 I'm not used to special excitement for my talks, so let's see how I handle it. Today I'm going to be standing here on this stage kind of thing, also first time on the stage actually, usually it's another stage, but just to be in the room. Revolutionizing identity. So I'm going to talk about digital identity, what it means, the definition, where we come from, where we are right now and where we need to go to kind of improve on this, that's why Revolution is in the title. And then I will show how we, as you'll look from, which is a start-up that is represented today for me and Joachim, the founder and Kasia from our debt team here at the MEDA, and how we kind of solve it and handle it. I don't know, is this time okay or is it way too loud? Just, yeah, cool. Nice. So digital identity, just to give you a quick intro to what it actually means is basically a digital representation of you as an individual, of an organization or even of a thing. Okay, so it's just a representation of this kind of person, organization or thing in the digital sphere, cool thing, right? Not much more. But what does it actually contain or what is it made out of? And that's actually attributes. So your identity is unique to you, right? Like the identity as such just stands there, but it becomes meaningful through attributes, through things that make you up, right? Like your size, your name, your university certificates or any other kind of information that is connected to your identity. These things are all called attributes. And these attributes, just like assuming that they are kind of trustable and trustworthy, they enable you to get into relationships with people, right? Because when I have an identity that is trusted and you have an identity that is trusted, we can interact with each other in a completely new way because I don't have to worry about you being new. And that's pretty worthwhile, especially in the web, because there's this old statement that nobody on the internet knows you're a dog. And that's kind of where we come from, right? We want to be sure that we don't talk to the dog. Well, sometimes we might actually don't want to be sure. But just as a kind of introductory figure and 293, there's no context given, which is a bit boring, so you have to give me the context. Any guesses in the audience? What could it stand for? Attributes? Oh, yeah, that could be. Very good one. That's the first time I hear attributes as a guest. But another one, maybe? They say you're drunk every year. They say I'm drunk every year. No, no, no. That goes up to 365, I guess. As you can see, I'm bouncing on the stage a bit here. So it's actually 293 identities because of Yahoo's sitting in the room. We kind of at one point went through emails to see how often you got this account confirmation notice, I guess, and counted all the digital identities he kind of accumulated. So in this case, we understand digital identity as the account you create to identify yourself towards the service, right? And right now we live in a web where services are centralized institutions that are represented by a website or a service based on a server, and you have to address the server and you have to identify towards the service. And usually you do this with a unique identity created for this interaction. And by that you basically accumulate many, many, many, many identities over time. And this causes problems. So the problem in today's identity setting is that you collect all these different accounts and it becomes terrible to manage them because you have several passwords or maybe just one, but that's a problem for itself. You should have several passwords to keep all these different accounts safe. You also have different kind of login names, nicknames, username, email addresses, and so on. And this is a kind of usability horror in itself, right? And it can become a privacy barrier as well. But on the other hand you also have this problem that you have a lot of repetition, right? Because for each and every account you enter your information again and again and again, right? Like you enter your email address every single time you log into something. If you have to pay there, you also have to kind of give your payment details and maybe pay a call to your credit card. It doesn't really matter that you have to put them in over and over again. So not that just that there's every single time the potential for failure. So you making something wrong or there is something going wrong. You also always trust the entity that you give this information to. And this brings me to the next thing, your data is spread all over the net, right? In this server client centralized infrastructure, you basically kind of have to trust your data to the other. Because it's not that the data resides with you, you actually give your data away. And from that moment onwards you have to trust somebody else. That they take care of your data, they're not going to be subject to data breaches and that they are able to secure your data. And that might be fine right now if you say I trust Facebook and Google because they're huge and their whole business model relies on protecting the data and blah blah blah. But there's other services and even for Google and Facebook where there's just huge data breaches happening over and over again. I'm not sure if you know about the Yahoo data breach that was expected to be 600 million identities stolen. It turned out to be 2 billion. What the fuck? And it took them 4 years to discover. So this is a huge problem, right? And it actually doesn't go away if we don't change the way we think about identity. And that's actually what it all comes to in the end. We want to regain control of our identity and enable people to regain that control for themselves. I mean truly for themselves. So in the past we had this digital identity or also called user-centric identity depending on which specific concept you look at. And in the future we plan to have self-sovereign identity. And here I'm not just talking about YOLOCon but I'm talking about a general movement to change the idea of how we use digital identities. I'm not just making start-up kind of pitch commercial here but I'm just describing the general concept of what self-sovereign identity can be for us and mean for us. And this means that you actually carry your identity with you. Just as today you have your physical wallet, right? Like this thing where you carry your ID card, where you carry your insurance card, where you carry your bank account and so on. This kind of thing has to become digital to some extent. And to have it digital but still secure and still controllable you have to carry it with you and it has to be controlled only by you. So it doesn't make sense if let's say Google just says we create this wallet for you and now we happen to use it. That's not really the kind of point because you can still have the problem that you give all this trust and information away. And the idea is that you kind of have it with you and if you give it away you're the one deciding it. So personal information in this world where you carry information with you and bring it to the service instead of leaving it there and going away again basically allows you to have all this repetition that I talked about, gone. You enter the information once, you verify it once so you prove that you're actually having this driver's license or you prove that you actually are this old and from that moment onwards you can use it over and over again. So for you as an individual it is just a really, really nice and easy way of switching between services. Because whatever amount of accounts you might create you don't give away your data to these accounts. You just create the awareness that you might come back at some point and you kind of have an account but it's not an account in the sense of today where you give all your data away to the service. And what this allows you to do is that if your data changes and that's the third point on the right side is that you can update it and you can be sure that every service you interact with from that moment onwards actually knows it, that you have updated information. I don't know who in the room like moves every now and then to new places, new addresses. Like I moved several times in the last few years and it happens that eBay and Amazon don't know because they forget to tell them. And then the thing I really wait for to be ordered and I get this kind of email and inbox that says your package has been delivered and you realize fuck wrong city, wrong flat. These kind of things happen because we don't have a unified cell software identity. These things happen because we are not able to fully control that everyone we interact with has actually kept up the date and it's all on us today to kind of fix this. And at the same time it allows you to control who you interact with and who you share the data with. So just to kind of come back to this question of don't we really have this yet? I mean you can already have this user experience perspective of it because you can log in with Facebook into 15 million websites right now, 15 million services. And it's 10,000 every day that come on top. So if you fully trust Facebook and if you find that they know everything you do you can already have that usability. You can have all your data just residing with Facebook and then you go from one service to the other. But it doesn't really end the same for Google right? I just don't know if the details there but it's the same concept, social login. The problem is you don't really control what's going on. And we all know that then Facebook changes their terms of service and you might be the kind of person that updates that and that takes the right boxes to keep their privacy. As soon as they change their terms of service you have to do it over and over again because they don't keep your old choices. They always go to default which is everything goes to them. And the solution is YOLOCOM or another self sovereign identity solution because that allows you to be the one that has the data and control who gets access to it in which case and in which transaction. So in the current world it's basically others own your data. You don't control it, you pay with your privacy. If you change your data you have to change it in many many many places and user names and passwords are just a usability horror. In the self sovereign identity world and I know I think I said it a few times so repetition helps to remember. You are on your data, you control your data with your private key. So it's just the only person having access to it is you. It's not YOLOCOM actually as soon as we ship the product to you so to say so as soon as you download the app you're the only person knowing what's going on on this app. It's not the kind of cloud hosted service that you might know from today. And then from this moment onwards you decide who gets the data. So when you log into the service, when you start to interact with another kind of organization or individual you always see what kind of data you share and also on which kind of terms. So that's a pretty important point. You can see on which terms you give your data away and we envision a kind of future product based not on the alpha version that we have right now but on a future development point where you just like give some information away with your data where you say you're allowed to keep this for two weeks or you're allowed to keep this as long as you're required by law because there's some interactions like with insurances and so on where they have to keep data for a certain amount of time. And this allows you to kind of fully execute your it's called in German Informationales als Bestimmung unfortunately I don't know the exact term for this but I think it's a really, really important basic right that you can decide who knows about you, what you actually do or not to. And then this is kind of how it looks. So this is the YoloCom Smart Wallet and the YoloCom Smart Wallet really is just an app on your phone and it's a bit of a special app because the only way to get into the app is with this magic key that only you know. So it's not the kind of super random app it's more like it's the simple, lovable tool that you use to get to where you want. It's not the final service you interact with but it's the way you choose to get there. That's a really important thing you have to kind of make up in your mind. And what it helps you with is that it stores the data for you that all your private keys and all important information doesn't really leave your phone right like your private, secure key doesn't ever leave your phone and at the same time it abstracts all the different problems of key management for you so you don't have to figure out this whole PGP mess that you know from any mail or emails, okay? This problem that you might not really know which key you have to use here or there and if we imagine that you can use the cell software identity for all of your daily interactions you might not want that your public key is shared with everyone, right? Just imagine you have a public key that you kind of do all your data and identity and kind of interactions with and it's always the same public key and you use it to talk to your doctor and you use it to talk to your e-commerce shop and you use it to kind of talk with your car sharing service and then for some reason all these kind of other services look at the data they have and they share this data amongst each other like they do today, right? Services share data with each other to give you better advertising, it's called then they could find out that you're actually the same and kind of similar person and they could do the same thing they do today even though you have this advanced kind of new way of identifying yourself on the web so what we do is that we basically create new public keys for you for the different interactions you go about so you don't risk being found via your metadata and we try to figure out ways how we can kind of avoid these kind of reverse engineering attacks on your identity that can come from releasing particular kinds of metadata with your identity and the interactions you go into and another really important part is that we're non proprietary and that we are fully open source because I mean it's always nice if you have a product that is closed source and you can sell it, especially if it looks nice because that's rare for open source products but then can you trust it, right? Like can you really look at it? Can you see if you can make it also better? I mean do you always want to rely on YOLOCOM that YOLOCOM is going to do the job perfectly fine or do you also want to have the control to maybe tweak it a bit, make it better, improve it, contribute to your community, right? So what we envision is an ecosystem for identity we just do the first step, right? By setting it up and by working with other startups to build the basics of these ecosystems for identity so we figure out what kind of standard can emerge for exchanging things about your identity, right? And then we try to figure out what other startups do as well to kind of align to their expectations and our expectations. But in the long run we envision that everybody can freely opt in and say, hey, I want to contribute. I want to also have this kind of wallet app but I want to make it a bit different, right? I want to make it for people that have a different kind of design attitude or I want to make it for people from a different cultural background that might want to have a different UX because they go about thinking differently because they're used to a week differently, okay? And you can't expect that Unicom does all these things. So why shouldn't we all kind of work together based on the same open source kind of libraries and products? And that's kind of just what the kind of philosophy behind the Unicom identity system is. And here we just see how it works. So you enter your personal data and you get it verified. It's the most important step and we want that the information we put there and the information we exchange with others is true, right? Or is trusted or is verified by people that you can trust. So that's why I talk about an ecosystem, right? It's not just the identity itself but it's other organizations like for example state organizations or private institutions that verify the different kind of attributes that you give about yourself. And this whole system builds up a kind of interconnectedness, right? And through that interconnectedness and through the reputation that is built up and through the trust that is built up between the actors the whole thing becomes valuable. And then you use your identity. And right now this looks kind of like this. So you have a service and this service allows you to either log in the old way so you have these five different kind of fields where you have to enter information and then you press create account or it allows you to just say, hey, what's the problem? And then you get a little kind of pop-up on your phone that just says, oh yeah, this site wants to give you access but they want this kind of information from you. And in this case it was from our old alpha testing so we wanted to allow you to pre-order a hoverboard. And for pre-ordering a hoverboard the service needs to know your phone number so they can notify you your email address so they can also notify you and your hoverboard driving license. And with these informations they know that you're eligible to get a hoverboard and they kind of take your pre-order. Super simple process you know what data they get you know that they don't get your address as well. You know that they don't get whatever else as well. And in the kind of provision we have you will also say that if you can't fulfill the order in a year please delete the data. And you can send this information with it as well. And yeah, I think that's basically what I wanted to present to you. This is just kind of a really busy slide of things where you can use the software identity and there's really just as many use cases as you can imagine where individuals, organizations or things have to interact with each other so basically every single use case that meets this identity protocols that are currently developed and this is for example data marketplaces pretty popular right now places where you can rent or sell data packages that you produce or that you co-produce KYC business models currently they are really hard to run especially when it comes to setting them up easily and to have the onboarding taken care of. But just imagine you have your KYC done once and then you can just do it again and again. I mean talking for the context of ICOs just imagine you don't have to go through each KYC process for each ICO but just go through one ICO KYC process and then take these kind of verified things with you and then blockchain business cases and use cases I mean in many cases you want to trust enabled by the blockchain and business models where the intermediary is missing but even if the intermediary is missing you want to know that these other two actors that remain can be trusted and for that you need to have sovereign identity especially if you don't want to just have an anonymous wallet, talk to another anonymous wallet and then voting also classic kind of blockchain use case then reputation building like these kind of identities can build up reputation over time and then the last point is GDPR so there's new privacy law coming into place coming to force on the 25th of May this year that is basically forcing every company that is making business in Europe so not just the situated Europe but making business in Europe with the laws that allow users to have more control over their data and meaning that you have to minimize the amount of data you send to the necessary information that is required to actually run the service this means that you don't have to provide 10 different details about yourself if they just want to send you an email just because that doesn't actually match to their service this is also causing problems because there's also the right to be forgotten and the blockchain is a mutable lecture so we have to figure this out but that's the part of the stuff and things we also think about whoa now it doesn't move anymore sorry but I'm actually at the end so thank you very much I'm happy, sorry I'm happy to have any questions being asked I can't hear you very well but I don't know how is it for the live stream? are you still running in the room? there is another mic I can hear you better and also the people in the live stream can hear what the audience is asking me that might help my question was having multiple identity in a way it increased also the privacy I'm not giving the same email because you're all coming alone to have multiple identity it's like all that and they share a different identity it's also like an idea it's not like giving the whole like or like I said I can give this email that email is it like an allow? absolutely I mean that's something that I kind of touched on in the presentation but maybe not in enough details I'm just happy to explain it now there is this statement from Zuckerberg it says a person that has multiple identities it's just a sign for lack of integrity which I don't agree with at all I think it's important that we can have multiple identities but this doesn't mean that you don't have one self-sovereign identity it just means that from this self-sovereign identity so from this unique you like you're a unique you and just because you present yourself as different kind of personas out there doesn't mean that your identity itself isn't unique so you can go as a pseudonymous actor into a conversation and still be sure that these people you interact with know that you're an actual human being so if I interact with you in a forum and this forum allows you to come blogging and the only thing they want is to know that there's humans engaged in the conversation I could just go with a very viable claim saying hey this person is a human you don't have to give your email you don't have to give your name the only thing you go and do to enter the forum is to say hey I'm at least a human okay so this is kind of what we're talking about it doesn't mean one unique single identity it's a very old Belgian Chinese shit but yeah so just like you have to think about having a public identity which around which would be like a trust or like a reputation etc what would happen if I would lose it like is there a way that I can easily recover it or I'm just like a sucker that I need to create so described so the idea of self sovereign identities is that they remain stable over time so that we want to provide an identity solution that is constant and that can always change throughout your life in the sense that new attributes can be added and attributes that don't really they're not really necessary anymore or that might change can also be changed but how we secure that your self sovereign identity is going to be there in the long run is that you can either have a backup is it ending up to be an encrypted file that also only you can open knowing your private key so it all comes back to you have to remember your private key exactly what happens if I just like lose it like when you lose your identity then you lose your whole reputation then you lose your identity for a short moment in time if you took care in advance because that's the whole kind of splitting your identity like splitting your private key into different pieces and storing them in different places so either telling some of them to your friends in a secret or storing some of them in a Swiss bank account and storing some of them in your grandmas closet and storing some of them under your back and then when you can at least give it 10 different secrets you can combine 9 of them or 8 of them put them together and you can get your private key back so you have to push to the dev team because I'm not into the technological kind of execution of this but I know that it's been done in other identity projects and that it's not too hard to actually do this so you can recover private keys but yeah this always imposes a risk the human risk of like digital security is always there so you have to kind of take care and you have to do it in advance so there's some kind of and that's a problem of self sovereignty you don't as a self sovereign identity holder there is no one there for you that is going to say hey I'm the state I give you your identity back because I have your birth certificate in some central registry if you kind of lose this identity that you created for yourself in the moment you create the identity in this app it's created within that and it will send some kind of information to the app and then out of this something it creates but it's really just you controlling this so it's also you who actually has to take care of it and that's a problem right like we have to design the interface the app with which you manage the identity in a way that everybody gets this in a way that everybody is really aware that they have this responsibility for their identity and that's a new kind of concept so you don't have to worry about this like 60% of help center requests are password requests and this doesn't work with self sovereign identity you can't write an email to your local and say hey guys I lost my private key and then we go like yeah shit what shall we do that was the purpose of the whole product yeah you have to start all over again the good thing about self sovereign identity is that you create a new identity and then yeah it's a lot of work building up the reputation again verifying your ID because you still have an ID given by the state that you verify on your self sovereign identity or you still have the driver's license that you can get from the public service and then verify it and so on so you can kind of rebuild it but to avoid this whole trouble and also to kind of keep the reputation that is associated with your self sovereign identity it is actually worth to say okay another backup this or like we imagine currently that in the moment of onboarding you create the first backup right because then it is not something that you can push to the end and yeah this is how we currently think about this but it's a work in progress and we're always in this really important mention here we're an open project so we're happy everyone here in the room and also your friends so like go to the person that is most important you think and tell them you should join or help and because we want to see this evolve as an open source project and this doesn't just mean code but this also means thinking philosophy like just ideas right so the worst and most tough questions are the best ones to ask for us and if I can't answer them I'm just happy because that's the moment where I start learning right so please just like push hard questions so when I think about identity it feels like it has to be something like TCP IP like it's not something ABC it's just a protocol that everybody uses that don't as an owner so as a start up okay you are open source but what do you imagine what do you become like because I don't think it becomes something like that it won't probably it will have a name but it will be something like protocol again but as a start up like how do you see yourself like are you business how do you make money or do you become that yeah thank you for that question that's important yeah we see ourselves as a business but we don't see identity as a product so and that's kind of tricky thing to explain maybe but we are as YOLOcom we have the kind of shape of a company like we are at EMDH and we too kind of also kind of reassure ourselves that we are a trustable body that people can trust in that we build like the product we claim to build so that we don't build something kind of sneaky in is open source that's one way of kind of making sure that we don't build shit and then sell it as good the other way we try to fix this is by having a foundation having a veto right in our company so the moment our company would go away from actually delivering the product we want to deliver this company would basically kind of use their veto right like this foundation so that's a kind of legal standpoint of which we as a company sit but just as I said before we wish that this is an open system right like we right now we use the DID spec that is developed by the Decentralized Identity Foundation which is a kind of global foundation that is like came together last year to start bringing the standard debate on right and there's different other self-sovereign identity startups involved there there's also Microsoft and IBM involved there and many many others because everybody understands that identity can't be this kind of close product or one company or one name right it's about having a protocol and the same is true for verified claims verifiable claims are also kind of open process that everybody co-designs the challenge is to build something right from the start that incentivizes the whole ecosystem to basically work together and also to make use of this new possibility for identity and we're still trying to figure out which way of incentivizing different actors within the ecosystem works best especially as we say it shouldn't be a product right so we don't want to become an identity marketplace like I think that is one of the big problems that right now many people understand self-sovereign identity as a product that you kind of create or keep alive by just like moving tokens around necessarily work like the identity itself should be completely independent from the market logic and the protocol itself should also be independent from the market logic but at the same time the ecosystem provides value right and this value in some way has to be kind of yeah like paid by something and then you can either have payments the old way so you get your passport verified and you just transfer classical currency to that service or you can have a system in which more complex relationships can emerge so imagine you have a driver a car sharing service right right now they pay 10 euros to onboard customers because verifying the driver's license and other stuff just actually takes them a lot of money because real human beings have to click okay that they see your driver's license next to your face in this funny video that you have to film and this is an investment that they have to pay upfront before knowing that you will use their service often enough to get this investment back and before knowing that yeah basically like that they had you as a customer at the same time for you as a user it keeps you away from registering to other services as well like you just enter the part like you exit the party where you didn't dream because you use a car sharing service and so you exit the party and you see a car to go car but you only have the driver now account right and in the system that we imagine just like getting an account for this new car sharing service would trigger an event in the background in which the first car sharing service that paid this upfront cost can say hey I have this thing verified once that I paid for a visit that amount of money so can you reimburse me for a part of it and this way your onboarding costs go down and my onboarding costs also go down so these kind of new more complex relationships between services in the background they could be imagined right and they should be built in a way that really truly disconnects the identity from the market level service interactions going on because the main challenge and that's important for protocol thinking right is that we stay on high level with services and verifiers the moment verifiers and services get too much power over our software identities we kind of back up a start so we're kind of really like right now trying to figure this out and also happy about any thoughts on this because it should be a collaborative effort just another follow up question so again when you lose your keys you say yeah it's a hard situation why not connect the keys to ourselves like kind parameters like your finger your voice and if you have two of them is that a process like that I mean this could be a thing right now we as YOLOCOM decided that certain level of like yeah let's say biometrics are not for us yet just because we want to look into it deep enough to say okay we see this as the solution right now I would say like I personally don't trust most biometric systems out there and I don't want to just like put my whole identity to having my face, my finger and my eye or whatever being kind of known but yeah probably I mean this is just a way of also kind of kind of connecting these parts of the secret to your personal kind of characteristics but I yeah I don't know I don't have an opinion of this so I could just make something up now but I don't alright I have several questions the first one is about one identity why have only one identity for example more and more people for example I asked him for my first date I signed up on the PlayStation Network the other day they won my first date why so of course I like but at the same time I need to remember my life I need to remember because he asked for my if I forget my password I also like the password if I need to remember that you see takes forever I would like to have several virtual identities I think I get the question you have and this is a challenging thing right because what we currently build and the kind of ideal situation we build this perfectly true system where you only build everything and you interact based on the truth but societies live from the ability to lie to some extent I mean there is interactions like buying a house or marrying someone where you would probably like to know that it's actually the person you marry and this identity is kind of true I mean there is these interactions where you just don't say I don't give a fuck but does the PlayStation Network have that kind of proper interest in knowing your real birthday I mean they just want to send you a 10 euro voucher on this day or maybe they want to find out if people born 40 years ago have a different playing behavior than people born 30 years ago but this kind of level of detail of having your personal birthday known isn't important to them so the question is if the identity system we build allows for these kind of little lies if they allow for these unproblematic inaccuracies I would call them PlayStation needs to know your proper payment address and they need to know that you're an actual human and maybe in order to have law enforcement go against you if you don't pay they need to know your actual address but everything beyond that could be subject to yeah, lying why not that's just the question of if the system is designed well it allows you to have this kind of eye level interaction with the services and then kind of protected by the GDPR if you stick to your European citizen or engaged with the thing you do inside of the European market you have the protection that they're only allowed to take as much information from you as they actually need to provide their service and then they have to actually really provide a good reason why they need your exact birth date otherwise you can sue them because then they have to pay 4% of their annual turnover which is a hell of a lot of money that's why I disagree my birth date is actually very valuable to them because they can do analytics and things like that and this is why Google is free Facebook is free because this kind of detail lets them run different kind of algorithms and then they can sell this algorithm to interested parties and that brings me to the core of the question which is really how do you plan to push back because more and more people if you have this app that has a lot of information about me ok, admittedly available mostly I'm in control but I will be forced to share and I will be always like they will try to entice me with sharing more and more data if I cannot have a way to lie in the application how can I safeguard that privacy while still enjoying their services this is kind of a prisoner's dilemma situation because in the first place you might agree to some extent of cooperation and then you're in this lock in where you in the long run basically use because you're powerful within the clients and I totally understand and I think in a non-GDPR world this would be the case and outside of Europe I'm not sure how you can technologically solve this I mean I just really don't know how you can technologically solve this problem of this balance of power that we have here but having the right of the GDPR in place that requires a service to really just use the information they need to provide this service they give to you this is not, and that's the problem in business models like Google and Facebook that you're not the product like you're not the customer you're the product you're basically a harvested piece of data that produces more and more pieces of data like you're like a cucumber on the field that is just like growing over time and then it becomes hard to argue for someone like Facebook and Google that to provide their service to you the cucumber they need to know everything about you I mean this is just a question of how it evolves over time but as here product and service and these kind of things kind of mismatch I think there's a strong argument there as soon as the law is in place yeah so I mean I wish I could share your optimism about the said law I, you know privacy laws existed before that never prevented other people from going around that in fact you can be sure that Google's lawyers helps to break this law so they are like workarounds the last question let you go this is a mobile app which means you are running a platform that cannot really be trusted do you plan to do something more like for example in blockchain technologies you have what's called hardware wallets something that is secure actually yes so we just did this last week like the first integration prototype level that we have a hardware token hardware wallet that keeps your product key and also doesn't actually move it outside of the hardware part this is totally there the question is can you convince every single person to use a hardware wallet I mean right now the kind of challenge we have is that we need to incentivize the ecosystem and get people like random everyday people to use that sort of identity and to benefit from it and to start getting used to it for this you can't make everyone like you can't force everyone to have a hardware wallet that's just really really a high entry barrier I mean we had an earlier kind of version of our solution where we required a personal server and you had to set up a personal server and even kind of made it really easy for you right like we made it super easy to set up the server very easy to also do the payments for it which is like I think it was 3 euros per month or something so it was very cheap as well but at the same time it was clear that only if you're super super concerned you can actually like you will actually use this service but we as you look home we said whatever emerges in the self sovereign identity space it has to be usable by everyone and it has to speak to everyone and it has to speak clearly to everyone and has to like while using it educate people about the potentials of it about the risks of it the kind of responsibilities that come with it and so on and this as such is already quite a heavy task right so we offer and in the long run that's going to be the case and we already kind of tried it out just last week that you can have this extra security like this extra piece of trust that you have in the sense of a hardware wallet but we don't make it a necessity like it's kind of the extra security at all that you can have like LED panels or LED panels are really really bright sorry but I'm kind of in this direction everything else is not possible I have a little disability question so your on the website you would want to access or the service whatever it requires your application or requires an application on your phone where you have this private key what if you use your phone or you don't have it with you in a foreign country and you want to access some services like your email or your bank account how to do that in that moment where you don't have access to your phone you just forgot it at home and you want to go to an internet cafe or use a service very interesting question I must admit I haven't thought about it one way of thinking about it could be that you have the hardware wallet and you have this with you sorry easy answers to kind of hide no, I haven't thought about it I guess by accepting security problems you could kind of just run your backup that you might have stored in the cloud and activate it with your private key and then you also have to trust the device you run it on so if you trust the computer in the internet cafe then it might work otherwise there's this kind of lock-in like your identity is found to your phone so services you interact with your identity require you to have your phone around otherwise you might still have your copy in the form of a regular passport or a private license as a plastic card from your old school wallet and then you can use this instead I'm sorry, I don't know the question was to create some kind of web-based solution where you can access that's the whole point of having a non-cloud-based sovereign solution sorry, the data is stored on the blockchain or some ledger, right? no, the personal data is stored on your phone we strongly encourage everyone into identity to not store personal information on the blockchain it is useful to use the blockchain as a public storage for parts of the interaction going on, right? but it's not very useful to have it as the storage of the attribute so I wouldn't put my bank details encrypted on the blockchain just because there are still risks associated to it and it's not worth taking these risks okay, then my question would be how do you communicate or which parts of the transaction that transaction require the blockchain? if it's okay, I would give this question to the DEF team that is present today it doesn't happen any time so this time I will use it the opportunity to have Casillas speak about this if you like so basically what we store on blockchain is so the identity actually consists of two parts the first is identifier which identifies all the other data about you so what we store on blockchain is basically the reference with the DAT and the reference to all your other data that's it that's the answer to your question maybe but if it happens also do all the ecosystem that's another reason but you don't want it there yeah, the private information that I shouldn't be at least right now what we do is we only store the public part on the blockchain and we store the rest in IPFS which is like a database is our blockchain going to be updated or are we going to do more of it? yeah, but every time I mean it's a miserable part like every time you change something it's going to be updated in your implementation how can you talk about blockchain in a way I mean the data for example we store on blockchain it can stay there it's just a reference that becomes invalid until you update it so I wouldn't say it's like it's not a correct thing so I guess it depends on how safe I store it so what I would like to say is keeping the data from the blockchain that the guys are actually suggesting in a way it's immutable, it's going to be always there it cannot be easily updated but if you like storing it in IPFS in your solution you can easily update it and you can easily remove it that's why storing the data on a blockchain is not something like that the reason I'm bullish on the data on blockchain is that I don't see a future where we still use hardware books like we don't it's definitely from let's say five years, ten years so our identity will be defined by our physical body or some method that we're going to store so at that point we're going to have to store something other than an O or a key but at that point somehow you'll store some stuff so it's not a matter of if but then at least from my perspective that's why I was just trying to that's a good point but I would say that for now we just focus on a solution that can be easily adapted and like biometrics for example is something that we might think about later because for now we just need to be in the end there's just one more point of biometrics so with the solution we currently have or envision and build the really nice part about it is that you can leave it home and forget it when it's your biometrics and when you can rebuild your identity based on these kind of different things like thumb, the nice and well then if you get into a situation where you don't want to disclose your identity you can't so you still have this like bit of autonomy to just throw your identity away and get it back at a later point just imagine you're fleeing from a country and your identity is found to fully your biometrics shit I mean just like that's a problem so it might be useful to have these two things separated to give you the freedom of not always being your biometric in every situation you might encounter might be a strong argument against biometrics I'm not sure I think now any last question or should I just say thank you for some quite challenging questions today thank you for your time