When swathes of the internet were taken offline for hours last year, it was because Internet of Things devices had been hijacked by a malicious botnet, known as “Mirai,” that overwhelmed parts of the global network with streams of data.
The Mirai attacks were made possible by easily discovered passwords hard-coded into the cheap devices, which were mainly internet connected cameras. The cameras in turn were able to direct floods of traffic at targets because it’s easy to fake internet addresses. The vulnerabilities go to a core problem with the way the internet is designed: There isn’t a foolproof way to identify people or machines online.
“The Mirai botnet is a direct result of the fact that we didn’t think about identity originally,” says Dan Elitzer, who leads work on blockchain technology and digital identity at the research and development unit of design consultancy Ideo. “Now it’s time to say we had some fundamentally flawed assumptions at the time.”
Elitzer isn’t alone in his thinking. His firm is part of a group, including Microsoft, Accenture, and several startups, that launched the Decentralized Identity Foundation at the Consensus blockchain tech conference in New York May 30, with the goal of developing a system to reliably identify things on the internet. They think they’ll succeed because they’ll use blockchain technology, that same system catching the imagination of banks, corporations, and libertarians.
Blockstack, one of the foundation’s startup members, has released a set of programming tools and a handful of pre-made apps that would create a decentralized internet. Greater decentralization of the internet would place more control in the hands of the user—or more specifically, the user’s devices, instead of relying on clouds operated by the likes of Google or Amazon. “Every character you type is literally going to Google,” says Muneeb Ali, Blockstack’s co-founder. “But your device is almost like a supercomputer. We just need to upgrade the internet infrastructure to be more user-friendly.”
Among the apps Blockstack released at the conference is one for decentralized storage called Gaia that lets users keep files on existing, centralized services like Dropbox or Google Drive, while splitting up the contents and keeping them encrypted from the service operators. This turns the cloud services into “dumb drives,” Blockstack explained in a blog post.
Blockstack faces an uphill climb. In order for its vision to succeed, the company must first convince developers to build things on top of the infrastructure it has designed. Those developers must then create compelling applications, which attract hoards of users. And that’s not taking into account competition from the internet giants they’re trying to disrupt. Even the inventor of the web, Tim Berners-Lee, is working to solve the same problem with his Solid project, which he hopes will “re-decentralize” the web—but with little evidence that his efforts are paying off.
Microsoft’s involvement in the Decentralized Identity Foundation gives hope that the project’s quixotic goal may one day be realized. Microsoft is on the back foot when it comes to internet identities today, crowded out by widespread use of Gmail accounts or Facebook logins among consumers. ”With Microsoft, it’s the Android play,” says Elitzer, referring to the Android operating system’s open-source nature, which allowed Google to rapidly grab market share in the smartphone sector.
Daniel Buchner, who runs decentralised identity projects at Microsoft, sees the comparison to Android differently. “We’d want a fully open-source, unencumbered model where your data and your identifiers are yours, and not necessarily lock you in to an eco-system that is specific to us.”
Big banks and corporates who think a blockchain might be a panacea for the problem of digital identity have some support. In the Netherlands, the ministry of economic affairs has started the Dutch Blockchain Coalition, getting government agencies and corporations to work on digital identities using the technology. Djuri Baars, a blockchain specialist at the big Dutch bank Rabobank, imagines a system that allows users to control what pieces of private information they wish to share with banks, the tax agency, or even a supermarket when buying a bottle of wine. “Because everyone can use the blockchain, everyone can connect their own systems to the blockchain,” he says. “You can give explicit consent to share information with specific recipients.”
The open-source Hyperledger Project, a consortium of 142 corporate members from Airbus to Samsung, is also working to decentralize identity. “It’s critical to everything,” says Hyperledger executive director Brian Behlendorf. “You have to have identity to do business. But how do you implement it in such a way that privacy is built in?” The consortium is developing something called Project Indy to address this problem. “We can correlate an identity on one chain to an identity on another. It allows individuals to be a point of authentication on how their data gets shared,” Behlendorf says.
The problem of digital identity on the internet has attracted a motley crew of computer scientists, big banks, and industrial conglomerates, bound by a shared belief that the ideas behind bitcoin could solve one of the online world’s trickiest problems. For many in the space, there is also a sense that blockchain tech could be the internet’s missing link. “We got many things wrong in the early days of the web,” says Behlendorf, who developed the open-source Apache server, which powers most of the web today. “This is a chance to get it right.”
This story was updated with comments from Microsoft.