The ethical dilemma posed by Decentralized Identity

And how to solve it, in theory and in practice

Identity systems have traditionally been hierarchical directories. In organizations, central administrators define the rights that each user (or group of users) has on the system. And so, they need to know who the user is.

One the internet, nobody knows you’re a dog

That’s a big problem to solve, famously cartooned by Steiner in 1993: “on the internet, nobody knows you’re a dog.”

Since 1993, the internet has taken the world. Identity and Access Management (IAM) systems know span a wide variety of uses, that include customers too. Privacy regulations define what is allowed and what isn’t, as far as individual data processing and storage is concerned.

Most of these systems are still very much centralized. Since passwords are creating large security gaps, protocols such as OAuth2 enabled the reuse of social accounts. People login through facebook/google/github/etc. The obvious downside is that those large networks get to know everything you authorize.

As a result, an internet of behaviors (IoB) is emerging, as many technologies capture and use the “digital dust”…