Paul Fuxjäger 3:24 Good morning, everybody. 3:26 I don't know, I've introduced myself like 100 times, like every session, but I gotta do it just in case there's somebody who doesn't know. 3:33 So I'm Chad Kohalek, I'm from Protocols for Publishers, and we've been running sort of a media civics track in this room. 3:42 We've been talking about journalism, we've been talking about sovereignty, national policy in the EU yesterday, all sorts of different things. 3:50 And next up, we've got a speaker here who's gonna be talking about self-sovereign identities, which is some pretty exciting stuff. 3:55 Bringing it to the masses. 3:57 I'm not going to spend too much time. 3:59 I'm going to turn it over to him. 4:00 And we'll have time for questions near the end of the presentation. 4:05 So write it down. 4:07 Thanks to everybody on stream. 4:09 And turn it over to Paul. Speaker B 4:15 Yo! 4:29 So, does it work right now? 4:31 Okay. 4:31 Hi everyone, my name is Paul. 4:32 I'm from Vienna. 4:33 Thanks for showing up to this very nerdy topic. 4:36 I hope I can contribute something. 4:41 So based in Vienna, normally I don't fly long haul at all. 4:45 So this, I came here for this very specific reason to to tell you about this because it's really close to my heart. 4:51 I call myself a digital human rights activist. 4:55 Yeah. 4:57 Employed as a researcher at the university currently. 5:02 I have a background in wireless mesh networking. 5:05 The movement I'm involved with is called Battle Mesh. 5:09 It's a weird title, has nothing to do with weapons or war or anything. 5:15 It's a scientific competition. 5:18 If you're interested, I can tell you about it later. 5:20 It's a long tradition, like 10 years right now. 5:23 Yeah, and since roughly 10 years, I'm in the field of advocating for alternative media ecosystems like the Fediverse, like the Atmosphere. 5:36 And my perspective is from a person who has been lurking for 10+ years in forums where people talk about internet identity. 5:48 So the Internet Identity Workshop, the Rebooting Web of Trust community, and several groups at the W3C. 5:55 So I have been reading and trying to understand, and the reason why I've been doing that for the last 10 years is because before that I met a person called Markus Sabadello. 6:06 Greetings from Markus Sabadello from Vienna. 6:08 He— we talked before I flew here. 6:11 And Markus Sabadello, so I met him in a very nice place in Vienna, which is the Metalab, which has nothing to do with the corporation. 6:21 It's a hack space with a very long tradition also. 6:24 So Markus was working there on something that sounded very esoteric to me, and he called it self-sovereign identity. 6:30 And I thought, hey, what is self-sovereign identity? 6:34 And then he explained to me It's a political program, actually. 6:45 I will tell you about the details of this political program in a minute. 6:51 So basically, he sort of put a spell on me. 6:55 He showed me something that I couldn't really understand, couldn't really make sense of, but I was kind of fascinated somehow. 7:02 And I also valued him very much, and he's a very intelligent person, so I thought this must be worth something. 7:10 I call this terminology problems, this slide, because if you talk to people about sovereignty and identity, the chances are extremely high that you're being misunderstood there. 7:21 Those two terms are loaded with stuff that has nothing to do with what we're talking about here. 7:27 So this is just as a warning out there. 7:30 If you're involved in discussions, be aware that this is really dangerous terrain. 7:38 The discussion on better terms is ongoing. 7:44 Okay, what does self-serving identity mean in a technical sense as we understand it here in this ATproto context? 7:51 It means that there is some public key infrastructure which includes, which the pointer, this common, some even call it source of truth, but I would advise against that, but it's a common reference point. 8:12 You could even claim it's something like DNS, but there is just one domain and it's not about renting human-readable expressions, but being publicly available in a public database. 8:31 So it's public keys. 8:33 The public key infrastructure problem is very old. 8:35 I think it's around 40 years old, I think something like that. 8:38 So maybe it's not really, you cannot really solve it. 8:43 You can just make several evolutionary progress steps there. 8:49 Yeah, so the idea is that you have an identifier which there is a clear open defined method can be resolved to a document that includes all kinds of metadata about this, about this DID subject. 9:05 And this all works only if we have, if you can maintain this common verifiable data registry. 9:11 So I was hooked because I understood from Marco's descriptions that if systems start to use these kinds of identity systems underneath everything, in a wider sense, the role of the identity provider is irrelevant. 9:32 There is no identity provider anymore that you need to beg, that needs to to give you some permission. 9:38 You can create your founding genesis DID document yourself on your machine. 9:46 Which also means you have to take care of the keys in that sense. 9:51 So talk about this later. 9:53 And I was hooked back in 2016, I think was that, and 2019 I was fully immersed into the Fediverse Mastodon crowd and I kind of With Markus and other colleagues, we tried to convince the community to add the IDs already in their actor profile. 10:12 So this was kind of, let's just add these keys in there. 10:15 Maybe they're useful. 10:16 Maybe they're useful. 10:16 This doesn't cost anything. 10:18 Just add them in there. 10:20 And because that offers, so this was the line back then that I used, it is a persistent way to identify and authenticate. 10:28 So even if you're currently chosen instance operator, lets you down for some reason or anything else bad happens, you don't have to worry about the persistence of your social relationships. 10:39 This is a big thing. 10:41 And when I went to the first ActivityPub conference in 2019, there was this vibe in the room that still was like, if you really care so much about the persistence of your identity, just run your own instance. 10:56 Which I think is a fine position to have, but it raises still the questions. 10:59 But Who does not really care about their identity? 11:04 I think it's basically just the trolls. 11:07 Maybe even they care about their identity, I don't know. 11:10 So we had this irking in the room, so this was like a kind of a voting situation where somebody took a picture, so this is a public picture, and we were voting on the position that we wanna be open about these DID concepts, but we're still not seeing how how we should integrate them. 11:29 This was 2019, and I'm now standing here in front of you 7 years later and cannot believe that this actually happened now, because I think this is something big. 11:47 First of all, I want to give credit to Jay. 11:48 I think she is one of the key persons because I, in 2022, I saw a talk on this OpenTech with Selfus series by the Matrix guys and she was, yeah, she was, what's up with DIDs? 12:04 I read there the first time I was like, okay, this is going somewhere. 12:08 And okay, this is not Gandalf, this is Whitfield Diffie, but she knows history. 12:12 She understands what's going on here. 12:17 So a little bit technical again, self-sovereign account creation means You sign a block of a string of elements, you sign it yourself and then you hash it and then you truncate it and then this becomes your DID. 12:32 And what the message is, you can do this on your own and then you broadcast this more or less to the outside world and hope that the outside world remembers this in a coherent fashion. 12:43 So this is really kind of radical and I, back in 2016, I could not understand which company, I thought in company terms, which company would ever apply this because they're in a sense giving away the crown jewels right from the start. 12:58 So what would be the business incentive to do that or something like, I could not make sense of it. 13:03 And now I finally understand, okay, there is a way because actually now it's out there. 13:14 Technical details about the document I will skip right now. 13:18 What I will say is that this concept means that you, by signing and hashing these things, you are adding, it's like a meta-paradigmatic rationality in some sense. 13:32 You say, it's the only thing we care, is the signature correct and is the hashing correct? 13:42 Matching. 13:42 So these are mathematical functions. 13:46 I would suggest it's hard to put some politics into them. 13:49 It's kind of, yeah. 13:54 It goes back to the formulation that I've heard is that the cypherpunks, a movement that I observed like many of you, I guess. 14:03 And one of the slogans was no army or no nation-state actor, even the biggest sort of the one equipped with the biggest arsenal of nuclear weapons, can help you solve a math problem. 14:19 So this is a big claim that you say, okay, really? 14:23 If we add this coherence, if we add this mathematics to all our power structures, this has some consequences. 14:29 I think this is the original cypherpunk's motto. 14:34 And here in our project here, it means that if the PLC directory fundamentally changes its behavior in not doing that anymore, we all know that the project is dead in some sense because this is the core, in my understanding, this is one of the core elements that enables these locking open methods. 14:59 This is the same as if the mastodon.social admin, which is the supernova in the ecosystem still, if this supernova turns off the migration or federation APIs, you know that this project, or at least the group that runs this instance, is politically also dead in some sense. 15:16 So it does not keep the core promise anymore. 15:18 So I'm claiming that this is a political program that's now being sort of, or it's now emerging in some sense, And it says we don't need identity providers anymore. 15:30 Very much in line with Article 1 of the Universal Declaration. 15:35 So I'm claiming that the toothpaste is out. 15:37 You cannot put it back in anymore because now a successful project is actually using this. 15:41 Marco Sabadello, who has an overview of all the SSI systems, says to his knowledge also this ATproto ecosystem is the biggest emerging phenomenon that adopts this principle. 15:53 And it's even if the PLC crashes and burns in 1 hour from now, we all understand that this idea makes sense and that we will keep working on it. 16:04 I could say a few things about the DRD method situations. 16:10 And currently PLC is the method being adopted and supported. 16:16 There are, of course, this will never end, I think. 16:18 Yeah, this is something. 16:21 This is an ongoing process where we debate about what are the best methods to achieve all what we want. 16:29 For example, currently there is something called SCID, which adds to the PLC concept a format, a pre-string, which is kind of neat but does not really change things. 16:43 But this means something that you can sort of optionally append the location parameter where your DID document history can be found, your verifiable DID document history can be found. 16:56 So the DID methods will evolve, this is all fine and good. 17:00 What's still open is someone needs to run this box and that someone has a couple of things to decide. 17:14 Currently, the public knowledge that was given by the Blue Sky Project is the claim that the Swiss Association is being founded or has been founded, I've heard. 17:26 They will have the flexibility to turn themselves into all kinds of other institutions. 17:32 And it's also a common understanding here that one entity running the Running this thing alone is not what we want in the end. 17:43 It's a sort of starting point that we can jump off from. 17:47 And if this kind of works, this identity system can be used by all other projects, by many other projects. 17:57 So I said the directory needs to do two things. 18:03 It needs to And I will concentrate on this for the rest of my time. 18:11 It needs to decide whether an operation that's being submitted is a valid one. 18:18 Valid in the sense of, does it match, does the signature match, does this all mathematically look okay? 18:29 Yeah, that's one criteria. 18:32 But if that stays the only criteria, I think we can imagine what happens. 18:40 Anyone can upload anything that matches these criteria to this public database, and the public database doesn't know, hey, is this a DDoS? 18:48 Is this a spammer? 18:49 I don't know. 18:50 So basically we're back to this Bitcoin problem, and the common understanding is here that we want to avoid crypto economics as much as we can. 18:59 Because we know right now, so by now we have learned a little bit what the consequences are. 19:06 So we want to be able to devise robust ways to distinguish whether this is a legitimate, in good faith request or whether this is an attack to the system. 19:26 And the second thing that's important is it needs to serve the right history. 19:32 So sometimes for some reasons there may be a, not just appending to a Git history, but a fork of a Git history. 19:40 For example, when some keys get compromised and the directory could in some situations, maybe if it's an adversary, that runs the directory could serve an older or different branch of a deep document history. 19:59 Edmund Edgar will talk about this problem as far as I understand today at 5 PM. 20:05 So check this out. 20:07 I will only talk about this validity question here. 20:10 One skit that I wanna quote here is from July last year where people are already looking at what kind of operations are being stored in the current directory, and there was all kinds of nonsensical stuff being uploaded there. 20:28 So it turns out that the people who run this box currently have to, yeah, keep situation under control and clean stuff up. 20:40 And yeah, they, for good reason, wanna get rid of this job. 20:45 Responsibility as soon as possible. 20:49 So how can we design more robust systems? 20:56 And one design methodology I'm very fond of, and I think it's also the design methodology of the Blue Sky Project, is called adversarial design. 21:05 So you assume that you're embedded in an adversarial environment and the question is how to survive in some sense. 21:13 So the adversarial design means you're always asking the question, what is the most efficient method to make the system less useful for key actors? 21:21 You try to find and identify what would an irrational actor do to make this unusable for the key persons, and then use that input to develop defense mechanisms. 21:35 And I think Currently I'm trying to sort of finish this up and publish this a little bit better because it's in the works. 21:43 But currently my main focus is I believe that a rational actor that's interested in making the PLC less usable and less lightweight and less easy to mirror and monitor. 22:00 So like an adversary would try to erode this transparency. 22:05 And I think the one brute force method that always will work is that the adversary creates a situation where it's almost impossible to distinguish valid from invalid requests. 22:22 So there's no way of— currently any IP address from anywhere can submit this request. 22:27 There is no metadata signal available that says, okay, this may be a useful request or this is maybe a spam attack or a DDoS attack. 22:41 Yeah, this is, the next graph is a little bit, it's like fresh from my documents. 22:46 It says that if, for example, if you say this is, an ordered, so like this is the volume of requests and the volume here means at zero, it means that nothing indicates that they are inauthentic. 23:04 Everything seems fine. 23:05 This looks like normal signups from normal PDSs. 23:08 And then maybe there are indicators in the system that say, okay, this is definitely something illegitimate because it doesn't make sense. 23:15 We can rule it out as something, this is not valid. 23:19 We know that this is not valid for sure. 23:21 And if you, for example, order these cases and you have this bottom in the middle, you can always say, oh, let's put the line of valid, invalid here. 23:29 And then there should be no fuss, no fight. 23:32 All the mirrors, all the witnesses would have the same understanding of valid and invalid. 23:36 And we say, yeah, sure, this stuff definitely does not need to be stored in a public database. 23:41 And this stuff definitely should. 23:44 And I think an adversary will create this situation here. 23:48 This is a rough modeling of the expectation we have that the adversary will, in some sense, this would be the worst case. 23:57 When everything looks as valid or invalid as everything else, then you have no chance of deciding. 24:03 And this would be something where there are two minimas. 24:08 Then if one group of mirrors or witnesses decides, okay, this is the one, and another group decides that this is the one, the system diverges and gets less coherent. 24:18 And then you have many PLC directories that are claiming different things or having subsets of entries. 24:25 And this is really bad because then you cannot really rate limit in the rest of the system anymore. 24:31 I think it's hard. 24:33 It's very hard to rate limit at the relay ingestion, I think, if you don't have a clear overview of who is part of this and who is not. 24:43 And then I think I have, yeah, 9 minutes left, which is plentiful. 24:49 I want to keep some minutes for questions. 24:52 Maybe the last few slides, I would like to talk about the role of academic institutions because I am working now for one, and I have witnessed so many discussions about whether ActivityPub or ATproto or Nostr or anything else is now the way to go. 25:07 I think this is a discussion that needs to happen as soon and as coherent as we can have it. 25:13 I think institutions, science institutions, need to come together and find a rough consensus. 25:23 Because I also think they have a role they need to embody here. 25:28 Because they are still kind of trusted in most parts of Western society. 25:32 Academic institutions are not seen as kind of completely treacherous organizations or something like that. 25:38 They are still holding this public trust in a sense. 25:41 And I think it would be extremely cheap and extremely on-brand if they invest in monitoring and witnessing PLC infrastructure. 25:52 I'm not so sure about who should do the proof of person at that station if we ever need one. 25:58 That means you need some kind of indication that you're really a human conscious person that is not trying to sign up and not a malicious AI swarm network. 26:10 So I think this proof of personhood should not be done by the— oops— should not be done by the university currently, but I think this should be done by the university. 26:20 And for that reason, Torsten, who is in the room, I think maybe, and me, we tried to start a discussion within academia about a strategic cooperation between AT PROTO and ActivityPub. 26:34 Which is aimed for convincing or just getting to a really, really broad consensus within the science community which kind of protocol combination and identity, shared identity system we wanna use in the academic world. 26:51 So if you wanna, this is just the draft that was done in a couple of days here. 26:57 This leads you to the editable page. 26:59 If you want to contribute, please leave your comments. 27:05 We should assume that science is always under threat. 27:08 The current US administration is on camera saying things like, "We have to attack the universities." So, the mission is clear. 27:17 And a few citations on what I think is now important to remember in this situation is that there is no such thing as post-truth. 27:28 I hope we can agree on that. 27:33 A simple way to say why is there was never a situation of full truth and there never will be. 27:39 So post-truth doesn't really make sense. 27:41 It's an incoherent concept. 27:43 There is just lots of propaganda. 27:49 Yeah, and I like Timothy Snyder's framing of this. 27:52 And one other thing. 27:55 Which I'm kind of trying to get to the foreground again is most of my work was like the last 10 years are very inspired by Aaron Swartz's comments. 28:10 And I want to bring this also again to the foreground. 28:12 I think he was really visionary and The most important message, in my understanding, that he had for me was that he told me that this freedom of speech debate is actually not helping that much anymore in an environment where ubiquitous networking is the norm. 28:35 So we have to talk about who gets heard all the time. 28:37 It's not about freedoms. 28:41 And yeah, I think there are Lots of reasons to be hopeful that the current situation, the current platform situation is about to drastically change in the next few years. 28:58 One data point I would like to show you at the end is not about etproto, I'm sorry, it's about the ActivityPub network. 29:07 So this is a timeline. 29:10 So here you have time. 29:12 Several days. 29:13 Here you have the frequency of one hashtag, and it's the hashtag of the Chaos Communication Congress in 2023. 29:23 So this graph shows you a blue curve that's outperforming the black, which the black is the old, the old world. 29:35 People are communicating in channels that are centrally moderated, and the blue one is the communication that happens in those non-centrally moderated channels. 29:47 And in the previous years at the conference, when you looked at the hashtag traffic, it was always the other way around. 29:51 It was always the other way around. 29:55 And I don't know when this flipped. 29:57 It must be something '21, '22, '23, but now it has flipped. 30:02 And those people that are in these new alternative systems, they have now understood that this works. 30:10 They will never go back. 30:12 I have always this fun experiment when I ask, can someone explain me a scenario where this will ever go back? 30:23 So we will go back to autocratic systems, and I don't think there is a coherent answer. 30:29 So we will never go really back to this kind of stuff. 30:32 So I'm a little bit over. 30:34 I have 3, 4 minutes. Paul Fuxjäger 30:36 We have just a couple minutes. 30:38 Well, first of all, thank you very much for the talk. Speaker B 30:39 Yeah. Paul Fuxjäger 30:44 And we have time for maybe just one question. 30:47 Ryan, you got your hand up first, I see. 30:49 I'll pass it to you. Speaker C 30:54 This was great. Speaker B 30:54 Thank you so much. 30:56 I have a ton of questions, but Most importantly, I'm going to do something kind of unfair here, and I apologize in advance, but I'm more interested not in what I think or what I'm asking, but Filippo, what do you think of all this? Paul Fuxjäger 31:09 You called him up before I could. Speaker C 31:17 You'll pay for this. 31:19 Okay, hi, I'm Filippo. 31:22 I work on transparency infrastructure, and I guess I'm scooping a little bit, but it's relevant context. 31:28 Myself and Wendy here are two of the board members of the PLC organization that you mentioned was formed. 31:35 So, hi, in that context. 31:38 No, I think this makes sense and this is great. 31:40 And I see a box with the name registry on it and my brain thinks transparency log. 31:47 So, actually, I want to know what you think about using transparency logs, the technology of certificate transparency, the Go checks on database and so on. 31:56 For that, uh, for that registry. Speaker B 32:00 I can only say yes. 32:02 I mean, this makes so much sense. 32:03 This is the next logical step. 32:05 Of course, T-Logs are necessary. 32:09 I mean, yeah, kind of obvious. 32:13 Yes. Paul Fuxjäger 32:14 Anybody else we can put on the spot? 32:16 Anybody else want to announce any other board positions that they've recently accepted? 32:22 We're good? Speaker C 32:23 Okay. Paul Fuxjäger 32:24 All right, well then let's clear up and get ready for our next talk. 32:26 But thank you very much, Paul, and thank you very much everyone for coming in. Speaker B 32:31 Thanks for having me. Paul Fuxjäger 32:34 We got Jonathan Worden with BlueNote setting up next, so stick around for that.