and see like, hey, how legit is this person before you interact with that bot or send it? That DM, right? Like some people getting scammed on the app bar. So those are the couple of changes I would make. I think anything beyond that going towards actually decentralizing the whole guts of the platform and how content is delivered. That's a question for Blue Sky. I'd take it up with Jake or ever you might even want to have her on the show, to be quite honest with you. And that's a bigger undertaking. But there's a few things I would do if I had the full ability to do so.

Kevin Rooke Timestamp: 01:12:23

That's fair. Okay, I know we're running out of time, but I want to finish off with a couple of questions about tbDEX. I was kind of looking through the white paper you guys have released a little while ago, and I had a realization that I think I've kind of underestimated or maybe not quite correctly interpreted what you guys are trying to build. Because the first little line I'm just going to read it off here. It says tbDEX is a protocol for discovering liquidity exchanging assets such as Bitcoin, Fiat money, or realworld goods, when the existence of social trust is an intractable element of managing transaction risk. Now, when I first heard this vision for tbDEX, I think the gut reaction on Twitter was it's a decentralized Bitcoin exchange. But now I haven't gone through some of the details of the white paper. And hearing this conversation today, I get the impression that is much broader than that and that it's that, you know, can you explain, I guess, the overall scope and your vision for what that might look like?

Daniel Buchner Timestamp: 01:13:26

Yeah. So in the basic sense, certainly decentralized exchange for Bitcoin or really any asset that you want to trade, the protocol doesn't Bake in. And I'm not trying to upset any people out there who love Bitcoin like I do. It's not trying to Bake in ability to trade other coins or anything. It just not even part of the protocol to limit it. It's just like you want to trade for something. Right.

Kevin Rooke Timestamp: 01:13:48

Certainly you have real world goods.

Daniel Buchner Timestamp: 01:13:50

Yeah, just anything. Right. We would have to encode special things to block you from trading certain things, like in the code, like, oh, is it this don't allow it. So it's an open protocol. You can do with it what you want. One of the first great use cases we have is going from Fiat to Bitcoin, Bitcoin to Fiat. Right. And the reason why you need trust there is because there's no such thing as, like an atomic swap or anything like that in the real world where the Fiat resides. And when you cross system boundaries, it's very hard to do atomic swaps in certain ways to that reputation. So right off the bat, you might want to communicate with an outbound financial partner who has whatever asset you wanted to buy or you're going in and out of Fiat and you need to present like, hey, I proof up to whatever requirements you have. This is a touchy area because people say, well, that's KYC. It's like, well, hey, man, if you're talking to a bank, it's not like the Protocol's fault that they're going to ask you for something, right? I'll stand out there and say, I don't really like it. I don't really like those types of reputational proofs, but it's your choice. If you want to go interact with that sort of energy, you can do so or not. If you want to do a peer to peer, you can also do that, right? You can exchange these credentials and reputational proofs to potentially buy from a peer. These things are not like baked in the protocol. One way or another, you have optionality. Now, it might seem like maybe it's a niche use case or something like that. I don't actually think it is. Bitcoin to Fiat. Fiat to Bitcoin has been a problem in the ecosystem, and we think that this could be a general solution that all participating financial institutions and peers could use, regardless of how they want to Orient themselves. But let's Zoom forward and talk about the enormity of what the opportunity is. There are still even if we were in a hyperbitcoinized world and Bitcoin is the only currency and everyone's using Lightning and it's all fantastic, they're still going to be the state where you have to reach into meet space to buy things. I don't want to buy a car. Like, I might want to know the vehicle history of that thing and the pink slip and these credentials, these reputational proofs that prove that I'm not just getting scammed. So the protocol allows for that. It allows for value exchange. Even if it's not a currency or money. It allows for value exchange, period. So that's not stuff we're actively working on. We're not working on those use cases of actually doing physical object exchange or anything like that. But the protocol certainly could do it right. And we could evolve it into that because all the foundations are right for it. So maybe Open Bizarre is just early. Who knows, right?

Kevin Rooke Timestamp: 01:16:14

So this protocol, do you see other businesses then building on top of it? Like, is it realistic to say other exchanges being built on top of this protocol?

Daniel Buchner Timestamp: 01:16:27

Yeah. I mean, this could be exchange to exchange value transfer as well. It can help facilitate. It doesn't have to just be through an individual and company or another individual. It could be companies doing it together kind of is like a generalized API that they can use to triangulate. Like, oh, here's my credit. Okay. I want to be able to have some of that. So, like, let's transfer whatever requisite proof in terms of regulations you need to. And let's get this finalized. Right? So, yeah, it allows for all of those things. So if it's two businesses that are happening to be regulated businesses, they can true up as they need to, right?

Kevin Rooke Timestamp: 01:17:00

So any entity can kind of participate as they need to. Interesting.

Daniel Buchner Timestamp: 01:17:05


Kevin Rooke Timestamp: 01:17:05

Okay, I want to finish this off with one final question. I'd love to learn more about what applications you're using today in the this could be like decentralized identity space. This could be Lightning, Bitcoin, anything kind of like what has got your attention today outside of the work you're doing? Is there any particular applications that you're excited about that you want to see more attention on?

Daniel Buchner Timestamp: 01:17:31

I think all the Lightning apps. Anyone who is implementing Lightning is a wallet easy. I list my favorites because I want to play favorites that way, especially if I work for a company that has apps. But yeah, any of those great ones that are out there. And Alex Gladstone talks about a few of them that he really likes. I like a lot of those, too. The other ones that are not decentralized. I like Signal. I kind of wish Signal was just die base and it wasn't their servers that were hosting it. Maybe if you knew someone's D ID, you just send an encrypted message to anyone on the planet and it's like Global Signal that doesn't have a company anywhere. So that's one hint, I suppose so. I really like that app. I think it's a great use case. And then I do use a couple of wallets for testing that are pretty slick, that do credentials and do actually allow you to exchange them. Again, that's a pretty nascent thing that's just coming out from Microsoft, for instance, who's going to very much popularize it, I think with all those companies that might matter in the world in terms of adoption. But as that grows, I'll probably have more opinions about who's building the best app. We might even build one who knows.

Kevin Rooke Timestamp: 01:18:39

Fair enough. All right. I'm very excited to follow along. Where can listeners go to learn more about you and the work you're doing today?

Daniel Buchner Timestamp: 01:18:46

Yeah, I should know this. It's bad that I don't know this. So if you want to go to TBD website, that should be the current one, TBD website. And that's mostly developer focused right now, but it's going to have kind of all.org site that kind of replaces that, and developer stuff will be a part of it. So that's going to be like a great durable link you can always go to. And then it lists all of our technical projects under it. Currently, you just have to do a few more clicks in the coming months and yeah, get involved in the repo. And then another big one is if you're an independent developer or a company of less than 1000 individuals, it's free to join the centralized entity foundation. So if you go to Identity Foundation, join there. It allows you to contribute without having everyone have to worry about if you're going to insert patent things into code and stuff like that. Totally free if you're an organization of over 1000 people. Just does ask that you pay to help keep the lights on in terms of the organization, but it's not even that much. So keep that in mind. And yes, awesome.

Kevin Rooke Timestamp: 01:19:58

Thanks so much for taking the time. Fascinating discussion, and I can't wait to follow along with all the work you're doing at block.

Daniel Buchner Timestamp: 01:20:05

Thank you very much for having me.

Privacy Policy
Terms and Conditions