 In an age of increasingly ubiquitous government surveillance, security breaches, and high profile cancellations in which internet giants have ultimate control over users' online profiles and data, Microsoft is helping to build a technology that would give individuals ownership rights over their own virtual identities. The mission of the ION project is to build decentralized identifiers or DIDs that can serve as the anchor point for all our activities across the internet. To achieve this level of decentralization and immutability, ION is built on top of the shared database that's used for recording bitcoin transactions, which is known as the blockchain. Though Microsoft is contributing most of the work, the company would have no control over who participates in the system. If the goal of bitcoin is to eliminate the power of central institutions over money, ION is trying to do the same thing with online identity. Daniel Buckner, a self-described libertarian, is the project lead for ION. Reason set down with him at the Bitcoin 2021 Conference in Miami to talk about how this technology could usher in a new era of hyper-individualized online identity and privacy. Explain what a DID is. Yeah, absolutely. So if you're familiar, everyone's familiar with identity systems today. I mean, use them pretty much all day long in your digital life. Some of the good examples of a digital ID today, a centralized one, are app usernames where you log in with a username, password, social auth that's usually backed by an email address. And those forms of IDs are essentially leased to you by companies, right? So when you see all those login buttons all over the web, that's sort of a symptom of the disease. The idea that you need to be calling into these other authorities is to essentially prove who you are in the digital world. Much like Bitcoin and having a Bitcoin address backed by strong cryptography allows you to own your own monetary value, ION enables you to own your own IDs. So you can imagine an ID, it doesn't look like an email address, but it's wholly yours. You can potentially log into websites, you can get credentials issued to you that you control and you're the only one who can prove this ID and no company owns it. So there's no case where someone shuts down their email service and then you lose access to that ID or lose the ability to log into certain services you've associated with. What is this used for? Like currently now, how is ION operating and who's using it, how much? Yeah, so we recently announced a public preview of Azure Verifiable Credential Service. And the first use case of Microsoft really is credentials. And what credentials are is anything issued to you by anyone. So we think a lot about like diplomas and workplace credentials, proof that you're an employee. These things typically have been nascent. They don't exist in a way that you can go improve it to someone else. When you get your diploma, it sort of hangs on the wall more of like an ornament than anything that you could really go improve. And that's bared out by looking at LinkedIn and you see all these people's profiles, you really don't know, did they go to that school? Like is any of this information true? What Verifiable Credentials and DIDs together do is allows you to, for example, go to university and get a digital credential signed to an ID that you can then turn around and prove in a standard way to everyone in the digital world. And that's a huge leap. So that helps cut down transaction costs, right? Because it's kind of like an instant credit check. You are who you say you are and all of the things that you say about yourself to the extent that people are going to want certain things to be verified like address, education, skill set and stuff. So it just kind of eviscerates the need for figuring anything out. Yeah. It definitely is a business optimization in the sense that what we've seen is the digitization of a lot of different industries. But identity, for the most part, human identity has remained paper-based, analog, long processes. And you see that all the time, right? You're still filling out paper forms. You're still showing people these things. What we're doing is saying, let's bring identity to where the rest of the web has already gotten over the last 20 years and really advance things. What are the primary sticking points to having this type of thing more widely adopted? So really, it's getting people accustomed to services where they're ultimately in control. And obviously, as a libertarian myself, I think that's a great thing. I want people to be more in control of their digital lives. But it also requires more responsibility and awareness. Because most of the services today, you always have this bailout button, which is like email, recover through email or something of that nature. You don't have that. At the end of the day, an Ion ID is wholly yours. There is a loss condition where, just like you could lose bitcoins on a hard drive that you mistakenly throw away, you can lose DIDs. Now we're doing all we can to make the interfaces more human and make retention of those things easier. There's some sort of custodial technologies you can set up around that. But UX, I think, is the challenge, is the principal challenge. So I mean, you could concisively, just like you could lose your Bitcoin, you could lose your identity. What would happen in that? Well, you can lose the keys that back a DID. And it's not like you would lose all of your identity, right? If you had your data synced to your device, you'd still have that data. What may occur is you would have to go get another ID and sort of reacquire proofs or import data over. It's sort of like you've done with the browser. If you start up a new browser, it goes and grabs your bookmarks. It's not a process that is like total loss, but it's obviously a hassle. Can people have more than one DID? Absolutely. In fact, that's encouraged because what we don't want is to create a super cookie where you're using the same ID everywhere and then essentially being tracked and correlated. What we call them is like peer IDs where I might create an ID just for a relationship. Like I meet you at a conference and maybe I don't want to disclose my widely known public ID, kind of like a Twitter handle as it were to you. So I create a DID just for this relationship. And I can always upgrade that over time. After we establish trust, I can say, hey, I want to give you this ID that's well known in the world now that we've had this But does Facebook say, one of the ways that people kind of expedite new experiences online is by logging in with Facebook or with Google or whatever. Are those companies happy at the idea that you will now be able to seamlessly show up and present an ID that doesn't then on some level give them either notification you're doing something or actually access to whatever data and relationships you're creating on a different site? Yeah, there is going to be a higher degree of privacy with DIDs when you're directly proving that you own an ID versus having an intermediary as an individual anyway. And yeah, I think there's businesses that are going to need to change how they model their services, change how they see the user, maybe the relationship with the user. So I don't know how they feel about it. Some of the companies you mentioned haven't really been in the standardization process while we've been doing this. But I think all the changes that they would make are good changes and beneficial to the user. What is Microsoft? The last time I checked is a for-profit company. Why are they interested in this? Is there a direct, will they get to somehow own the creation of this? Or what's in it for them? So yeah, Ion and the piece of the technology that runs the ID is not even Microsoft really controls Ion in the sense that they're going to dictate how the network works. It's pretty much a mathematical protocol. What they're most interested in, and most people don't know this, is Microsoft has a huge identity business that serves enterprises. So the vast majority of enterprises in the planet use Azure Active Directory. And for them, they don't see a DID any different than they would see like social login or auth, which we also support, because at the end of the day, in a corporation, you have to have some system that manages roles. So if we move to a world kind of like we did with phones where you step two phones and you have your work phone and your home phone, if you were to bring your own ID, you have one ID for your work, they don't really care that it's a DID or some other ID because at the end of the day, they're going to issue you a credential saying, you're this level manager. So that system is not threatened. Our core business isn't threatened, but we do get to expand it by going into digital credentials and certain other things that are just whole new lines of business. Just to make clear, because I have an English major's brain. So you have your digital ID and then a company where you have stored your cat pictures goes out of business. My idea is not necessarily going to allow me to get to that, right? Because that's on their servers or under their terms of condition or what's going on with that. Yeah, it's great that you bring this up because it kind of introduces the other really big component that we're working on. Not quite ready yet, we're hoping soon. You will have these personal data stores, which are coined identity hubs at this point. But what that really is, is when I talked about the IDs doing two things, associating keys and endpoints, where is that endpoint going to point? Is it going to point to a centralized server? Or maybe it points to a personal data store where apps start storing data with you. And that data store is synced across your devices, different clouds. And so a company moves from a model of I have my own centralized app database, and that's where I put all the data, to maybe actually just store the data with you. And there's a continuance of that so that you never really lose access. And so then who would pay for that? I realize we're talking hypothetically, but it's basically you would then be using the service in order to fill up your own storage lock. That's correct. Now, this is something that there's definitely economic modeling around. But for instance, like OneDrive, the product that we have that does storage today has a free tier. We give five gigabytes or something like that away for free. And there's other services like email that we do for free. And you can store and encrypt the data in OneDrive. You can encrypt data and then push it up to OneDrive. And OneDrive doesn't care about that. So it's my belief, and I think our belief that we're going to be able to support levels of storage and utilization that at least will get you going. But that does imply a lot of responsibility on the part of the person that you're kind of putting stuff where you can find it or in that you're keeping it up to date and things like that. Well, so it's really driven by these client wallet apps. So if you're, let's reimagine a simple use case. I have this to-do list app that it currently is a run by a centralized company. And when I type in my to-dos, it gets stored with their server. What we could see tomorrow is you load up just a regular web page and that web page asks for access to your personal data store. So give me a DID and let me access some storage. And then the data is stored with you over a standard set of protocols that we hope and we'll be working on baking into the web itself. So when we talk about the nuance of managing these things, you'll have things like browsers for your identity and this data that make it as seamless as it would be loading a web page or navigating a web. Why build on Bitcoin? Yeah. So it's an interesting question. For Ion, we have to have a system like Bitcoin to essentially anchor this PKI network. And when you look at it from a really objective angle, what we saw was a field of possible options, but Bitcoin clearly has the most security, the highest degree of immutability and other really critical aspects that make it the logical choice versus other systems. Does this intersect at all with the idea of people being canceled out of certain types of accounts or certain types of platforms? How does it intersect with issues about that? Yeah. So one of the benefits of self-ownership of your root of digital identity, the ideas themselves, is the idea that maybe in a future not too long from now, we could have ideas that that's not such a problem. Because let's take Twitter for an example. It happens all the time. For whatever reason, people's accounts are suspended or anything. And sometimes maybe some people think it might be justified or not. The reality is that because we've commingled identity with centralized accounts, we've created this sort of problem for ourselves, where if someone says something we don't like, the answer is to sever their identity, their identity online. And we could move to a future where if someone's following your DID instead of a Twitter ID, you don't have to make that choice. You can say, as a service, I don't want to host your content, but I don't at the same time have to like delete your ID. And that's a really important distinction. I think it's going to be better for users in the long run. The government's attitudes towards Bitcoin, towards cryptography in general, distributed, decentralized, anything is generally negative. It's getting more intense in the Bitcoin space, both within the US and certainly in places like China. What's the government reaction to all of this? And I guess if I might add, they're the ones who give us the most important identity documents that we have. As bad as things like the vaccine card or your social security card, you only get 10 of those in a lifetime. If you lose more than 10, you're shit out of luck. I don't know that. But it's on a piece of paper, type Britain. It's ridiculous. But what is government thinking? Yeah. So you said something in there that's really important, which is a DID when it's born is just an identifier. It has no lineage, it has no proofs behind it. You don't know if it's a dog on the internet. The reason why I don't think these institutions are all that scarce, they still remain authoritative for what they do. Just because I have a DID and I want to self sign myself a credential that says Dan can drive at age 10, it doesn't mean that that's going to carry it and have effect. So the DMV in that circumstance is still the authority that would give you the credential that enables you to drive. And so from that perspective, I don't think they're particularly threatened. Would there be in the same way that say like Amazon Web Services has kicked off certain companies because they don't like what those companies do? Would that be happening in something like this? Would somebody who is processing a digital ID, might they say, we don't want to work with you because we know who you are and we don't like it? Yeah. So the interesting thing is that much like the Twitter example we gave where maybe if someone's following your DID, you retain your contacts and your relationships and that's separate from your content. We kind of went into the fact that your content might be hosted in these digital personal data stores in the future, which does give you a high degree of freedom. If your infrastructure for your users that you're storing data with is with them, you're not always sort of yoloing it into some giant silo. And that gives you a lot of resilience as a company. And to talk about that in sort of a more friendly way, like resilience is great. The idea that you can push a lot of that to the edge allows a company to say, if Amazon East is down, my business doesn't grant you a hold because my operations are effectively decentralized. So there's a lot of benefit there to companies as well. An early dream of the web was to be pseudonymous, not necessarily anonymous, but pseudonymous. You could be whoever you were, whether it was a dog or whatever, but be stable over time. A big draw of Bitcoin and of blockchain is the pseudonymity of it. It's not really anonymous. Does that play out here? It seems to be at odds with the idea of a digital ID that is absolutely unfalsifiable. So yeah, actually, this characteristic is preserved. So we talked a little bit earlier about how you wouldn't just have one ID. You probably would have hundreds, maybe even thousands. What that probably is going to shape up to look like is you will have a couple highly public IDs, like your Twitter handle, something that you want people to see. You're going to publish content you wanted associated with you as a person, things like you'd publish your resume against. And then you're going to have lots of other IDs for these connections that are pseudonymous. The DIDs themselves don't contain anyone's real name. They're essentially 32 bytes of garbled nonsense. So from that perspective, when you hand someone a DID, all they know is that you can prove that you have the keys that own that ID. And then it's up to you what you exchange and what data transfer between you. So in that sense, yeah, you can meet anyone out there on the street or on the internet and strike up a relationship and keep that relationship as pseudonymous as you choose. So it sounds like catfishing at an exponential dimension. How, talk a little bit about your work history. You're a hardcore libertarian. You worked at Mozilla before Microsoft. How did you get involved in this particular project? Or why is it so exciting to you? Yeah, so early on at Mozilla, kind of in the first half of my career there, I started thinking about just how apps were built. And you started seeing some pain points for developers. Like the serverless revolution was just kicking off and that's still kind of going strong today where developers have this need where they don't want to run a bunch of infrastructure. They would love to write apps where they just write the app and then, you know, data storage with the user. And then, secondarily, it's like, I wanted control over that data. That's obviously a core tenant of my personal feelings of libertarianism. To have control of your digital life like you do your physical life is something that mattered a lot. So I started exploring it a bunch at Mozilla. And then as I fell down the rabbit hole, it became clear that I had to go find a place that could incubate this. And the logical choice, oddly enough, was Microsoft because they just have such a huge footprint in digital identity that pitching the ability to expand their business lines is a positive. And it's a great place to kind of grow this technology. How did you become a radical libertarian? And how do you define radical libertarian? So I would say that when I was younger, early adulthood, somewhere around like 19 years old, I was still sort of conservative, very socially liberal, but I guess slightly skewed towards conservative because my parents are. But then I just started seeing how both of the major parties were just so similar. And I had this feeling inside, right? Like when I would see strong positions taken by their one, it just didn't feel right because they were sort of dictating other people's lives. And I had no desire for that, right? I just don't. Was that just an inborn desire? Or, you know, I mean, you were born that way. Well, I mean, I just, you know, I'm a big fan of like minding your own business. And I just it's hard for me to wake up in the morning and think to myself like, I really want to set out today to dictate how people live. As long as you're like Ron Paul was saying at the Bitcoin conference this morning, as long as you're not hurting anyone and, you know, you're not committing true crimes against folks, like you should be able to live how you choose. And that's initially what drew me to libertarianism. You know, how is it like being a radical libertarian who wants to leave people alone and working in big tech, working at a company like Microsoft where you hear these, you know, growing, you know, kind of horror stories about people saying, no, it's not enough that I get to live my own life as somebody somewhere is living in a way that I find repellent. We need to stop that. I won't say it's easy. You know, certainly in terms of point of views, I'm a minority in that sense, right? Like I hold a minority point of view, not many people that I interact with in my career are libertarian like myself. But, you know, that's the challenge. That's the challenge is proving the cause of liberty to people and articulating it in a way that they want to come aboard, right? And so I've kind of looked at it that way. Like, you know, I do everything I can to engender myself positively to folks that I work with. And hopefully, I get maybe an opportunity to talk to them about liberty and the foundations of that and maybe change their mind. Are you optimistic looking over the next few years that tech is going to be a sector that is kind of increasing human freedom or is it going to be one that is kind of trying to control it and regulated for its own purposes or that the government is really going to be moving into? You know, it's a tough question because I don't know that we know the answer. I think at this point, we're sort of on a precipice and it could go either way. Digital life affords the ability of certain institutions to potentially, you know, really clamp down on certain areas of your life or free it. And I think that we, anyone who can, right, who's technically able and liberty minded has a duty, really a solemn duty, to kind of step up and try and make sure it's the better. So you think this, the kind of digital idea, is that a way around what some people call surveillance capitalism? Well, absolutely. And Sati even talks about this a bit, about the, you know, surveillance capitalism being a huge problem in society today. The idea that most of web revenue is generated through ads and it's really just about making you the product. That is something that could potentially be helped by DIDs. The idea that you retain more private connections, that I could send encrypted messages potentially between people, that is really a sea change, right, from the web of today. So I do think if we play our cards right that we can get a more private, freer future.