154 - Sign-in With Ethereum with Wayne Chang

Podcast Summary

• Ethereum as a Decentralized Alternative to Tech Giants' Digital Identities: Ethereum projects like Sign in with Ethereum have the potential to disrupt tech giants' control over digital identities and offer a more sovereign and decentralized alternative, leading to a more free and autonomous Internet for users.

  The Ethereum network, through projects like Sign in with Ethereum, has the potential to disrupt the current tech giants' control over our digital identities and offer a more sovereign and decentralized alternative. Wayne Chang, a researcher and core dev behind the project, explains why Google, Facebook, and Twitter function as banks for our online identities, and how Ethereum can become the standard way to sign in to applications and social media platforms. This shift towards a more decentralized identity system could lead to a more free and autonomous Internet for users, and is an important step towards separating identity and state, much like the separation of money and state in crypto. For Bankless listeners, this conversation is just the tip of the iceberg, and they can dive deeper into these topics by signing up for the debrief podcast and participating in the Twitter space. Additionally, Bankless is experimenting with tokenized content, including Monday podcasts, and offering NFTs to premium members. Kraken, the recommended crypto exchange for 2023, is a sponsor of the show.

• The Complexity of Identity on the Internet: The Internet lacks native identity primitives, leading to reliance on third-party logins and potential adverse incentives.

  The current state of identity on the Internet is a topic of much discussion due to its complex and multifaceted nature. Identity can be seen as a set of attributes around an entity according to technical specifications, or as the way we recognize, remember, and respond to people and things in a broader sense. The Internet, like crypto, was not built with native identity primitives, leading to the prevalence of logins with third-party platforms. This conversation can be framed as similar to the lack of a native payments system on the Internet, which has resulted in an advertising-driven model. Wayne Chang, co-author of the Sign in with Ethereum EIP, believes that this lack of baked-in identity solutions has led to problems and market solutions with potential adverse incentives. The conversation will delve deeper into the concept of identity on the Internet and whether it's considered broken in its current state.

• Online Identity: Complex and Multifaceted: Online identity consists of multiple logins, social media profiles, and digital presences. Maintain separation and strive for ownership and control.

  Identity, whether in the physical world or the digital one, is complex and multifaceted. It encompasses various components, including our nation-state-approved identities, socially defined identities, and online identities. Our online identities consist of multiple logins, social media profiles, and digital presences for different contexts. These different areas require us to bring different aspects of ourselves, and it's essential to maintain a separation between them. Ultimately, we should strive for ownership and control over our digital identities, allowing us to decide where and when they are revealed. At the core, identity is infinite and unconstrained, transcending across time and contexts, and cannot be fully captured by any single system or social structure.

• Dominance of Few Tech Companies in Digital Identity Management: The current digital identity management system is controlled by a few dominant tech companies, increasing reliance and risks, proposing a shift towards more decentralized and direct authentication systems using blockchain-based platforms.

  While our digital identities are infinite and adaptive, they are increasingly controlled and managed by a few dominant tech companies through protocols like OpenID Connect and OAuth 2. This centralization of digital identity has significant risks, including loss of access to multiple accounts if one account is compromised. The solution proposed is a move towards more decentralized and direct authentication systems, such as signing in with Ethereum or other blockchain-based platforms, to give individuals more control over their digital identities. This shift could reduce reliance on large tech companies for identity management and increase privacy and security. The current state of digital identity on the internet is dominated by a few intermediaries, leading to a loss of control for individuals, and it's essential to consider the risks and potential solutions to this issue.

• Web apps as digital identity 'banks': Web apps hold our online logins, creating risks like lack of oversight, no insurance, and hindered competition. Understanding identity, authentication, identifier, and their roles is crucial for navigating the digital world.

  Web 2 apps can be considered "banks" for our digital identity, as they hold custody and control over our online logins. This centralization brings risks such as lack of oversight, no insurance, and potential stifling of innovation. Additionally, these apps may incentivize keeping users within their own ecosystems, limiting competition and hindering potential growth. It's essential to understand the differences between identity, authentication, identifier, and the roles they play in the digital world. Identity is a complex and contextual concept, while an identifier is a digital handle like an email address or ENS name. Authentication determines if someone is who they claim to be, and there are three ways to do so. It's crucial to be aware of these concepts as we navigate the digital landscape and explore decentralized alternatives.

• Identity Ecosystem: Authentication with Ethereum: Ethereum handles authentication through Ethereum addresses, but it doesn't include authorization functionality. Identity ecosystem involves three main categories: something you know, something you have, and something you are.

  The identity ecosystem involves three main categories of authentication: something you know (like a password), something you have (like a physical token), and something you are (like biometric data). Authentication is the process of confirming someone's identity, while authorization determines what actions they are allowed to take once their identity has been confirmed. Signing in with Ethereum uses Ethereum addresses as identifiers and involves the authentication step through protocols like Connect Wallet, where users allow Dapps to see their Ethereum address for the session. Ethereum addresses serve as identifiers in this context, representing the controller of the Ethereum account. However, Ethereum itself only handles authentication and does not include authorization functionality. The full identity puzzle consists of multiple pieces, and Ethereum is just one part of it.

• Standardizing Ethereum Signing for Improved User Experience and Security: Standardization of Ethereum signing through initiatives like 'Sign in with Ethereum' brings about improved user experience and increased security by providing a consistent message format, making the signing process feel more seamless and preventing potential security risks.

  Ethereum signing is a method for proving ownership of a specific Ethereum address through the use of private keys. This process is becoming standardized through initiatives like "Sign in with Ethereum," which aims to create a common specification for message formats. This standardization brings about several benefits, including improved user experience and increased security. With a consistent format, wallets can provide a more seamless UX for users, making the signing process feel more like a regular login rather than a technical hurdle. Additionally, the standardization helps prevent user confusion and potential security risks that come from varying message formats across different dApps. By getting the ecosystem to rally around a common specification, we can create a more consistent and secure experience for Ethereum users.

• User-controlled data vaults and online identity: The future of online identity and data management is in users bringing their own data vaults to services, enabling secure connections and improving privacy properties by eliminating intermediaries.

  The future of online identity and data management lies in users bringing their own data vaults to services instead of relying on centralized databases controlled by organizations. Ethereum signing is just the beginning of this paradigm shift, enabling users to define the entirety of their login experience across various services. This approach, called "domain binding," ensures secure connections and improves privacy properties by eliminating intermediaries. It allows users to access their files from any service that speaks the data file sharing protocol, making things not solid by default. This concept comes from the DeFi world, where users bring their assets and private keys to interact with different user interfaces, contrasting the traditional banking experience where users have to log in to a centralized institution to access their money. Ultimately, this shift towards user-controlled data vaults aims to invert the current relationship, giving users more control and autonomy over their digital assets and identity.

• Decentralized data storage and control: Users will have control over their data and identity profiles through decentralized systems and data vaults, ensuring greater security, privacy, and user sovereignty.

  The future of data storage and control lies in decentralized systems, such as those enabled by public blockchains. Users will have sovereignty over their data and identity profiles, which they can bring with them into apps and interfaces. Data vaults, which can be hosted on personal servers or hired vendors, allow users to maintain control over their data through encryption and smart contract governance. An example of this is the upcoming mobile driver's license technology, which uses cryptography to allow users to store and control their license information on their phones. The ultimate goal is to ensure that users retain control over their data and that it is never accessed without their permission. This shift towards user-controlled data represents a significant departure from traditional web 2.0 services, where users' data is often housed and controlled by the service providers. The use of decentralized systems and data vaults allows for greater security, privacy, and user sovereignty.

• Create and manage a digital identity vault using blockchain technology: Users can store and access various forms of digital identity and data through a secure, decentralized identity vault, improving the user experience in web 3 applications by allowing users to bring their settings, preferences, and data with them across different dApps.

  Users now have the ability to create an "identity vault" using blockchain technology. This vault can store various forms of digital identity and data, which can be accessed and verified through an Ethereum address and private key. The user has control over what information is stored and where it is stored, whether it be on a personal device or in the cloud. This concept can improve the user experience in web 3 applications by allowing users to bring their settings, preferences, and data with them across different dApps. For example, Uniswap, a decentralized exchange and NFT aggregator, allows users to easily access their bank account and buy, sell, or swap tokens and NFTs without the need to import token lists or settings every time. Arbitrum, a scalability solution for Ethereum, also enables faster transaction speeds and lower gas fees for developers and users. By utilizing an identity vault, users can securely and conveniently manage their digital assets and data in the decentralized web 3 environment.

• Stay updated on airdrops with Earnify: Earnify notifies users of new airdrops and offers advanced features with Premium, while the future of decentralized identity is focused on privacy, experimentation, and practical use cases.

  Earnify is a platform that helps users never miss out on airdrops by notifying them via email when their wallets receive new airdrops. Additionally, Earnify Premium offers access to advanced airdrops and the ability to set reminders for multiple wallets. Vitalik's vision for Web3 Identity is that it is boundless and can be anything, and the future development of identity platforms is focused on figuring out how to effectively store and share various types of data in a decentralized and open way. In the future, signing in with Ethereum could mean using a new, privacy-preserving Ethereum address for each interaction, which would not require any linked transactions or personal data. This strong version of signing in with Ethereum would allow users to bring in parts of their social media graph as signed statements, providing them with more control over their data while minimizing privacy concerns. Overall, the future of identity and decentralized platforms is focused on experimentation and finding practical use cases to build resilient systems.

• Shifting towards authentication methods involving something you have: The future of authentication may eliminate the need for password managers by using private keys, but innovation in custody and UX is crucial for mass adoption.

  The future of authentication may move beyond traditional passwords and toward methods that involve something you have, such as a private key. This shift could potentially reduce the need for password managers, but they may still have a role to play in managing other types of data. However, innovation in the custody and UX aspects of identity and web 3 is crucial for mass adoption. The strong version of this system could make the selection of wallets obsolete and provide more transparent and secure methods of authentication, including social recovery and smart contract wallets. Additionally, privacy concerns related to the sharing of sensitive information, such as identification documents, could be addressed through the use of zero-knowledge proofs. Overall, the future of authentication is likely to be more secure and convenient, but it will require continued innovation and investment in the right areas.

• Privacy-preserving solutions like zero-knowledge proofs enable minimal disclosure in digital credentials: Zero-knowledge proofs allow for private verification of facts like age or citizenship, ensuring only necessary info is shared in the decentralized identity ecosystem, potentially combating online threats.

  The tech industry is exploring privacy-preserving solutions, such as zero-knowledge proofs, to enable digital credentials that can prove certain facts, like age or citizenship, without revealing unnecessary personal information. For instance, instead of sharing a selfie or other sensitive data to prove you're over 21, you could use Ethereum signing and zero-knowledge proofs to prove your age privately. This concept is known as minimal disclosure and is part of the decentralized identity ecosystem. Privacy is about having appropriate control over information flows, and these solutions can help ensure that only the necessary information is shared. Furthermore, these privacy-preserving technologies could potentially help combat propaganda bots and other online threats by allowing users to present their on-chain and off-chain data in a controlled manner.

• Revolutionizing online interactions with Ethereum's session keys: Ethereum's session keys eliminate the need for cookies, enhance authentication, and offer secure, decentralized interactions, improving user experience and privacy

  Ethereum's session keys have the potential to revolutionize online interactions by eliminating the need for cookies and enhancing authentication, especially in the context of preventing propaganda bots and deep fakes. Session keys allow users to sign off on various interactions, granting limited permissions for specific tasks. This not only improves user experience but also provides an additional layer of security. Cookies, which are commonly used to maintain sessions and track users across websites, can erode privacy. Ethereum's session keys offer a solution to this issue by enabling secure, decentralized interactions without the need for cookies. This shift towards signing-based interactions could lead to more sovereignty and privacy for users online.

• Empowering Digital Identity and Online Authentication with Ethereum's Sign in with Ethereum: Ethereum's Sign in with Ethereum system enables users to interact with the web in a more seamless and empowering way through temporary, limited authorizations called session keys, providing a foundation for decentralized applications and a valuable tool for the future of digital identity and online authentication.

  Ethereum plays a crucial role in the future of digital identity and online authentication through its Sign in with Ethereum paradigm. This system allows users to interact with the web in a more seamless and empowering way by using temporary, limited authorizations called session keys. These session keys enable users to make digital statements and sign transactions, providing a degree of empowerment and enabling new use cases. The Ethereum blockchain serves as the foundation for this system, acting as a network effect and a data museum where users can showcase their digital assets and NFTs. It's a bootloader for getting private keys into the hands of the masses, making it a valuable tool for the future of decentralized applications.

• Ethereum as a Settlement Layer for Decentralized Identity: Ethereum's uptime, censorship resistance, and decentralized nature make it an ideal settlement layer for decentralized identity systems, enabling trust and security for identity assets.

  Ethereum serves as a settlement layer for identity in the decentralized digital world. It goes beyond just being a public key infrastructure adoption event, but also provides natural ways for users to log in to services with the use of smart contract wallets and recovery mechanisms. Ethereum's uptime and censorship resistance properties are essential for advanced functionality, making it a credibly neutral platform for identity systems. The decentralized nature of Ethereum is crucial to avoid control by corporations or nation states, ensuring trust and security for identity assets. The Ethereum ecosystem's technology components, such as EIP-191 for personal signing, make it an ideal choice for building decentralized identity ecosystems. Additionally, the dApp developer ecosystem's excitement to build for users in various industries further emphasizes Ethereum's role as a settlement layer for identity.

• Decentralized Identity: Individuals as Issuers, Holders, or Verifiers: Decentralized identity empowers individuals to control their data and present it as desired, with the goal of creating a neutral, interoperable system that grows through community engagement and use case-driven data filling.

  Decentralized identity allows individuals to take on various roles - issuer, holder, or verifier - in a system that values neutrality and interoperability. This concept aligns with the "Festival of the Commons" idea, where the more people engage and contribute, the better the system becomes. The challenge is getting the ball rolling by filling up "data vaults" with useful information, which will likely be use case-driven and invisible to users at first. The goal is for individuals to control their own data and be able to present it as desired, with the system becoming more complex and managed over time. The first step is to bring people together in a community to discuss and align on solutions to common problems, such as encryption to Ethereum addresses.

• Sign in with Ethereum: A game changer for web interaction: Sign in with Ethereum empowers individuals by enabling direct authentication, issuing credentials, and granting permission slip stacks, transforming the way we interact with the web.

  Sign in with Ethereum represents a significant step towards giving users control over their data across the web. By utilizing public-private key cryptography, it enables new user-centric modes of interaction, such as issuing credentials and allowing users to write permission slip stacks as data. This shift towards direct authentication and the builder ecosystem that follows can lead to a model where platforms log into users' data vaults instead of the other way around. Wayne, who was a guest on the podcast, is optimistic about this technology as it enters the second phase of crypto, where the focus is on taking back our identity. Sign in with Ethereum is a crucial part of this strategy, and it's why David and the speaker are in crypto. They encourage Bankless Nation listeners to visit the Spruce website (spruceiddot.com) and read about the EIP (EIP 4361) that outlines the original signing with Ethereum proposal. This technology has the potential to change the way we interact with the web, putting power back in the hands of individuals.

• Exploring Ethereum's Frontier with EIPs: EIPs are crucial for Ethereum's development, but investing in cryptocurrency carries risk. Join the Ethereum frontier to be part of the Bankless journey, but always protect your identity.

  Ethereum Improvement Proposals (EIPs) are important documents in the Ethereum community, and the speaker, David, has even authored one himself. However, before diving into EIPs, it's important to note that working with cryptocurrency carries risk, and you could potentially lose the funds you invest. But, your identity is something you will always keep, assuming you're signed into Ethereum. The speaker encourages listeners to join the Ethereum frontier, which may not be for everyone, but is an exciting part of the Bankless journey. David thanks the audience for being a part of this adventure. While EIPs may not be for everyone to read, they are essential for the development and improvement of Ethereum. The risks involved in cryptocurrency should not deter you from exploring this new frontier, as long as you're aware of the potential risks and are committed to protecting your identity.