Death to the cookie! Long live the personal tracker! New 'Decentralised Identifiers' are going to be more useful, more portable and more private than today's customer identity mess
How do you get all those businesses to switch over from “trillions” of identifiers to DIDs? Who would pay to reengineer how every customer and employee information system is indexed?
If it’s a problem that many email addresses are owned by platforms, then I presume you want DIDs to somehow replace those addresses. That would be unimaginably disturbing to worldwide communications.
And I don’t see how DIDs allow individuals to “control” personal information flows. DIDs can’t stop others from collecting data about us and assigning identifiers to us. The social media companies’ core competence is devising ingenious ways to work out what we do. There is no DIY technological solution to that — the infomopolies will always have better tech.
There are also many use cases where we should want other parties to manage information about us, behind our backs, without needing our “control”. I’m thinking of healthcare especially; doctors, hospital staff, specialists, pathologists, radiologists etc all routinely work together across different record systems, invoking patient indexes to do so.
First, you’re absolutely right: no one is suggesting that the trillions of existing identifiers will magically switch to DIDs. This is less about replacing every index or comms protocol, and more about introducing a new layer of interoperability and control. And starting where the friction is highest… with consented, high-trust, high-value interactions.
Second, I’m not for a moment suggesting DIDs are trying to replace email. Email is a communication protocol, not just an identifier. The point is about ownership and delegation. You can have an email address and still use a DID for verifying who controls it.
Third, you’re right that DIDs alone can’t stop data collection or inference. But they do change the architecture of trust and permission. In today’s model, identity and consent are often inferred or assumed. In a DID/VC model, they’re explicit and cryptographically provable. It’s not about DIY privacy vs BigTech, it’s more about shifting the centre of gravity toward transparency, auditability, and intent.
On healthcare, agreed. But we’re seeing the shift at least: patients increasingly want access to their records, want to share them across systems, and want assurances about how their data is used. DIDs don’t prevent systems from managing data; they allow for more accountable, portable and transparent access models when that’s appropriate.
So I’m not arguing for anything like a full replacement, or being a privacy maxi that’s naive about power and complexity. Rather, I’m arguing that DIDs give us the tools to build a more balanced system, where not all identifiers are borrowed, and not all data flows are invisible.
I have questions.
How do you get all those businesses to switch over from “trillions” of identifiers to DIDs? Who would pay to reengineer how every customer and employee information system is indexed?
If it’s a problem that many email addresses are owned by platforms, then I presume you want DIDs to somehow replace those addresses. That would be unimaginably disturbing to worldwide communications.
And I don’t see how DIDs allow individuals to “control” personal information flows. DIDs can’t stop others from collecting data about us and assigning identifiers to us. The social media companies’ core competence is devising ingenious ways to work out what we do. There is no DIY technological solution to that — the infomopolies will always have better tech.
There are also many use cases where we should want other parties to manage information about us, behind our backs, without needing our “control”. I’m thinking of healthcare especially; doctors, hospital staff, specialists, pathologists, radiologists etc all routinely work together across different record systems, invoking patient indexes to do so.
Thanks Steve.
First, you’re absolutely right: no one is suggesting that the trillions of existing identifiers will magically switch to DIDs. This is less about replacing every index or comms protocol, and more about introducing a new layer of interoperability and control. And starting where the friction is highest… with consented, high-trust, high-value interactions.
Second, I’m not for a moment suggesting DIDs are trying to replace email. Email is a communication protocol, not just an identifier. The point is about ownership and delegation. You can have an email address and still use a DID for verifying who controls it.
Third, you’re right that DIDs alone can’t stop data collection or inference. But they do change the architecture of trust and permission. In today’s model, identity and consent are often inferred or assumed. In a DID/VC model, they’re explicit and cryptographically provable. It’s not about DIY privacy vs BigTech, it’s more about shifting the centre of gravity toward transparency, auditability, and intent.
On healthcare, agreed. But we’re seeing the shift at least: patients increasingly want access to their records, want to share them across systems, and want assurances about how their data is used. DIDs don’t prevent systems from managing data; they allow for more accountable, portable and transparent access models when that’s appropriate.
So I’m not arguing for anything like a full replacement, or being a privacy maxi that’s naive about power and complexity. Rather, I’m arguing that DIDs give us the tools to build a more balanced system, where not all identifiers are borrowed, and not all data flows are invisible.