So, does it work right now? Okay. Hi everyone, my name is Paul. I'm from Vienna. Thanks for showing up to this very nerdy topic. I hope I can contribute something. So based in Vienna, normally I don't fly long haul at all. So this I came here for this very specific reason to tell you about this because it's really close to my heart. I call myself a digital human rights activist. Yeah. Employed as a as a researcher at the university currently. I have a background in wireless mesh networking. The movement I'm involved with is called battle mesh.
It's a weird title, has nothing to do with weapons or war or anything. It's a scientific competition. If you're interested, I can tell you about it later. It's a long tradition, 10 years right now. Yeah, and uh since roughly 10 years I'm in in the field of advocating for alternative media ecosystems like the Fediverse, like the Atmosphere. And my perspective is from a person who has been lurking for 10 plus years in forums where people talk about internet identity. So the Internet Identity Workshop, the rebooting web of trust community, and uh several groups at the W3C.
So I have been reading and trying to understand, and the reason why I've been doing that for the last 10 years is because before that I met a person called Markus Sabadello. Greetings from Markus Sabodello from Vienna. He we talked before I flew here. And Markus Sabadello, uh so I met him in a very nice place in Vienna, which is the Metalab, which has nothing to do with the cooperation. It's a hack space with a very long tradition, also. So Markus was working there on something that sounded very esoteric to me, and he called it self-sovereign identity.
And I thought, hey, what is self-sovereign identity? And then he explained to me it's um a political program actually. I will tell you about the details of this political program in a minute. So basically he sort of he put a spell on me. Yeah, he showed me something that I couldn't really understand, couldn't really make make sense of, but I was kind of fascinated somehow. And I also valued him very much, and he's a very intelligent person, so I thought this this must be worth something. I call this terminology problems this slide because if you talk to people about sovereignty and identity, there are the chances are extremely high that you're being misunderstood there.
Those two terms are low dead with stuff that has nothing to do with what we're talking about here. So this is just as a warning out there. If you involve in discussions, be aware that this is really dangerous terrain. Uh the discussion on better terms is ongoing. Um, what does self-servent identity mean in a technical sense as we understand it here in in in this atproto context, it means that there is some public key infrastructure which includes uh which the pointer this common some even call it source of truth, but I would uh advise against that.
But it's a common reference point. You could even claim it's something like DNS, but there is just one domain and there and it's not about renting human readable uh expressions, but being publicly available in a public database. So it's public keys. The public key infrastructure problem is very old. I think it's around 40 years old, I think something like that. So I maybe it's not really you cannot really solve it. You can just make several evolutionary progress steps there. Uh yeah, so the idea is that you have an identifier, which there is a clear open defined method, can be resolved to a document that includes all kinds of metadata about this about this DID subject.
And this all works only if we have if you can maintain this common verifiable data registry. So I was hooked because I understood from Marcos' descriptions that if systems start to use these kinds of identity systems underneath everything, In a wider sense, the role of the identity provider is irrelevant. There is no identity provider anymore that you that you need to bag that needs to give you some permission. You can create your your founding genesis DID document yourself on your machine. Which also means you have to take care of the keys in that sense. So talk about this later.
And I was hooked back in 2016, I think was that, and 2019, I was fully emerged into the Fediverse Masterdone crowd, and I I kind of with Marcus and other colleagues, we tried to convince the community to add the IDs already in their actor profile. So this was kind of let's just add these keys in there. Maybe they're useful, maybe they're useful. This is this doesn't cost anything. Just add them in there. And because that offers, so this was the line back then that I used, it is a persistent way to identify and authenticate. So even if if your currently chosen instance operator lets you down for some reason or anything else bad happens, you don't have to worry about the persistence of your social relationships.
This is a big thing. And when I went to the first activity pub conference in 2019, there was this vibe in the room that still was like if you really care so much about the persistence of your identity, just run your own instance. Which I think is a fine position to have, but it raises still the questions. But who does not really care about their identity? I think it's basically just the trolls. Maybe even they care about their identity, I don't know. So we had this irking in the room, so this was like a like a kind of a voting situation where somebody took a picture, so this is a public picture, and we were voting on the position that we want to be open about this DID concepts, but we're still not seeing how we should integrate them.
This was 2019, and I'm now standing here in front of you seven years later, and cannot believe that this actually happened now because I think this is um yeah, this is something big. Uh first of all, I want to give credit to Jay. I think she is one of the key persons because I in 2022 I saw a talk on this Open Tech with Selfers uh series by the Matrix guys, and she was yeah, she was what's up with DIDs. I read there the the first time, I was like, okay, this is going somewhere. And okay, this is not Gandalf, this is Whitfield Diffie, but she knows history, she she understands what's going on here.
Um a little bit technical again. Self-sovereign account creation means you sign a block of a string of elements, you sign it yourself, and then you hash it, and then you truncate, and then this becomes your DID. And what the the message is you can do this on your own, and then you broadcast this more or less to the outside world and hope that the outside world remembers this in a coherent fashion. So this is really kind of radical, and I back in 2016 I could not understand which company, I I thought in company terms, which company would ever apply this because they are in a sense giving away the crown tools right from the start.
So what would be the business incentive to do that or something like that? I could not make sense of it. And now I finally understand. Okay, um there is a way because actually now it's it's uh out there. Um technical details about the document I will skip right now. What I will say is that this concept means that you by signing and hashing these things, you're adding it's it's like um meta paradigmatic rationality in some sense. You say it's the only thing we care is the signature correct and uh is the hashing uh matching. So these are mathematical functions.
There is no I would suggest there is it's hard to put some politics into them. Yeah, it's uh kind of yeah. Goes back to the to the formulation that I've heard is that uh the cypherpunks, uh movement that I observed, like many of you, I guess, and one of the slogans was uh no army or no nation state actor, even the biggest sort of the one equipped with the biggest arsenal of nuclear weapons can help you solve a math problem. So this is a big claim that we say, okay, really. If we if we add this coherence, if we add this mathematics to all our power structures, this has some consequences.
I think this is the original cypherpunk's uh motto. And here in in our project here, it means that if the if the PLC directory fundamentally changes its behavior in not doing that anymore, we all know that the project is dead in some sense, because this is the core, in my understanding, this is one of the core the core elements that make that enables uh these uh locking open methods. This is the same as if the master.social admin, which is uh the supernova in the in the in the ecosystem still, if this supernova turns off the migration or federation APIs, you know that this project or at least the group that runs this instance is politically also dead in some sense, so it does not keep the core promise anymore.
So I'm claiming that this is a political program that's now being sort of or that's now emerging in some sense, and it says we don't need identity providers anymore. Very much in line with the article one of the Universal Declaration. So I'm claiming that the toothpaste is out, you cannot put it back in anymore because now a successful project is actually using this. Marco Sabadello, who has an overview of all the SSI systems, says, to his knowledge also, this ATP proto ecosystem is the biggest the biggest emerging phenomenon that adopts this principle. And it's even if the PLC crashes and burns in one hour from now, we all understand that this idea makes sense and that we will keep working on it.
I could say a few things about uh the DID method situation. So currently PLC is the method being uh adopted and supported. There are, of course, this will never end, I think. Yeah, this is something this is an ongoing uh process where we debate about uh what are the best methods to achieve all what we want. So for example, currently there is something called S CID, um which adds to the PLC concept a format uh pre-string, which is kind of neat, but does not really change things, but this means something that you can sort of uh optionally append uh the location parameter where your DIT document history can be found.
Your verifiable DID document history can be found. So the DID methods will evolve, this is all fine and good. What's still open is someone needs to run this box, and that someone has a couple of things to decide. Um currently the the public knowledge that was given by the Bluesky project uh is the claim that the Swiss association is being founded or has been founded, I've heard they will have the flexibility to turn in themselves into all kinds of other institutions, and it's also a common understanding here that one entity running the running this thing alone is not what we want in the end.
It's a sort of starting point that we that we can jump off from, and if this kind of works, this identity system can be used by all other projects, by many other projects. So I said the directory needs to do two things. It needs to, and I will concentrate on this for the rest of my time. It needs to decide whether an operation that's being submitted is a valid one. Uh valid in the sense of does it match, does the signature match? Does this all mathematically look okay? Yeah, that's one criteria. But if that stays the only criteria, I think we can imagine what happens.
Anyone can upload anything that matches these criteria to this public database, and the public database doesn't know. Hey, is this a DDoS? Is this a spam? I don't know. So basically we're back to this Bitcoin problem. And the the common understanding is here that we want to avoid crypto economics as much as we can because we know right now. So by now we have learned a little bit what the what the consequences are. So we want to be able to devise robust ways to distinguish whether this is a legitimate in-good faith request or whether this is an attack to the system.
And the second thing that's important is it needs to serve the right history. So sometimes for some reasons there may be a not uh just a pending to a DID history but a fork of a DID history, for example, when something when some keys get compromised and the the directory could in some situations, maybe if it's an adversary that runs the directory, could serve an older or a different uh branch of a DID document history. Uh Edmund Edgar will talk about this problem as far as I understand today at 5 p.m. So check this out. Uh I will only talk about this validity question here.
Uh one skeet that I want to quote here is from July last year, where people are already looking at what kind of operation are being stored in the current directory, and there was all kinds of nonsensical stuff being uploaded there. So it turns out that the people who run this box currently have to keep situation under control and clean stuff up. And yeah, they for good reason want to get rid of this job responsibility as soon as possible. So how can we design more robust systems? And one design methodology I'm very fond of, and I think it's also the design methodology of the Bluesky project, is called adversarial design.
So you assume that you're embedded in an adversarial environment, and the question is how to survive in some sense. So the adverse there were several design means you're always asking the question what is the most efficient method to make the system less useful for key actors. You try to find and identify what would an irrational actor do to make this unusable for the key persons, and then use that input to develop defense mechanisms. And I think currently I'm trying to sort of finish this up and publish this a little bit better because it's in the works, but currently I'm my my my focus is I believe that a rational actor that's interested in making the PLC less usable and less lightweight and less easy to mirror and monitor.
So like an adversary would try to erode this transparency, and I think the the the one brute force method that always will work is that the adversary creates a situation where it's almost impossible to distinguish valid from invalid requests. So there's no way of currently any IP address from anywhere can submit this requests. There is no no metadata signal available that says okay, this may be a useful request, or this is maybe uh a spam attack or a DDoS attack. Uh yeah, this is the next graph is a little bit like fresh from my documents. It says that if if, for example, if you say this is an ordered, so like this is the volume of requests, and the the the volume here means at zero, it means that nothing indicates that they are inauthentic, everything seems fine.
This looks like normal sign-ups from normal PDSs, and then maybe there are indicators in the system that say, okay, this is definitely something illegitimate because it doesn't make sense. It's we can rule it out as something this is not valid. We know that we know that this is not valid for sure. And if you, for example, order these cases and you have this bottom in the middle, you can always say, Oh, let's put the line of valid invalid here, and then there is there should be no fuss, no fight. All the mirrors, all the witnesses would have the same understanding of valid and invalid, and we say, Yeah, sure.
This stuff definitely does not need to be stored in a public database, and this stuff definitely should. And I think an adversary will create this situation here. This is a rough modeling of the of the of the of the expectation we have that the adversary will in some sense this would be the worst case, yeah, when there when everything looks as valid or invalid as everything else, then you have no chance of deciding. And this would be something where there are there are two uh minimas. Yeah, and there then if one group of mirrors or witnesses decides okay, this is the one, and another group decides that this is the one, the the system diverges and it gets less coherent, and then you have many PLC directories that are claiming different things or having subsets of entries, and this is really bad because then you cannot really rate limit in the rest of the system anymore.
I think it's hard. It's very hard to rate limit at the relay ingestion, I think, if you don't have a clear overview of who who who is part of this and who is not. And then I think I have yeah, nine minutes left, which is plentiful. I want to keep some minutes for for question. Maybe the last few slides uh I would like to talk about the role of academic institutions because I am working now for one. And I have witnessed so many discussions about whether Activity Pub or atproto or Nostor or anything else is now the way to go.
I think this is a discussion that needs to happen as soon and as coherent as we can have it. I think institutions, uh science institutions need to come together and find a rough consensus. Because I also think they have a role they need to embody here because they are still kind of trusted. In most parts of Western society, academic institutions are not seen as kind of completely treacherous organizations or something like that. They are still they're still holding this public trust in a sense, and I think that it would be extremely cheap and extremely on brand if they invest in monitoring and witnessing PLC infrastructure.
I'm not so sure about who should do the proof of personhood at a station if we ever need one. That means you need some kind of indication that you're really a human conscious person that is not trying to sign up and not a malicious AI swarm network. So I think this proof of personhood should not be done by the oop whoops, should not be done by the university currently, but I think this should be done by the university. And for that reason, uh Torsten, who is in the room, I think maybe, and me, we we tried to start a discussion within academia about a strategic cooperation between atproto and Activity Pub, uh which is aimed for convincing or just getting to a really really broad consensus within the science community which kind of uh protocol combination and identity share shared identity system we want to use in the academic world.
So if you want to, this is the just the draft that was done in a couple of days here. Uh this leads you to the to the editable page. If you want to contribute, please leave your comments. Um we should assume that science is always under threat. Uh the current US administration is on camera saying things like we have to attack the universities. So there the mission is clear. And and a few few citations on what I think is now important to remember in this situation is that there is no such thing as post-truth. I hope we can agree on that.
A simple simple way to say why is there was never a situation of full truth. And that there never will be, so a post-truth doesn't really make sense, it's an incoherent concept. There is just a lot of uh propaganda. Yeah, and I like I like Timothy Snyder's framing of this. And and one other thing um which I'm kind of uh trying to get to the foreground again is uh most of my work was like the last 10 years was very inspired by Aaron Swartz's uh comments. And I want to bring this also again to the foreground.
I think he was really uh visionary. And um the most important message in my understanding that he had for me was that he he told me that this freedom of speech debate is actually not helping that much anymore in an environment where ubiquitous networking is the is the norm. So we have to talk about who gets heard all the time, it's not about freedoms. Um and yeah. I think there are lots of reasons to be hopeful that the current situation, the current platform situation is about to drastically change in the next few years. One data point I would like to show you at the end.
It's not about Etiproto, I'm sorry. It's about the activity pub network. So this is a timeline. So here you have time, several days. Here you have the frequency of one hashtag, and it's the hashtag of the Chaos Communication Congress in 2023. So this graph shows you a blue curve that's uh outperforming the black. Which the black is the old the old world. People are communicating in channels that are central centrally moderated, and the blue one is the communication that happens in those non-centrally moderated channels. And in the previous years at the conference, when you looked at the hashtag traffic, it was always the other way around.
It was always the other way around. And I don't I don't know when this flipped. It must be something 21, 22, 23, but now it has flipped. And those people that are that are that are in that are in these new alternative systems, they have now understood that this works. They will never go back. I I have always this fun experiment when I when I ask, can someone explain me a um a scenario where this will ever go back? So we will we will go back to autocratic systems. And I don't think there is a coherent answer.
So we will never go really back to this kind of stuff. So um a little bit over. I have three four minutes. We have just a couple minutes. Well, first of all, thank you very much for the talk. Yeah. And we have uh time for maybe just one question, Ryan. You got your hand up first, I see. I'll pass it to you. This was great. Thank you so much. Uh I have a ton of questions, but most importantly, I'm going to do something kind of unfair here, and I apologize in advance, but but I'm more interested not in what I think or what I'm asking, but Filippo, what do you think of all this?
You were gonna call you called them up before I could. Wow. You'll pay for this. Uh okay, hi. I'm uh I'm Filippo. I work on transparency infrastructure, and I guess I'm scooping a little bit, but I it's relevant context. Uh myself and uh when here are uh two of the board members of the PLC organization that uh you mentioned was uh was formed. So hi, in that context. Uh no, I I I think uh this makes sense and this is great. And uh I see a box uh uh with the with the name registry on it, and my brain thinks transparency log.
So actually um I I want to know what you think about using transparency logs, the technology of certificate transparency, the Go checks and database and so on for that uh for that uh registry. I can only say uh yes, I mean it makes so much sense. This is the next uh logical step, of course. T logs are necessary. I mean, yeah. Kind of obvious. Yes. Anyone else we can put on the spot? Anyone else want to announce any other board uh positions that they've uh recently accepted? We're good? Okay, all right. Well then let's uh clear up and get ready for our next talk.
But thank you very much, Paul, and thank you very much everyone for coming in. Thanks for having me. We got Jonathan Warner.