The dangers of “decentralized” ID systems

🌈 Abstract

The article discusses the dangers of "decentralized" ID systems, highlighting the issues with relying on government-issued IDs as a base layer, the state's unwillingness to give up its monopoly on identity, the potential for censorship in decentralized ID systems, and the risks of linking all of a person's activities to a single persistent identity.

🙋 Q&A

[01] Reliance on government ID as a base layer

1. What are the issues with relying on government IDs as a base layer for decentralized ID systems?

• If decentralized ID is just an extension of the existing government ID system, it provides neither privacy nor financial inclusion.
• The existing government ID system is harmful, inaccessible, and a single point of failure, excluding millions of people who can't get government IDs.
• Relying on government IDs means that decentralized ID systems cannot protect users against state surveillance.

2. How does the existing ID system harm and exclude people?

• Via government ID KYC, the state already excludes regular people from jobs, banking, apartment rentals, healthcare, receiving mail, sim cards, contracts, and more.
• If the state refuses to print ID for someone, there are no appeals, alternatives, or NGOs that can help.
• Even IDs for undocumented people require a foreign passport, national ID card, or birth certificate, and can't help people who have no state-issued identity documents at all.

[02] The state's monopoly on identity

1. What are some alternative approaches to verifying identity without relying on government IDs?

• Some decentralized ID protocols use a web-of-trust, where friends or family can vouch for a user's name, age, or location, or biometrics like fingerprints or iris scans.
• These approaches remove the ability for state censorship and are more accessible for stateless, undocumented, and unregistered people.

2. Why is it unlikely that the state will accept these alternative approaches?

• The state uses its government ID system to whitelist citizens at birth and control immigration, and is unlikely to allow people to bypass this system.
• If the state incorporates biometrics or web-of-trust, it will likely do so on its own terms, requiring an existing government ID to sign up.

[03] Censorship and surveillance risks

1. How can decentralized ID systems be censored?

• Some decentralized ID protocols use cryptocurrency addresses as identifiers, which can be censored based on transaction history.
• Users could be shut out of exchanges, marketplaces, and social media platforms due to their transaction history.

2. What are the dangers of linking all of a person's activities to a single persistent identity?

• It can lead to disproportionate surveillance, as the state can track people from "birth certificate" to "death certificate", compiling details of their lives.
• It can cause self-censorship, discomfort, and safety concerns, as people may want to compartmentalize their activities and use pseudonyms or throwaway accounts.

[04] Alternatives to persistent identities

1. What are some ways to establish trust without a persistent or state-assigned identity?

• Anonymous transactions, keys and smart cards, PINs and passwords, cryptographic keypairs, reviews and reputation, cash deposits and escrows, and non-government IDs.

2. Why should neither a single persistent identity nor a state-assigned identity be required for participation in the economy or social networks?

• For many commercial transactions, a persistent or personal identity is not necessary, and simply stating a name should be enough with optional verification.
• Requiring a single persistent identity linked to government ID leads to surveillance and exclusion, which the article argues should be avoided in decentralized ID systems.