WBD107 Audio Transcription 

WBD107+-+Interview+with+Daniel+Buchner+(Banner).png

Daniel Buchner on Why Microsoft is Building Decentralised IDs on Bitcoin

Interview date: Friday 17th May 2019

Note: the following is a transcription of my interview with Adam Back and Bryan Bishop. I have reviewed the transcription but if you find any mistakes, please feel free to email me. You can listen to the original recording here.

During blockchain week in New York, Microsoft announced the launch of their decentralised identity programme which will use the Bitcoin blockchain to create user identifiers. In this episode, I talk with Daniel Buchner, who is leading this initiative at Microsoft, we discuss the culture at Microsoft, how decentralised IDs work and the ethics of using the Bitcoin blockchain for non-financial transactions.


Interview Transcription

Peter McCormack: Hi Daniel. How are you?

Daniel Buchner: Good, doing all right!

Peter McCormack: Thank you for coming on the podcast. Obviously we've spoken for a couple of weeks about this and it's been quite exciting to get you on. You obviously had a huge announcement today, which we will come to, but I want to know how a voluntorist libertarian ends up at Microsoft?

Daniel Buchner: Well, I started at Mozilla before Microsoft, I was at Mozilla for about five years and there was a really accepting culture there in a lot of ways. But I was surprised at how accepting folks at Microsoft were! It's a really mature work environment and as long as you do the work, it doesn't seem like they much mind who you are as a person, which I thought was really cool. So this is a really diverse work group and I've never been anything but accepted, so I was a little surprised too! But that's how it is.

Peter McCormack: What is your background? What led you up to be in... Well you say you're a libertarian, but you're obviously a Bitcoiner as well.

Daniel Buchner: Yeah, I first bought Bitcoin in 2011. I had a buddy that sat next to me at Mozilla and he was more into it than I was. I just got into it because of him and he said, "hey, it's this cool system" and all the things we always talk about, because we talked about economics a lot, "it has all these attributes!" So I was like, the dumb libertarian, who actually believes in all of the underlying principles and the sort of value type stuff. I did not buy a bunch.

I bought a paltry amount to play with the technology literally. Enough that it was cool having a little bit extra money, but nothing in the riches. So I was really interested in it primarily for those reasons, like the actual technology, what it was capable of, even beyond money. I recognized that early on and that's been what I've tried to work on for most of my career since then.

Peter McCormack: What is your job at Microsoft?

Daniel Buchner: So I'm a product person who works on the open source side of what we do, which is most most stuff! So everything we do in relation to decentralizing, most of it is open source. We're doing that through the Decentralized Identity Foundation, that's identity.foundation.

That's basically an open source, patent free group that operates on the same IPR as W3C and everything's under Apache2. So the crux of my work is trying to realize some of the things that I've wanted to build for a long, long time and it just so happens that Microsoft, their interests are aligned for this new form of identity, we call it decentralized identity for various reasons!

Peter McCormack: And within Microsoft you talked about, this is part of the open source team or department. Open source hasn't always been something Microsoft has supported or been part of. There's been a real transition in where the company directs its resources where it makes its income now right?

Daniel Buchner: Yeah, it's funny! For many years, back in the 90s and early 2000s, Microsoft was definitely not embracing open source the way they are today. I think in the last 5 to 10 years, that's turned around completely. For a while I believe we were the number one contributor to Linux. We're still in the top three in terms of open source contributing orgs, if not number one.

So for a lot of years I think they've done the right thing across the board and I think recently under Satya, he has been transformative and I mean he really does do what he says. So it's not just in word, but you can actually tell in the company the way that people act, is in accordance with the things that he's saying externally.

It's turned around completely. I feel like we're thinking open first, in so many more areas and I think that's going to be hugely beneficial to the company in the long run and hopefully to everyone else out there who uses the stuff we build.

Peter McCormack: So has that been a huge cultural shift within Microsoft?

Daniel Buchner: I think it's really group to group. Certain groups, you knew they were always... They actually had an open source org and we still have one and obviously they understand it very clearly. But every product group and division kind of operated a little bit differently.

Some were a little bit more close source, maybe they just weren't exposed to needing open source stuff. So it takes a little bit when people don't have that muscle built, to get them into that. I was really familiar with that obviously at Mozilla, because that's all we did! So when I came in it was a little bit of enculturating people to that new way of thinking.

Peter McCormack: Okay. Well listen, let's get into the announcement because it's kind of a big deal. Just the name Microsoft alongside Bitcoin is a big deal, but actually what you're doing is really important. So do you want to just explain the announcement?

Daniel Buchner: Yeah. So in this larger effort, decentralized identity, what we want to make possible is for people to own all aspects of their identity and control really sensitive information in their lives. Something that we just don't have today, that we've lost really on the web. The web has centralized over time and we see this as a series of components that we're going to try and help deliver in collaboration with others.

That's everywhere from the identifiers you use, which is the topic of the announcement, to how you store and encrypt your data and how you exchange it with people in privacy preserving ways. So this announcement really centers on the identifier portion. So we've been working for a while with a number of individuals in the Decentralized Identity Foundation, the W3 credentials community group and with other people that consult us on occasion like Christopher Allen, on the principles of DID.

This new thing called DID, is decentralized identifiers, it's a spec in the W3C. It basically sets out a format and kind of a framework for creating IDs that are owned by you, as a person. So today we have email addresses and we have usernames, things like that. They're given to you by companies and those companies, whether for purposed for or reasons like they just shutdown, where they want to eliminate you from their platform.

They can take those whenever they want and right now your data that you might lose is your cat pics on Facebook or something like that. But if we really look forward and we have true identity proofs, things that are really important to your lives, baked into identifiers that could be just eliminated at any moment for any number of reasons, that's a little bit scary! You talk about being de-platformed, but it's a whole other thing when the IDs themselves are the carriers of really, really important information.

So what we are announcing and we announced earlier today, is an identifier protocol I would say spiritually akin to Lightning. It's very different technically, it's not payment channels or anything like that. But it's layer two, it's trustless, Microsoft isn't a signatory, there's no validators there's no special protocol tokens required to operate it.

It's really just deterministic software that you can run right on top of Bitcoin. It uses an underlying protocol that is chain agnostic, but this one is adopted for Bitcoin. I'll point out that there are groups in other communities like Ethereum, Transmute being the lead in that area, that are adapting it for Ethereum. So Microsoft, we're supporting this Bitcoin variant, we're supportive of the other ones as well.

But I think that the point to get across from us, is that we really want the outcome of decentralized identifiers and that's what we're wanting to back and I think that that is really these public permissionless networks. They were good at this thing, that makes decentralized identifiers possible, since the moment Satoshi flicked the switch.

Peter McCormack: What is the interest for Microsoft in doing this?

Daniel Buchner: If you think about it economically, we don't derive our money from the same sources as some of our competitors. It's highly diversified. It's across a range of products. Those products are typically thought of as yours anyway. So we want a world where people can own their own data, where they can be the masters of that domain.

For us, we see actually a ton of benefits, it's not just all altruistic, there's some corporate interests there. Just think about if the data in certain networks became more trustable. There's LinkedIn. It'd be great if you knew that someone actually did go to school at a certain place or with certain interactions with Airbnb that there was a health code check or a structural check on the house and you can actually relay that in digital means, that are there instantly verifiable.

That's what these ideas make possible and we think that because we're already at an enterprise identity company, if we empowered users and corporations and companies with that sort of identity system, we can start making money in new ways, with these services that are built on top.

Peter McCormack: Thinking in terms of the user, do you envisage a scenario, when you're going to sign up to a website and you've got all the different options, you could sign up with your email or use Facebook log in. Do you see there being this additional option that exists, which will be some form of decentralized identity?

Daniel Buchner: That is what we're gearing up for! So we're working with W3C, which is the standardization body for pretty much anything that touches a web browser or web interaction. We are going to be working to have decentralized identifiers, the generic spec, something that W3C passes through its processes and gets ratified. Then also things like proof of control or authentication as some people might call it, where you can prove that you own an identifier to a website or an app and they allow you access, not based on some centralized username they provide you or some federated email based system, but an identifier that you solely control.

Peter McCormack: Okay. Is it something that you guys at Microsoft will build or are you giving people the tools to build it themselves?

Daniel Buchner: I think it's a mixture of that and other things that other folks will build based on these standards. So we're not taking the approach that all tools are going to come from us. In fact that wouldn't be healthy. I think that we're going to support a subset of the open source components necessary to sort to seed this new identity layer.

But we're also working with other folks, even competitors, because in this strange world of decentralized identity, no one wins identity! Or then it wouldn't matter. So we're not trying to win, we're just trying to make sure that it exists. It's kind of like we're interested in making really great phone calls and sending information over the telephone lines, so we're going to try and help put up the telephone poles and the wire. That's the kind of position we're in.

Peter McCormack: I guess though, at the same time, we don't want to get to a stage where we go to a website and there's 50 different options for...

Daniel Buchner: So that's what DIDs themselves, the DID spec and the proof of control, authentication stuff that we're going to work on, which we hope to be an open standard as well, just like FIDO is today. It's not going be NASCAR badges, it'll be login with your DID.

Whether you choose to route your identifier in ION, which is the method that we launched today, that runs on the Bitcoin Blockchain as layer two or other methods like Transmute's Elements, which is based on Ethereum or sovereign. Whatever the user decides, whatever trust basis, whether it's Bitcoin or Ethereum or sovereign, that's up to you and you don't see those names. You just see login with your decentralized ID.

Peter McCormack: I guess in some ways this is a very different model from a Google login or Facebook login whereby they monetize the data that's associated with your login. Are you essentially causing them a problem with this?

Daniel Buchner: Well I mean, I hope not. I hope that as good corporate citizens, that we can all agree that it's a better world when people have control of their data, how they use it, who is seeing it and do that in a way that's clear, open and transparent. So anyone who can get onboard with those attributes, I think we're aligned with. If folks don't, I think the impetus is on them to ask them the question why. Why wouldn't you be okay with that? I'm not saying that they aren't. With open arms I hope that they embrace this technology, because I think it's just good for people. I do think that you can still make money, I think you have to just do it in slightly different ways and you have to be maybe a little bit more upfront about certain things, but I don't think it's a bad thing.

Peter McCormack: Yeah I think Facebook might be slightly different because they recently announced that they're going to have a higher focus on privacy and it looks like the future of their business probably is in maybe financial products, less so in adverts in the timeline, because there are less people using Facebook. But Facebook being Facebook will want to do their own thing.

I think obviously Google is slightly different, but one of the other things about Google is I tried to remove all my identifiable data and to use Google and actually the experience degrades if they don't know anything about me or where I am as well. So part of that controlling the data that you share with a platform is going to be important.

Daniel Buchner: Oh yeah. So I don't think that sharing data is bad. Joe Andrews, he is a guy that works in the [Inaudible] that Chris Allen helped start up and that's sort of this event that you can come to, it happens twice a year before IOW. He's written up some thoughts around how data is rights. It's not property, it's rights and you should still be able to exercise your rights.

I should still be able to say in a privacy preserving way that doesn't disclose I'm Dan as a person, maybe my shoe size if I'm shopping for shoes or certain preferences. I want to do that because if I don't do that, I'm going to end up seeing a bunch of shoes that I don't care about. So I think it's about how we get to the same answer. Maybe we don't need to give our entire life away to find the right shoes.

Maybe we just need to give really targeted values that preserve our privacy and we can get the same outcomes. I think that's what businesses need to start being comfortable with, is not having this giant fire hose of random stuff to try and do isolated exchanges. It's more specific, it's more privacy preserving exchanges.

Peter McCormack: I think privacy is a real hot topic at the moment for people and it's a really important thing, especially with regards to the web. We have data hacks, we have various things that are tracking us, which can get quite sinister at times. I guess I've noticed there's a want from it, but I think one of the things that's been a problem, is that most people can't be bothered to do the work to manage their privacy. It needs to be led by a company like Microsoft to actually give us the tools to maybe automate it.

Daniel Buchner: Yeah, so we're definitely going to put tools in users' hands that make this easier, because you're right, at its base, these are incredibly arcane protocol exchanges. Things that if you are left to your own devices with those raw bits, no user, certainly not my mom is going to be able to jump in and use this thing. So companies do have to make wallets and they have to make means of recovery in terms of secrets and all of the things that still plague cryptocurrency.

It's the same here. Your IDs are controlled by these keys and you need to maintain those things. So I definitely think that companies like Microsoft are essential in stepping in here and kind of uplevelling those experiences so that they can really reach a broad base. But that's not to say that Microsoft can be the only one, nor should they be.

All of the things that we would bake into our wallet, many of them anyway, are standard based protocols and formats that other groups can go make wallets around as well. So it's really about picking, what's the experience that's best for you that helps you manage this best and you'll have, we hope a wide selection.

Peter McCormack: I find a lot of the talk about web3 kind of interesting. I recently read the multicoin report, their mega thesis and they talk about web3. I try and think back to when I had my web agency and we kind of went from 1 to 2, but it always felt like a retrospective. We looked back and said, "oh we're in this new era now of fluid webpages and social data" and it was an experience we looked back on.

As people try and predict web3, which they've done many times. I find that a little bit strange because I don't think we'll know what it will be. But I do see that we will potentially look back as a retrospective on web3 and say privacy was central. Control of our data was central and that's the only component of web3 I keep hearing about, that I agree with.

Daniel Buchner: Yeah, so I mean stepping into my personal views. My personal views of how this web3 thing could shape up, one future imagine you have these decentralized identifiers. You don't just have one identifier, I do you want to get that across. Whether it's routed in Bitcoin or Ethereum or anywhere else, you shouldn't just have one, that's obviously highly correlateable. So we believe in this idea of pairwise or private identifiers, where I could meet you for first time and I could create a new identifier there on the spot and that's kind of our conduit, are relationship.

You know me through that. You can store data with me in accordance with it. We can have signed messages between it and it doesn't leak that I might have 10 other identifiers that I use in other connections and circles. So that's a foundation. But once you nailed the identifier layer, which for our contribution, is this ION method that'll run on top of Bitcoin. There's several other types of DID methods. Once you nail that, the next question is, "identifiers and keys can only do so much."

So where does the web3 thing come in? I actually do think it is identity and here's the next step. Basically when you look up one of these identifiers, you get this JSON document and it's got some public keys in it that are associated with the ID. It also has some off chain endpoints. We believe that one of these end points or a few, could be instances of your personal encrypted data store, essentially just think about it like a personal mesh that replicates data between it, just for you.

The data's encrypted, so even if Microsoft hosted it or Google or anyone, the data's encrypted, they're not seeing and tracking all the things you do. That is where the interface is for potentially apps and other interactions that are high value web3 type interactions. I might look up your identifier, find where your data store is and I send you a ping over that.

That ends up on your phone, because it's hard to contact phones directly. So a lot of web3 could actually end up just being interaction between these IDs and these data store relays. I'll give you a couple of examples. When people talk about decentralizing things, you have second hand markets where people post classifieds. Right now you go to one company and you post something, it goes in the database and that's it.

In the future you might be able to create a DID and you could post something in your data store, which is crawlable if you allow. If you say this is a public thing, I want people to see, it's possible to crawl these ID landscapes and then find that same information. So you could have a small company that sort of crawls this decentralized identity web, finds all those same things you would see on some local shopping or classified things and present you a UI that looks exactly the same.

But what it wasn't, was having to have you go and give them a copy of your information and I think that same model can be applied in many areas. It could be ride sharing, it could end up being, what do you call it? Airbnb style stuff or even things like supply chains because all of these things really resolve down to expressions of information and trust and that's coming from the identity layer.

Peter McCormack: It's there a possibility that through the interactions on certain websites... So, for example, if it was Airbnb. You registered and logged in with your decentralized ID, at the point that you're creating a transaction and you're having to enter details about yourself, does that mean they will be able to actually just create new versions of data records to identify you?

Daniel Buchner: Well, I think that we would hope in the fullness of time that if the DIDs are a supported medium of identity in the broader web, that you might hit a site like that and you would disclose, "this is my DID" and you get the minimal amount of information possible. In some cases, in some interactions, maybe there is a lot of information required because it's by law or something like that.

But hopefully it's minimized, like I don't need to disclose my full age, I can disclose that I'm over a certain age threshold. Where I don't need to disclose my exact bank account, you just need to know I have $10,000 or more in the bank. Those are the sorts of proofs that you should be able to provide in those flows and that's what we're looking for.

Peter McCormack: But could there be a case where these companies are storing that information locally?

Daniel Buchner: It could be, but depending on the scheme you use to create such a proof, you can obscure their ability to pass off that this ID that they got it from was related to me, Daniel as the person. We're starting into the phase of doing a lot of work on that. After you get the identifier system set, then it comes to, "well how do we sign proofs with these keys in these identifiers and what types of proofs can we create?" So that's an area of work that we explored already, but we're getting into it more seriously now.

Peter McCormack: What will the user experience be like for the user? Have you done the planning on it?

Daniel Buchner: So it's an app model. I can't talk too much about it because this is something that we're working on now. I can just tell you that yes, it needs to be a friendly application, that is on the devices that are common to users today and it has to not... Maybe they never even see the word DID. Maybe that's not a thing. Maybe they're signing in via some gesture, some mechanism with their phone that feels a little bit natural, that doesn't have to inform them about the obscene complexity behind the scenes. That's I think what a lot of people are looking to do and so that's, I'm guessing the way that we'd go.

Peter McCormack: But if there's an interaction with a Blockchain, so for example, the Bitcoin Blockchain, to create the identifier, will they have to pay that fee?

Daniel Buchner: In my estimation, no and here's why. Because the protocol ION or the DID method ION that we've announced, it's based on another underlying protocol called Sidetree that is similar to these anchoring schemes you've seen for a long time, but it's a little different. So it does allow you high volumes of operations can be batched together and they are anchored with a hash, just like other protocols.

The special part comes in with what the nodes do, that see those operational batches on the IPFS substrate and they fetch them and process them. Think about this, if Bitcoin went up to $10 a transaction, if there was 30,000 high value DID operations for numerous users in that payload, the question becomes to add a key to your ID that may unlock some really, really great experiences for you, are you willing to pay 1/30000th of $10 probably.

That's probably a rounding error. Companies like Microsoft, if we ran one of these nodes, which we can, and you don't have to trust us because all the operations are signed on your local client, you're just trusting us to batch them. We wouldn't charge anything because for us, that's a rounding error, it really is. For most companies of any size, it's a rounding error. So I think there'll be highly aggregated. I don't think the average user will have to pay.

I think that you'll always have the ability to do it without a company doing it. It's an open source node, so you could always run one yourself and if you want to have maximum censorship resistance and you don't even trust sending one of these ops, which Microsoft can't manipulate in any way, just the only thing we'd be able to do is not publish it.

But if you don't trust us or anyone else like that, you can just do it yourself. The reality is that most people's ops are never ever going to get denied by any reasonable company. So we think it's going to be pretty economically scalable.

Peter McCormack: So you would be covering the cost of the...

Daniel Buchner: Yeah, that's the idea going forward.

Peter McCormack: Are there any risks that in the future, years down the line where Bitcoin is used extensively, there's so many transactions going into the Blockchain that the fees go really high. Is that any kind of risk in the future?

Daniel Buchner: I absolutely think it is. It is. So we're not naive about that. Fees at a certain level with this protocol are acceptable. Over an extreme level, probably not. But there are other options how we can evolve the protocol over time. Some of those things that people have done good work in the side chain space and other stuff like that.

We started this in a simple fashion because we wanted to use just the consensus of Bitcoin itself and it's linear, chronological ordering capability, as the consensus instead of going and adding another layer of consensus or another chain that we have to start, because without people really deeply into this protocol and working on it, it would end up just probably being one company running some random system off to the side.

I would rather have that conversation with the community, to show it working over a number of years and if Bitcoin got so popular, thankfully, that we can evolve how we do things and we're completely open to that. But let's get to that good problem first, of having Bitcoin and open public systems be so darn important and and often used that we have even talk about it §

Peter McCormack: Are there any ethical considerations with using the Bitcoin Blockchain for non financial transactions and is there any risk where, okay, so you've got this initiative, but a whole number of other initiatives start using the Bitcoin Blockchain but not for Bitcoin transactions. Is there any ethical considerations about that? Or have you had any conversations with people they believe no, the Bitcoin Blockchain should only be for Bitcoin transactions and not for other data?

Daniel Buchner: Oh, absolutely, you run into those folks. Most people I talk to you are like, "look man, it's a valid transaction if you pay the fee" and in fact the protocol actually incentivizes higher fee payment, so I'm pretty sure that the miners are going to like it from that perspective. Abnormally high fee payment, I guess you could say. There are people that believe that transaction's sent without the intent to deliver money from entity 1 to entity 2 are not valid Bitcoin transactions.

I think that's ridiculous. I mean what we're talking about is a trust layer that doesn't require centralized actors and that's exactly what identity needs. It needs the strongest trust layer and that's these open public Blockchains period. There's been nothing like it before and to say that money... Money is incredibly important. I really think it's money and identity personally, because if you don't have to centralize money, someone controls your money, you lose your paycheck.

If you don't have decentralized ID, someone controls your identity, you may or may not be able to function in society in many, many areas, independent of money. So I think that it's equally as important as money and I'd be willing to have that debate with people out in the open, in the community.

Peter McCormack: Yeah I guess the only fear I would have is that if the blocks got full of non-transaction data and they were slowing the blocks down or people were unable to get transactions through, that would be my only concern. But I wouldn't have any idea how much data would have to be written to a block for it to become a problem.

Daniel Buchner: Not a lot. This protocol can be highly efficient. I mean we're talking about like tens of thousands of operations packed into one transaction, even potentially scaling it beyond that. I think that at single digit percentage consumption of the Bitcoin Blockchain, we would be able to support all of humanity's IDs.

So if we got to that problem and we're like, "oh gosh, we eating single digit percentages of Bitcoin, but we've supported humanity on a decentralized identity system" and I'm not saying that this is going to be the only decentralized identity system for our other collaborators working out there on standards based versions, more power to you and we're going to support you. But the system should be capable, without undue weight on the chain.

Peter McCormack: I kind of agree with you in that decentralized money and decentralized identity are great problems to solve, but they also feel like they go hand in hand.

Daniel Buchner: They really do. There's a lot of places where it doesn't matter if you're using Bitcoin or using the good old US paper Dollar, a lot of places require you to prove identity things before you can actually even give them any money. So sometimes identity is the gate to certain activities, for better, for worse, I should say. I was on Andreas' podcast and he was talking about the "for worse" parts, that maybe we should require as little identity as possible, which I completely agree with.

But the reality is that there's going to be places in life where they do require it and so having as much power on both sides of the equation of your value in your pocket and your identity that you control, I think is that perfect marriage.

Peter McCormack: Are there any new models or workflows or opportunities that this creates that can't exist without decentralized identity?

Daniel Buchner: Oh, absolutely. So I think that many of the services, the market type services we see today, they're centralized because you need centralized coordinators and people sort sort of hook up different entities to do a deal.

I think that once you have this crawlable decentralized identity layer, full of pseudo anonymous identifiers that can be optionally linked to people if they want to disclose that, you can start doing business directly, you can start doing crawl nets where you can end up finding all this intelligent data that people are willing to offer publicly on purpose and create whole new ways of looking at those that probably lower the barrier to creating some of those networks.

Peter McCormack: Does it enable any nefarious uses?

Daniel Buchner: This to me as a libertarian, this is right there in the realm of the rights that we should have and that we shouldn't compromise on regardless of whether there's a minority of mal-use of those rights. I think that any system could be used for bad. We had this adjudicator with a lot of the earlier video recording mediums and the court decided that you can't remove someone's right to record video because someone could copy something from Blockbuster.

That's what this is. The 95% cases that people are doing amazing things with these decentralized identifier systems, that better the lives of people and just do things we had never seen. Then there's going to be a fringe that use them for nefarious purposes and I'm comfortable with that. I'm comfortable with the idea that we can speak freely and that we can own our identities and it comes with a little baggage, but liberty isn't free.

Peter McCormack: Yeah, that's a fair point. Is there any risks here that chain analysts will be analyzing the Blockchain and is there anything they can get from the Blockchain here?

Daniel Buchner: So ION, the protocol that we've announced today, it's not really subject to chain analysis. There's nothing you could learn more on the chain, than the actual identifiers that are out there on the decentralized storage medium, that actually house the ops themselves. There's no PII. I should be very clear about this.

DID methods themself contain no PII, no actual personal information. It's just decentralized public key infrastructure linked to IDs. All of the transaction of verbose identity data, things that might identify you as a person or a sensitive to you, that takes place completely off chain in encrypted channels that are peer based. So they don't really have any data exposed like that to crawl.

Peter McCormack: It's interesting because it makes me think then why are Ethereum putting so much stuff on the Blockchain?

Daniel Buchner: I'm friends with a lot of people in the Ethereum community. I think there's some great people in the community. There's a diversity of opinions there too. I know people that absolutely try to minimize their use of all these chains, regardless of what chain it is. I personally believe that's probably the way to go, because you're going to be able to make a hell of a lot more scalable system, the less you encumber these public networks.

Peter McCormack: Can you see experiences where people have actually linked the identifier to a wallet? So the two go hand in hand, a bit like MetaMask?

Daniel Buchner: Yeah, so I think that those are similar flows. Those are the tools that people need. It's how to control and do identity interactions with a tool that is right there in my browser, potentially alongside me, as I'm trying to log into places that makes that a simple inflow task, where it's not taking me out and disrupting me. That's exactly the sort of UI and advancements we need. But probably even beyond just something like MetaMask.

We've probably got to go... One thing specifically, we've been working on some interesting new cryptographic schemes for recovering secrets, that have not had real implementations yet, that I think will make maybe a little bit better than mnemonics and Shamir. So those are ongoing activities. We're trying to really attack it at the lowest levels, so that we can come up with the tools that could even support the realistic ability for normal people to maintain these IDs and use them.

Peter McCormack: Yeah, similar to with your crypto, if you lose your private key, you're going to lose that identifier you've created?

Daniel Buchner: Yeah, exactly and so that's why we are digging in and we're going all the way down to the level of cryptographic schemes and UX and really that entire stack that's presented to people, so that they have something that makes this doable. Because I actually think that the decentralized identity layer, many components of it, are actually not that difficult compared with the UX of making it real for normal people to use.

The UX is probably the number one challenge and we've got a lot of great UX folks that are working on this, but you look out there in the crypto community and I think we might be under investing in that. If we really want to take it to the next level, it's got to be a hell of a lot easier than it is today.

Peter McCormack: Well I've been highly critical of UX across anything cryptocurrency. I mean there are exceptions. Some people don't agree with me but I actually think Coinbase is pretty good at UX, but there's a lot of tools out there that aren't great.

I've always found MetaMask very difficult to use and I would have thought most normal people, like my friends who haven't got any exposure to cryptocurrency, if you put them in something like in front of something like MetaMask, it's not going to be an experience they can understand and want to use.

I feel like with what you're doing, I guess we can allow a certain additional amount of complexity because this is a beneficial tool to them. Privacy is important. But at the same time it has to be super easy.

Daniel Buchner: Yeah. I'll make a statement today, not pejorative, not against any of the communities, but like I think we need to get leaps and bounds better in terms of UX. I don't think anyone else is out there saying "we have completely solved that. Grandma can use this thing!" That is just not a statement I think anyone can make and I don't think they could keep a straight face if they tried.

But we have to collectively as a community get there and I don't think it's Microsoft putting a monopoly UX experience out there that's the only one you should use. I think it's just us all figuring out the ways that speak to humans to manage these complex flows and reduce it to a level where yes, my mum can do that. So that's the cool part about having a consumer company like this, that has these resources come onboard, because they're going to tackle it with the same amount of rigour that we have to tackle everything else.

We have really high standards for accessibility for folks who might be blind or deaf or those sorts of things and so those needs are baked in from the start. We have to tackle Mt Everest and that's like the minimum bar, because we're highly regulated company, have a lot of government seeing our stuff. So we need to make sure that everything we produce is of that quality, at least that's our approach and that's how we're going to tackle it.

Peter McCormack: It's also quite interesting, because I think we're getting closer and closer to a time where people cannot ignore cryptocurrencies, almost certainly cannot ignore Bitcoin. It's increasingly going to become a part of our life and if you're creating tools such as what you are doing, people are going to have to step up and increase their knowledge.

Daniel Buchner: Yes, I think that there's going to be some learning. I don't think we're ever going to get out of learning anything about it and being able to use it easily. But I do think that, A, there's motivation, because if we can get really core proofs that the person uses in their daily life tied to something, it'll become that muscle memory that you're building and how to use something.

Maybe I show my mum how to do it, and it's hard for the first week, but if she's using it frequently for valuable interactions, she's going to get it. Especially if we lower the bar enough and I think that's the challenge, is how low can we get it that we bring enough people into the fold, who are not technical, that this thing starts a fly wheel motion, because that's what really decentralized identity needs to survive.

Is that it needs enough people operating in that web of trust to build that benefit to everyone involved and then it becomes something that's just inevitable.

Peter McCormack: So how much can you tell me about the tech behind this, the tech stack? You don't have to go into super complex detail, but what's involved in building this infrastructure?

Daniel Buchner: So the ION nodes themselves, it's actually a pretty simple system. It's a system that groups together operations. If you're running one at home, maybe it's just your operations. If you did that, you'd of course you have to pay the full weight of a Bitcoin transaction. But if you assign your operations with keys generated locally and sent them off to a node, what that node is going to do, whether it's at your house or the remote one, is batch them together, create a hash that's linked to an IPFS.

That route node is obviously the holder of that initial data, exposes an IPFS and anchors it in the Bitcoin Blockchain. All the other nodes essentially are looking for those hashes to come up in Bitcoin and when they find them, they start requesting that hash's data and IPFS. Usually it's going to be originating node and whatever nodes it's circulated it to already and they all pin it. So it's not this magical IPFS thing, where just IPFS just stores all your 40GB movies or something like that.

It's specific, deliberate and they only look for these hashes, they store them in all nodes, their full nodes replicate that data. It seems like it might be a lot of data, but it's not a crazy amount. I mean, over 100 billion IDs in the system would be like 50 terabytes to have a full node and you can resolve pretty instantaneously anyone on the planet and there's obviously less than a 100 billion people!

And think about for any company or organization or even like co-op or even a hobbyist of any seriousness, having 50 terabytes, which is like an end state, many years from now when we've wildly succeeded is probably not a lot! I mean for us, for Microsoft it's a rounding error, for any company that makes a few million bucks a year, it's probably a rounding error.

But there is another type of node, there's this Light node and that is a reduction of almost a 100 to 1 in terms of data you need to store to trustlessly resolve IDs in the system and that's small. You could have over 100 billion IDs and you'd have under 2 terabytes of data that you need to store. That's even possible in devices today and I think that a storage grows, things will get better on the cost perspective.

Peter McCormack: Who will operate the nodes?

Daniel Buchner: So right now we launched with a few partners. In our blog post, we've got Equinix, Casa, Cloudflare and Civic is operating a node as well. Right now the commitment that we're hoping from them, is they'll operate these full nodes and to make sure that the system is robust, so that if they use the IDs or other people inject IDs in the system that will have a network that starts to become highly replicated and as time goes on, more nodes will be added.

The cool thing about the protocol though is that you don't have to run a full node or even that Light node, to keep your IDs alive. You're not dependent on Microsoft or anyone else. You could start a node up that just has the data for your ID state changes and offered that out to the world. That would persist your ID information. Even if no one else cared about you in the entire planet, you could still persist that data.

Now I don't think in theoretical economics that that's going to be the case, a lot of people care about you! The world revolves around being able to authenticate your users and your customers and businesses already put a ton of money into this. We have user databases and tables and redundancy and OAuth tokens and all this other stuff that people are willing to spend money on.

So the concept that people and companies are going to be turned off by, "oh, I had to spend money to have a secure authentication system" I think is kind of ridiculous. We're not talking about the spinsters cat photos here. We're talking about like core proofs that enable you to do business with your customers. So that's why I think businesses will replicate this particular subset of data in the world.

Peter McCormack: But will individuals be encouraged to run their own node?

Daniel Buchner: Absolutely! You don't need to run some heavyweight node to just persist your own data. That's something that we want to hope to build into wallets and other supporting services and apps that are on the devices people use today.

Peter McCormack: Somebody said to me recently, that they envisage a future where we have this magic box at home, which is our full node for Bitcoin. It has Tor, it has you everything you need all built into one box. Can you see that scenario? Can you see identity being part of that?

Daniel Buchner: Yeah, it's funny I think that for various reasons and use cases over time, we've always tried to put a box in the home! The only successful one is probably video games, which now actually have... It's weird. They had a lot of storage and power and now they might start waning and streaming games, so maybe you don't need as powerful a box.

But throughout history there's always been mass systems and everything. I do think that we're going to get to a point where there's valuable digital information that you would want to keep in your "safe." Just like you used to keep your gold coins or your deeds or any of these other really important documents in a safe. I think that'll probably as time goes on become normal in human life.

Peter McCormack: It will be a real shift for people though, this kind of sovereign individual, whether it's financial or data, it's going to take a real shift in people firstly trying and accepting and migrating towards it. But it's super important.

Daniel Buchner: Oh yeah, absolutely. I mean your digital footprint today is probably more valuable than the vast majority of things you do in meet-space. I think as time goes on, that's only going to become increasingly the case and so people have to look at this as I'm protecting this digital property that I own, just as much as I would protect cash in my safe or just anything of extreme value at my house. 

Over time I think as we've seen more breaches and violations of people's privacy, I think people are going to get that, because everyone's going to at some point be affected by identity theft and these just devastating losses in the digital realm. The more that it happens, I mean this isn't a positive thing, but the more that it happens, I think the more it forces people to think about how do we get out of the situation!

Peter McCormack: For the future for my children, this is obviously something great. For myself, I'm like, "oh God, I've got so much data out there already." I feel like once I have my decentralized ID, how do I go out there and clean up all my old data that I don't want out there? Do I have to go to every website?

Daniel Buchner: God that's a big question!

Peter McCormack: Yeah, it crossed my mind on the way over because when I did it with Google, I moved to the Brave browser. I got rid of all my Google data and my experience degraded. I got used to things like, when I'm in San Francisco and I do a search for a restaurant, I don't want it to default to London because I want it to know I'm in San Francisco. So I kind of had that realization like I want them to have some of my data. But then I was thinking about this thinking, "God, I just want a fresh start. I want to wipe my records from the Internet and start again!"

Daniel Buchner: God, you know what's really crazy to think about is that, A, that is hard. That's going to suck everyone you've ever interacted with, there's zillions of tracking cookies on every web page. Someone has got something of yours, no matter what, probably everywhere. Not to mention all the non-companies, like individuals, hackers, everyone who probably has copies of all this stuff as well. 

So I almost feel like for us born today, who have had our birth certificates minted already, it's kind of like opening Pandora's box, you can't close it and you can't put the cat back in the bag. It's almost something like you said, for our children or the people that are to come, they will potentially I hope, have the opportunity to start fresh.

To say privacy is baked into my life by default and the preservation of it, is something that is inherent to these digital systems that were created by people who cared enough to do so.

Peter McCormack: Yeah and I also think there is going to be a lot of opportunity for new businesses to create. So imagine companies who are spotting the opportunity to build privacy focused products, that integrate with what you've created, like a category of experiences out there that are based where privacy is central.

Daniel Buchner: Yeah I think so. At first I think it will be people that are highly privacy conscious. You'll get all the early adopters, it might be high net worth individuals or it might be cryptocurrency people. There's people who do care about privacy today because it actually materially impacts their life. The average user I think is going to have to have a lot of carrots, like a lot of great things that they get as a result of having a decentralized ID, they just make their life easier.

So I think it'll come in phases. But it will help, I believe, to have a company like Microsoft that can reach a broad consumer audience, to be there to kind of create that flywheel effect, to sort of prime the pump and get it moving. That's honestly why I went to Microsoft to do this. I worked at Mozilla, I proposed this in early 2012 under the moniker FirefoxHandshake and it was something at a time when they were working on Firefox OS, which sucked a lot of money out of the company, so we didn't have an opportunity to do it.

I went to Microsoft specifically saying, "where is the next place I'm going to go, where I can make this a reality?" When you really look at the ecosystem out there of large companies that have this consumer footprint, there's not a lot who are attuned for this message, for this technology and to really bring it to the fore. Whether it's because they might be incentivized otherwise or it's just not their business.

But Microsoft is sort of in this state where it has the right incentives, it's got the right backing, it has the right footprint in the marketplaces and so that's why I came to do it.

Peter McCormack: One of the things I found interesting, if we roll back to when we first started talking, is you talked about de-platforming and I guess it's a censorship resistant login. Say we had some form of social media website that allows you to use a decentralized login. They wouldn't be able to prevent you from logging in and seeing the website, but I guess they would be able to associate you with an account.

Daniel Buchner: So they still could prevent you from logging in. If the service knows of a DID that they don't want to allow, they can say, "I don't want to allow that." But again, you can mint pseudonymous identifiers, so you can create another one perhaps. But you're right, there's no magic bullet here.

So if someone uses their DID just to log in, but then on the back end of that, it's a traditional SQL database and they just map you over to like some graphic user ID in their system and then they tie all the data that, and they still have it in their central servers, yeah, I mean if they ever cut off access to that ID, they're essentially cutting off access to your data.

So it's really important and that's where that data store piece came in, where maybe there's apps in the future that instead of my to-do-list app, which a certain company that I really love the utility of, stores on their centralized servers, maybe the to-do-list app is an app that is pushed down to my device.

It asks for some identity permissions to my data store and it treats my data store as it's serverless infrastructure. So it's actually just calling some APIs, it doesn't know where my data store is. It could be on Microsoft, it could be a static IP at my house, a little freedom box. That's where it's actually storing this data. It doesn't even have its own app database. That's where I hope we go.

Peter McCormack: Also just came to my mind, if you aren't de-platformed for something like Facebook, your log in to so many other websites has been de-platformed at the same time?

Daniel Buchner: True, very true. It's profound... De-platforming is, this is me speaking personally, I certainly don't want to speak on behalf of Microsoft or anything. But I think de-platforming is the wrong way to go. I think that it's trying to solve what it perceives is a problem, in a way that degrades other rights of ours and in the process we'll probably lose a great many more.

So I think that... Justice Brandeis talked famously about the best antidote to bad speech is more speech. It's not a reduction of speech, is not exclusionary thinking because that is going to to balkanize people, it's going to crystallize them against your point of view. The best way is to just allow people to speak freely and disagree with them vehemently with ideas.

Peter McCormack: Have you talked to Andrew Torba?

Daniel Buchner: Who's that?

Peter McCormack: He's the guy from gab.com, Andrew Torba?

Daniel Buchner: I haven't had any conversations with him at all. Again, this is open source stuff though. Anyone can use this and we'd encourage... I don't care whether... A lot of people disagree with me right? At work and my personal life, I'm the libertarian, we don't have the largest percentage of representation in the world! 

So I'm used to that. But whatever part of the political spectrum you're on, even if I may disagree with you on certain points, I hope you embrace this technology because it's going to make your life better and that doesn't care who's in the White House or who you vote for. It's just going to make your life better.

Peter McCormack: So when can we start playing with it?

Daniel Buchner: So ION, the thing we launched today, that's in a very early reference node state. It is runnable. It runs on Bitcoin testnet. The protocol is not fully implemented, so there's lots of features it talks about in other areas that just aren't there, things we need to harden. We chose, and I really encouraged Microsoft to come out and talk about this early, because we don't want to just bake something and then say, "here, it's all done."

We would rather have people in there, when there's rough edges, to welcome people to work with us and make sure that they had a hand in shaping it. Instead of just saying, "here's this finished product and you should just use it." That was the thinking. So there's tons of rough edges! You're going to hit snags and it's going to be tough, but over the coming months, we're going to get it ready for a mainnet release.

Peter McCormack: Has there been much of a reaction from others within the Decentralized Identity Foundation?

Daniel Buchner: We've worked with a great many partners in there. Ironically enough, some of the best thought and technical contributors to shaping this protocol and this work over time have been from the Ethereum community, especially Christian Lundkvist, formerly of uPort and others. Chris Allen, I've talked to off and on throughout the last few years and bounced ideas off him. It's come from all over the landscape, all over the crypto ecosystem.

So that is one thing I really value about this work, is that it's one area of the crypto ecosystem that I get into rooms and people aren't fighting about these underlying systems. For once we just sit at a table and we talk about technical problems and they might say, "hey, I want to go anchor the base of my system here and there", but no one has to fight about that because the cool part about decentralized identities is it's your choice and we just want to make sure that people have that choice.

Peter McCormack: Cool, okay! A couple of things just to close out with. What's your kind of general feeling of Bitcoin at the moment?

Daniel Buchner: I still think it's in really early stages. Like you said, the UX problem to solve is just as hard for identity. Adoption needs to happen. We probably need to see more institutional players come in and do certain things to broaden the base a little bit.

I think it's a young technology, but if you look at the web, I mean the web didn't really even get popular until sort of the mid to late nineties and it had been around for well over, what is almost two decades in some primitive form. Obviously not consumer usable, but the theory of sending packets was there for a long time. I think that Bitcoin is going to follow a similar trajectory, in the sense that it's going to take a while and we'll be there to help

Peter McCormack: Are there any other initiatives within Microsoft with Bitcoin, and then I'm going to say "Blockchain"?

Daniel Buchner: Yeah, so in relation to Bitcoin, when I talk about, "we're here to help", I mean, me personally, I don't mean Microsoft obviously. But I think there's limited things that we're working on.

This is the only thing that really touches Bitcoin, that we're working on right now and that's because other than accepting it for payment I think in some other divisions, because these underlying systems are actually good at the thing we're trying to do, which is a chronological decentralized lineage.

We don't have a lot of other uses for it right now, so I'm not actively engaged in it and Microsoft isn't supporting any other initiatives I'm aware of with Bitcoin. But we'll use it where it presents itself as a good solution!

Peter McCormack: Okay. Lastly, where can people find out more? Who do you want to hear from and how can they get in touch?

Daniel Buchner: Yeah, so if you wanted to hit me up on Twitter @csuwildcat. There's a website for decentralized identity on the Azure domain. So if you just type in Microsoft decentralize identity, you'll get it.

There's a great white paper that we did that's like 30 pages long. It describes this entire thing that you and I talked about, probably not even in as high technical detail, that can help really for non-technical folks and can get them into what is the entire framework? What is all this about?

So that's where I encourage them to look. Then DIF as well, Decentralized Identity Foundation, its identity.foundation. Tons of companies, competitors, everyone working together to make these open source standards.

Peter McCormack: Amazing. Well listen, I'll share that all out on the show notes. Congratulations and thank you for coming on and hopefully we'll do this again in the future, once I've had a chance to play with a decentralized identity. Hopefully we'll catch up again in the future!

Daniel Buchner: Absolutely. Thank you for having me!