Microsoft would like to loosen its grip on your login. The company’s credentials are used all around the internet, especially by companies and developers who use its cloud service, Azure. But on Monday, the company unveiled a project that, using the technology that underpins bitcoin, would give you control of your own credentials, independent of any company. The question is whether you’ll want to take on the responsibility.
For blockchain enthusiasts, digital identity is one of the most tantalizing, but thus far unrealized, potential uses for the technology. The idea involves designing portable credentials that would work a bit like Facebook Connect, allowing seamless access to all sorts of applications. But instead of Facebook or Microsoft holding the keys, you would. Proponents argue that would be a boon for privacy, because no one could follow your activity around the internet. They also say it would help curb major leaks and hacks, since large pools of user data would be less likely to be stored in one place. Eventually, more complex and sensitive forms of data, from insurance cards to passports, could perhaps be stored in a decentralized digital form.
That’s a long way off, given the balkanized state of crypto—and the internet at large. For a digital ID to work everywhere online, it needs buy-in from all the places that currently covet your login. Ideally, it would work across different blockchains, so competing ID systems don’t arise. So Microsoft, which last year laid out a vision for a “self-sovereign digital identity” that could potentially scale to billions of users, is working with partners. The company is developing open source protocols and standards with the World Wide Web Consortium and the Decentralized Identity Foundation, whose members include Aetna, IBM, and Mastercard. Facebook, which is exploring blockchain technology and whose CEO has mused about a digital identity concept, is notably not a member.
Microsoft’s choice of bitcoin is curious. Bitcoin is notoriously slow, which has been a barrier to using it for much more than speculation. Microsoft plans to get around the limitations with a so-called “layer-two” solution that stores and accesses your data away from the blockchain, using InterPlanetary File System (IPFS). Microsoft says its solution, dubbed ION, can potentially scale to allow tens of thousands of operations per second. (Bitcoin itself can handle fewer than 10.)
Ari Juels, a professor at Cornell and former chief scientist at RSA, says Microsoft’s use of bitcoin is surprising—and welcome. “A well-established player like Microsoft embracing an anti-establishment technology is certainly a big deal,” he says. At this early stage, Microsoft could have been expected to use a “permissioned” blockchain, like the ones run by JP Morgan and IBM. They offer fewer technical challenges but ultimately are controlled by centralized institutions. Instead, Microsoft is tackling the challenges of making a truly decentralized solution for a large number of users.
There’s still a long way to go to design a system that’s truly private and smooth enough to avoid irking ordinary internet users, Juels adds. His group at Cornell is working on some problems, such as issuing credentials in a way that preserves privacy, and how people will take care of their security keys—the “Achilles heel” of any decentralized system, he says. (WIRED knows that better than most.) There are questions, too, about whether the current protocols can be trusted as a safe home for user data. While bitcoin’s blockchain is generally regarded as a solid bet, having run continuously for more than a decade, a less-proven system like IPFS could mean people will want to back their data up elsewhere.
Those challenges make it hard to imagine widespread adoption anytime soon, Juels says. For all the talk of how much we value privacy, most people will quickly trade it for more convenience, opting for a centralized system that removes the headaches. But with a player like Microsoft starting to make some progress, he says, a few brave souls might just embrace decentralization.