braindump on some interesting problems i would want to work on. kind of vague but just want to mention some stuff that seems fun
drived identities
Identity on the internet seems like a fragile chain of assumptions:
- I have a phone number
- I create a google account using my phone number (my phone number tethers me to reality β i am a real person because i have a phone number)
- I use my new gmail to log into twitter. now twitter knows who i am
But if i lose my phone number, or get sim-swapped, or my google account gets locked, i’m locked out of things downstream from those identities. i’m dependent on companies to prove i am who i say i am. is this not weird?
of course you can use passwords to solve the “inability to login if google account is shut down”, but people forget them, reuse them, choose weak ones, get phished, etc. usernames & passwords seem better as an identity system though.
There’s also a data-sharing identity. I’m sure it’s illegal, but companies could cross-reference identities to create a larger scope of what information they have on people. If i tweet about throwing a party, Airbnb might know about it since they can connect my Twitter account to me (via email, etc). If i search something on Google, Facebook might know and send me certain ads.
how it might work?
ββββββββββ βββββββββ
βderived βΌβββΊβserviceβ
ββββββββββ¬ββββΊβidentityβ βββββββββ
βprivate β ββββββββββ
βidentityβ ββββββββββ βββββββββ
ββββββββββ΄ββββΊβderived βΌβββΊβserviceβ
βidentityβ βββββββββ
ββββββββββ
Instead, i imagine a single private key that serves as the root of my identity. With it, i can generate multiple external identities β unique keys for Facebook, Twitter, Airbnb, etc. When onboarding on one of these services, instead of asking for an email and password, they send me an encrypted challenge that only my private key can decrypt. Maybe a OTP or something. They never see my root identity but a derived one. If any service gets compromised, the rest are unaffected.
You should still share identities though! Maybe there’s an identity that’s like hozier-music-links that’s used across services like Apple Music, Spotify, Twitter, etc. If somebody has access to this derived identity, they should still be able to see where this identity is used elsewhere. Just traversing a tree & all cryptographically verified.
it would also be really cool if we could change private identities without affecting the derived identities. i’m not into crypto, but i wonder if we could learn something from NFTs? something like a token that says “this is emily’s facebook”. if i wanted to change identities, i could send the pseudo-NFT to my new account.
internet as a pubsub
It feels stupid that Alice and i can both be connected to the internet, but i can’t (easily) send her something. Usually we use a third-party service: Facebook, Discord, WhatAapp, etc. Not only does this intuitively feel weird – i ask somebody to tell her something rather telling her myself – but:
- We’re dependent on the service’s uptime. It doesn’t matter if there’s a topological connection on a network level, we might just not be able to talk to eachother if that’s our interface we use
- The third party has access to whatever we talk about. That doesn’t seem great! It’s not like having a wiretap, the “listening in” is a necessary condition for the serviice
real world examples
A friend wanted to send ~500GB to someone in Europe. We could pay for Dropbox or some cloud provider, but we didn’t really want to do that. I thought torrenting was the most obvious way, but it wasn’t easy to get 2 people who aren’t technically oriented to set it up to work correctly.
I also wanted to send a friend something time-sensitive, but the main application we use was down.
how it might work
βββββββββ messages βββββββββ
β Me ββββββββββββββββββββββββββββββββββββΊβ Alice β
βββββ¬ββββ βββββ¬ββββ
β β
β β
βββββΌβββββββββββββββ ββββββββββββββββΌββββ
β chat.message β β chat.message β
β calendar.invite β β calendar.invite β
β file.transfer β β file.transfer β
ββββββββββββββββββββ ββββββββββββββββββββ
β β
β β
βββββΌβββββββββββββββ βββββββββββββββΌββββ
β Local Apps: β β Local Apps: β
β β’ Messaging UI β β β’ Messaging UI β
β β’ Calendar App β β β’ Calendar App β
β β’ File Sharer β β β’ File Sharer β
ββββββββββββββββββββ βββββββββββββββββββ
I imagine a pub/sub approach, maybe on the OS level, where we can just send messages to others online. Lightweight apps can request an OS level permission to read a particular kind of message. If Alice sends me a message on WhatsApp, her computer publishes it to mine and the WhatsApp application can consume it to display it in the UI. Storage and security are local.
This also means if the service becomes shut down, we can still use it since it’s just an interface to this infrastructure. It decouples application and data
It would also be cool if messages had a type. Maybe something like calendar.invite, chat.message that alternative clients can build off of or comes with pre-installed applications that use it.
event-driven agents
blah blah, ai is cool. Right now, if you wanted an AI to call all the services you use, it would be a mess of unique APIs. You could use MCP, but even then things don’t just work out-of-the-box and not non-engineer friendly. I imagine in this world, an AI could just subscribe to all the messages you want it to read and it just works, since applications are interfaces to data you have, rather than silo’d data.
It would be cool to build generic agents like:
- if my airline updates the flight, update the itenerary
- if i get a message that seems time-sensitive, text me & forward this to at home’s group chat.
Again I’m sure this is possible now, it’s just fragmented. It would be nice having these system-native with clean abstractions and real generality.
other misc stuff
- if apps no longer need complex system designs to handle storage, they become radically simpler. Less infra & engineers -> maybe less ads because there’s less cost?
- companies can still choose to store things themselves as they do now! they could monitize it. maybe there are message persistent companies where you forward messages to them after encryption. When you’re on a new computer, you can request messages to be replayed and then decrypted?
- services can shift focus from building complex platforms to building useful interfaces, algorithms, and so on. software becomes more composable
- If a service ever gets shut down, that doesn’t mean users have to move off of it! Reuse the same UI, or build a new UI on the same message schema.
- I wonder if spam would get worse or better with pubsubs & cryptographic identities. On one side, using derived identities makes identities “free”. We also probably don’t want to block all unknown identities. I wonder if there could be an interesting reputation service. Webs of trust, proof-of-work for unknown senders (like a captcha for new messages). I’m not sure how this would work
- i wonder if we can add micropayments here?
- idk what to do if someone forgets their private key, or if it gets stolen. this doesn’t solve the tether-to-real-person problem
- not sure what to do with the “celebrity problem” i.e. one person has to send messages to a ton of people
where it doesnt work
- Discovery systems. platforms like Youtube aren’t just delivery systems, but discovery ones. I think discovery requires global context rather than a local one, so it might require a server for some centralized indexing, ranking, recommendation algorithms, etc.
- Discovering others. i wouldn’t know how to get Alice’s unique identity to communicate with her. ip addresses don’t seem like the right solution. unsure!
- Probably more but i’m blanking