In our increasingly networked world, identity management has become crucial. Who are we really, and how do we interact with each other across distance and through new technological systems with confidence? The advent of blockchain intensifies this issue, as decentralization reveals the inadequacy of legacy identity models. While some are trying to find ways to shoehorn decentralized systems into the old username/password model, Follow My Vote sees this disruption an opportunity to innovate and address some of the widespread problems endemic to the old systems.
Blockchain systems form a foundation for application back-ends which handle the data in applications relied on by multiple people. In the old centralized software systems, all of the data was handled privately by a single person or organization who was trusted to act honestly. In decentralized counterparts, such as blockchain systems, this data is handled openly by computers in the network which must follow publicly known rulesets called protocols. This eliminates many difficulties and ambiguities common to multi-person applications and contracts, such as disagreements over what happened when, data recovery, and detecting and correcting unintended operations due to software errors or hacking. This resiliency makes decentralized systems ideal for sensitive application domains such as governance and finance, where errors and hacking must be trivially detected and corrected automatically and without the possibility of further error; nevertheless, virtually all applications which affect multiple people stand to benefit from these advantages.
Identity Crisis: Transitioning to a Decentralized Ecosystem
The transparency of blockchain introduces one logistical difficulty, however: how do people interact with a decentralized back end? In order to act within the system, a person must identify themselves and prove that they really are who they say they are, rather than an impersonator. Historically, this has been solved by the use of a secret that only the person and the centralized system authority know: a username and password pair. Like a secret knock or handshake, the authority challenges the person entering to demonstrate knowledge of the secret and allows access only if they succeed. This model works in centralized systems which are based on secrets being kept by a trusted authority, but fails in decentralized systems wherein this role is eliminated. The old model of a secret password for each application cannot last.
How, then, will people log in to the decentralized applications of the future? How will we ensure that our content and activity are secure against hacking? To understand this, we must first examine the full picture of how centralized applications work today.
How it Works Today: Custodial Identities
Whenever a person wants to access a multi-person online software system, they open an app for that system. That app is a software front end application, a program which serves as an intermediary between the user and the online system. They typically get this app by either installing it from an app store or loading it as a website with a web browser (which is really just another app). They use this app to log in to the system, view content within the system, and to interact with it. Behind the scenes, every time the person takes an action (such as logging in, or viewing their feed, or making a post), the app front end sends a request to the back end, which is software running on another computer in some deep dark datacenter somewhere. The computers in that datacenter have secret data, such as people’s accounts, login information, posts, locations, histories, et cetera; as well as the secret instructions by which this data is managed. When the app sends the request, the back end processes the request according to these secret instructions acting on the secret data to form a response. The front end app receives this response and interprets it into a form which is displayed to the user. The cycle repeats until the person leaves the app.
This is how virtually every app we use today works. Now, before we discuss how the new apps will work, consider some of the key assumptions implicit in how today’s solutions operate. All security in these systems relies upon the technical competence and honesty of the people in charge of that datacenter, usually some big tech corporation. The availability, integrity, and completeness of the information stored are managed by this organization at their own discretion, and we must rely upon them to secure this information from attacks. Moreover, all of this information belongs to that organization: people’s accounts, their posts, their histories — all are data which belongs to that company. The people who use these systems have no privacy from the organizations running them, and the accounts the people make on these systems do not belong to the people who made them, but rather to the organization controlling the system. These accounts do not exist to benefit the people who made them, but rather to enable the organization to automatically track these people and their actions. Finally, the code which manages this data is also the secret property of the organization, and the people using the system have little visibility into what data is kept or how it is used.
How it Can Work Tomorrow: Bring-Your-Own Identity
Follow My Vote envisions new, decentralized applications based upon blockchain systems which will work quite differently from this. From the people’s perspective the basic experience will remain familiar: the software front end will display pages and allow interaction; however, the inner workings, and especially how those pages are created, will be completely different. All of the code in the system, both the app front end and the blockchain back end, will be open for review and audit. When people open apps, their device will securely retrieve the public app code and run it. When people take actions within these apps that affect other people, the app will create a transaction to be processed by the blockchain back end, using public code, to update the public data.
People’s identities and data within the systems will be handled differently as well. Rather than creating a separate account for each app and entrusting those accounts to the apps’ creators, people will create their own identities, which belong to them and can span accross many apps from many different creators. Any data kept on people’s histories, habits, identities, timelines, et cetera will be private to those people, kept or removed at their discretion. When people open apps, those apps will be able to access their private data, but will not share it without their permission. Even the people who made the app won’t be able to see the data the app manages on someone’s device when they use the app. The apps will use the private data available on the person’s device, along with shared or public data, to create pages for the person to interact with.
The Future Looks Bright
This decentralized model has significant benefits over the centralized model. Security and private data are distributed, so there is no central repository of private data or authentication information which can be hacked or corrupted. Private data, including the data that controls the behavior of identities, will be stored privately in each person’s own devices, secured by their own standards. A highly diverse security environment like this makes hacking far more difficult and time-consuming, while at the same time reducing the payoff of a successful hack from gaining potentially millions of people’s data to only getting data from one or two people.
In addition to benefits in security and privacy are benefits in performance. While the decentralized model will likely yield slower apps at first, it raises the ceiling on responsiveness because it moves most of the data closer to the people to whom it is relevant. The current model of centralized apps is already scraping the ceiling of performance and scalability, requiring incredibly complex technical orchestrations to manage many millions of people’s data quickly and without errors. Breaking these gigantic data conglomerations into small pieces located physically close to the people who need them enables solutions that are more responsive, more scalable, and easier to understand and maintain. While it will take time to refine the technology to realize these advantages, the new model eliminates the barriers to greater performance, meaning that tomorrow’s apps will be able to vastly outperform today’s.
As we examine the possibilities offered by blockchain and decentralized technologies, it becomes clear that taking advantage of the higher security standards and transparency offered by these technologies will necessitate many changes to the status quo of how our networks and applications work today. These technologies require new tools and practices to be developed and refined, new approaches and mindsets to be learned, and nothing short of billions of lines of code to be replaced. They imply changes to how we manage identity, how and where we store and transport data, and how we design software to represent the situation to people.
Follow My Vote is proud and excited to be on the forefront, pioneering this new ecosystem of applications and technologies, both for the opportunities we see, and for others to find their own. We are designing software to enable people to interact with blockchain back ends from their devices, ensuring that the apps they use are equipped with the same indomitable standards of security and verifiability as is enjoyed by the blockchain itself. With our Pollaris project, we are exploring the technological basis of this new generation of software systems and refining it into a platform that supports not only our apps, but everyone else’s as well. We hope you are as excited for the future offered by decentralized technologies as we are, and we look forward to seeing you there!