Current digital identity systems are fundamentally flawed because they use personal identifiers (name, address, social security number) as authenticators, which cannot be rotated like passwords and are already massively compromised. Biometric identifiers (faces, fingerprints) are even more problematic as they cannot be changed once compromised. The solution lies in cryptography-based, self-sovereign identity using open standards like verifiable credentials and zero knowledge proofs, which allow selective disclosure of attributes without revealing full personal information. This approach preserves privacy, enables individual control, and prevents the centralized surveillance systems that could lead to authoritarian control. The window for implementing these solutions is closing rapidly as AI-driven fraud and age verification requirements accelerate the adoption of centralized digital ID systems.
The Digital ID Trap Is Closing Faster Than You Think (your version, lock as-is)Hinzugefügt:
In the next hour of this conversation, at least 3,000 Americans will be victims of identity through no fault of their own. Something is happening to them because of our approach. We're effectively using our identifiers as our authenticators. And this is a fundamentally flawed model. It's based on the assumption that that information is a secret. You can't rotate your face.
You can't rotate your fingerprint. We should presume that information is going to be compromised. Whatever the rights and norms are in the physical space around identification, we should look to preserve and fight for those in a digital context. the choices made in the next year or two will lock in the architecture for a generation.
>> Sup freaks, before we get into the show, I just want to send a heartfelt thank you. Thank you for joining us and ask for one quick thing. Could you like this episode, subscribe to the channel, and if you like the conversation, join us in the comment section. Gerald Glickman, welcome to the show, sir.
>> Thank you. Great to be here.
freaks for uh for context of how Gerald and I met. We met outside of the TFTC and Pubkey Bus in Miami. What was that?
Four years ago, five years ago now at this point.
>> Yeah.
>> At the time, you were working in the banking sector helping uh correct me if I'm wrong, if you're comfortable me saying this. If not, we can cut it out. But uh helping cannabis businesses get uh get bank uh bank accounts and navigating the regulatory landscape that that comes with running a an uh a business that is perceived to be uncouthed by by the government. Uh and so you were on the ground there.
Correct.
>> Yeah. And and went there because they had a they had a crypto banking portfolio that I wanted to support. Uh the bank was called MVB Bank. They're still called MBB Bank, but yeah, was there in a fraud and identity risk management kind of oversight role. So, you know, you're there was a lot of We also did uh gambling, you know, FanDuel and DraftKings. Um, so all the all the things that maybe big banks didn't want to touch. MVB was was all about it.
>> Yeah. And so that that's your background, but why we're here to talk today is digital identity. This is something that you've been passionate about. we've talked about for many years behind the scene and I think we should just jump right into it. I think when most people hear digital identity their eyes glaze over but you argue that we're at an inflection point in your mind what broke that made this whole conversation about digital identity urgent and what misconceptions do Bitcoiners have around it?
>> Um what broke? Well, um, start there.
Yeah, I mean, I think the the model for digital identity broadly, um, in the United States has been breaking for a few decades. Um certainly you the step change in in AI and LLM generative content um has accelerated that to the point where you know fraud and identity risk managers uh you know the halflife of new controls that they're putting into production is just in a nose dive. Um but but fundamentally the the paradigm um is is broken in and of itself like the security model of how we do identity which is um you know we're we're effectively using uh our identifiers right like our name address social security number these types of things as our authenticators.
um basically using that information and possession of that presentation of that information to prove that we are ourselves or in a lot of cases somebody else. Um and this is a fundamentally flawed model. It's it's based on the assumption that um that information is a secret. Maybe at one point it was a secret. Hasn't been secret for years like decades, right? Everybody knows their private information is massively compromised. You would think that that would mean that we have to change the way that we do identity verification. Um I think you'd be right, but we haven't done it. So um over the years I' I've seen more and more, you know, fraud risk managers in the business um you know, these are not bad people. They're trying to uh protect uh the corporations that they work for and their clients uh from from fraudsters. But the way that they've been uh trying to keep that edge and maintain their performance, you know, in these probabilistic systems is to consume more and more aggregated information, including biometrics. Um and I've been particularly alarmed at that. That's the type of thing that um you don't get back. You know, you can't you can't rotate your face. You can't rotate your fingerprint. um we should presume that information is going to be compromised like all other secret information that we trust centralized third parties to protect. Um and once that information is compromised and already has been, you're not getting out of that hole and you have you have no other trigger to pull. So um yeah, I think the the model has been breaking.
Um, Bitcoiners and and many other people all around the world uh have significant concerns about the proliferation of digital identity. Um, no one can argue that it's a significant vector for authoritarian control. Um, this isn't a hypothesis. We can just look around the world and and see this. Um and you know for me um I've historically been you know working in financial services and uh been on the inside. I've also worked at I you know led the fraud team at one of the largest verification companies during the height of COVID as well. also I have the public sector kind of experience as well and and uh you know we we want to make sure that uh as practitioners in the space we have a sense of the work that we're doing and how it's connected to the root problem and and the systems that we're operating in and and I fear that most people don't um and uh yeah as as these things accelerate globally I mean even the United States many states are rolling out digital driver's licenses um I feel, you know, as though it's really, really important for everybody to understand how these things work, how they don't work, um, and what other tools, technologies, approaches, and policies are out there that we should consider, um, refine and advocate for.
>> Yeah. And I guess going from there, it seems that the power structure, whether for nefarious reasons or legitimate reasons, has identified that the system is broken. it cannot persist in its current form. And we need to transition to a new way of verifying individuals, particularly in the digital world, verifying that individuals are who they claim to be in the digital world. And there's a plethora of solutions that have been brought to market. E- Verify obviously Worldcoin and the orb and the preconditions of a digitalized D system that leverage leverages some form of blockchain technology or some government database that consolidates it. And so I think with that context like what in your mind are the proposed solutions today? What do they maybe get right and what do they get terribly wrong?
>> Yeah. So let's let's start with kind of both ends of the spectrum. Um one is pure knowledge based identification and verification fundamentally broken right like we cannot use these systems anymore. Uh everyone's information is massively compromised. Um I I've written and said before that that that security model is is effectively using your address to your home as the key to your front door. Right? like no one would do that. Uh but that's effectively what we're doing. We're using now public information that was once secret as a means of authenticating ourselves. We cannot do it. It doesn't work. Um and in many you know not even high assurance but even like medium assurance use cases like practitioners kind of have moved away from that but you still see that for low assurance verification use cases in the public sector is bad. Um the other end of the spectrum I would say is full on biometrics like the worldcoin piece that you mentioned of like using your uh identifiers uh you know your your biometrics uh as authenticators as as well. Um and um it's again you you can't get that back, right? Like you're handing that over to a private corporation. They might make claims about oh we delete it. I don't know. I may I don't I don't know why anybody should believe that. Um but it's it's just not a great idea. Um the the things that I advocate for um are largely around open standards. These are not my ideas, by the way. These are other people's ideas. they've done the work. I've just kind of discovered them as a practitioner um looking for better answers. Um and the approach there is to really, you know, use cryptography the to secure um the access stations that we make the same way that we secure the rest of digital life, right? Um with with private keys and and public keys.
Um and this fully satisfies what I call like authorship fraud, right? So basically, how do I know that the attestation that Marty made actually made it? Well, like I can grab his his public key. I can verify the digital signature. And now I'm not relying on probabilistic inference of like taking a picture of a driver's license. Like I'm using cryptography and math uh to to provably know that um you authored this attestation. So um that doesn't mean I should trust it, right? of course like it's just something that you said and I can prove that you said it or wrote the message and signed it that that doesn't mean that like I should rely on the message. So that's like a a whole other thing in terms of like trust frameworks and credentials and things like that.
But broadly my advocacy is around uh open standards um and frameworks that are and policies that are going to empower people to be able to control their identities. The the biggest thing for me, Marty, being a practitioner in the space is and and again knowing how it works in the private sector and the public sector is just seeing the results, right? Like in the next hour of this conversation, at least 3,000 Americans will be victims of identity theft.
>> It's just unacceptable. Like we're just doing it, right? It's like through no fault of their own, >> there's this there something is happening to them because of of our approach that is going to have a massive negative impact on their life. It's just unacceptable as somebody in the space.
So yeah, I'm I'm all about open standards, cryptography, empowering individuals, and actually like doing a better job at preventing fraud.
>> Yeah. I mean, and just to add to those numbers, I think you've written about it. 3 trillion of fraud across federal programs in two decades. 4,000 more than 4,000 breaches per year, deep fix, fully automated systems and it's only accelerating with AI.
>> Yep.
>> Yep. And >> yeah, >> so that's what I mean.
So I agree. I think this problem needs to be solved and Matt and I talk about it particularly on RHR because we do the live stream via via Noster and then Matt will go to the official RHR account and post a note of of the video and that post that note comes signed >> Yep.
>> with our um with our private key associated with the Rabbit Hole Recap account. So you know that like hey we have access to the private key nobody else does. We're signing and attesting that this is the real rabbit hole recap of this week. But getting into it like obviously Naser you can use your real name. Um but uh most people use it pseudo anonymously. And so that's what I'm trying to get a better understanding of uh when once we transition to a world that is whether you like it or not likely going to nec necessitate the use of of digital IDs. What is the spectrum of acceptable types of IDs? I imagine I will keep my Nostra account. I have a web of trust associated with my public address on Noster. I think I've been using it for 5 years now. So I think people trust that it is me and know that it is me and I've built up a reputation there. And that reputation associated with my Nostra key should be able to enable me to interact with um people that need a degree of trust uh on the web. However, is that going to be okay with governments, with tech companies, with other actors that may demand a form of digital ID in the future?
>> Yeah. Yeah. So, there's there's a lot of there's there's so much to talk about here. Um, the first thing I would say is um and to give some credit, my views here are significantly influenced by Christopher Allen, who's been in this space for a long time. that you don't know then you should for sure but um trust when we talk about trust in digital trust like trust is a contextual thing right like it's is not a one or a zero concept um and I think the easiest way to think about trust in a digital context is to kind of step back into the meat space and think about how we develop and manage trust uh in the physical world and you know trust is is contextual right? Like um and and usually if you want to engage in in some kind of relationship, private, commercial, whatever, like it's usually progressive, right? Like you're usually sharing more and more information and establishing like a higher level of assurance and trust, maybe even getting third parties involved to validate the claims that other people are making if it really matters to you. Um so I think that context is like always the first thing to start with. Like if it's making a post on social media knowing that like Marty authored it, cool. Like that's a pretty low risk thing. It's probably more medium or maybe even higher risk for you, but like that's that's you.
Like it's different for me. It's going to be different for everybody else. Um so I think I think that's kind of always the first thing to start with is there's like we're so trained as modern humans to like look for a singular answer in all contexts and like we just have to like stop that right there. like it's that this is like not how this works. Um so context is king when it when it comes to like the different methods and like what's what's uh acceptable in different contexts both for individuals for businesses for states. Um it's actually interesting. So today um there's some legislation going into effect in Utah called steady state endorsed digital identity uh which is really interesting.
Um it's it's also we could talk about this later about like uh you know no single person or entity is like a universal actor like also today Utah's like VPN ban. It's not quite a ban but it's effectively a ban is also going into effect. So on one hand we have this super great uh digital identity infrastructure and a bill that protects individual liberties. We'll talk about that more. And on the same day we have this like VPN issue going into effect.
So, like it's very confusing if you're just looking at it from a high level, but SETI um in in Utah would actually allow you to bring your own identifier like an NPU. Um and as long as you demonstrate control over that public identifier, you know, with sign a message with your with your insect private key, um the state will actually issue a credential to your public identifier. And it it sounds like, okay, well, like so what? who cares? Um, but it's actually a really kind of profound like architectural thing in the sense that um it's it's giving control back to individuals because if let's say for example the state issues you a driver's license, the subject in it is your centralized identifier. Um let's say uh you get into a bunch of accidents, you get your license revoked, they have to pull it. For a lot of people, you know, the license in the United States is like your primary identity document and having that revoked has a significant impact on your life. With this model, you would retain control over your identifier. Now, it's just your credential is no longer valid. You can't really present it anymore, but you you haven't been like rugpulled in terms of your entire identity. So, >> yeah, your your credential to drive has been taken from you.
>> Correct. Correct. but not your the foundation of your of your digital and physical life when it comes to identifying yourself. So, you know, Noster um is is certainly interesting.
There are a lot of different decentralized identity like methods and basically it all comes down to like where do you anchor the the actual public identifier such that people can get the information that they need about you know the cryptographic schemes and other things to be able to verify your digital signature. of um you can anchor an identifier in a lot of different places in a lot of different ways and these different ways again going back to context um are more appropriate given different contexts right but um for example like most people are familiar with like domain names you could anchor a divid on a domain name pretty easy for institutions the dependency there is DNS um most people don't know how like DNS is actually managed but it is like centrally managed and controlled um Most people find it acceptable, but like there are trade-offs with all these things. Um, you can anchor it in like a social media public key like Nostra, which is like portable to a large degree. You're relying on the network of relays. Um, the trade-offs there around are around like uh correlation and like key rotation with that with that specifically. Um, you can anchor an identifier on a blockchain. Um, which can give you, you know, some sense of like neutrality and durability. Uh but again you have like the public kind of metadata risks there. Um and there are some emerging methods that are um more like self-contained I would say uh with no external dependencies. I would point to like carry um and XID from Chris Rowan and the blockchain comments folks where the continuity there really comes from like signed control over like a a key registry that you that you maintain that you can give to somebody. you can anchor it somewhere else, but it's basically like a log that you can present um and it has the cryptographic assurance throughout that whole thing.
So, um it it really depends on the context um and like where the continuity comes from and the asurances come from, but um ultimately like the design choices like do matter in terms of like who can censor and route and like recover and correlate or like take away your ability to represent yourself in in these contexts.
>> Well, I mean, it's a perfect point to bring up. What are the what are the Black Mirror scenarios that can unfold if we get this wrong, man? Um it's it's really interesting. I think about this a lot. Um is kind of the the Jebans paradox of it all, right? like um by being an advocate for these tools and advancing the standards and ability for people to be able to do this in a in an easier way. Uh yes, the goals are are ease of use, but largely the the goals are around like privacy and like individual empowerment, but nonetheless like it has to be easier or else people won't use it. But given that one of the goals is to make it easier like going back to Jeb's paradox like we don't want to enable a world where um we're now like being asked to present our papers to like you know go into the public square digitally um or physically right um so I think one of the one of the guiding principles that I like to kind of true back to is like whatever the rights and norms are in the physical space around identification like we should look to preserve and fight for those in a digital context. Um so the the the black mirror you know manifestation um we again we don't have to look far like these things are happening today.
You've talked about China social credit scores ability to access like basic public services and have it impact like you know your eligibility for transactions in the private sector as well. Like we do not want that. We do not want overidentification just because identification is now easier. Um what what we're trying to do is make it easier for people to retain their privacy and even claw some of that privacy back uh and do so in a way that they control and is also can be done you know easily. Um yeah and uh you saw me fidgeting over here because as you were saying that this is something that we covered yesterday in the Bitcoin brief. I'm not sure if you saw it but the guard act protect the children. Yeah, >> Trojan horse for digital identity. Like basically in the past the Senate Judiciary uh committee 22 22 to zero requiring age verification for all chatbot/ AI users bipartisan unonymity um to to basically try to throw age verification and I think that's another important topic to bring up is the nefarious ways and framings that governments will use to Trojan horse centralized panopticon digital IDs on on the masses and I think age verification is the number one way that they'll do that.
>> People are not wrong. You're like I I the fear is grounded. Um this is this is often um the vector and framing that is presented to the public around safety protecting the children. What we what we have to true back to is again the principles of uh what are the expectations in the physical world and do I have to identify I don't have to ident myself identify myself when I go into Walmart as an example but if I go to walmart.com like I am like behind the scenes being identified right and and there's all and and I've agreed to it whether or not I understand what I clicked when I said I allow cookies or what you know it's it's such a mess Um, but like yeah, we need to find a way to build and amplify the standards, policies, and tools to like get us closer back to those real world expectations of privacy. It also is very troubling, you know, not just the age verification stuff, but like I mentioned Utah's um effective like VPN ban uh as well, which you know, the net effect of that and it's not again it's not really a ban, it's more nuanced than that, but like the likely result is that like VPNs will be less used and you know, sites will either block users that are using VPNs or you know, in an effort to like mitigate this liability that is now on them, they will attempt to like age verify everyone, right? And we'll be, you know, in this world where it's like a norm to hand over all of your basic personal identification information just to, you know, read the news or check the weather. Uh, that's we we have to make sure we avoid that outcome. So, for this was brought to you by our good friends at BitKey. Bit Key is the hardware wallet that makes Bitcoin easy to use, hard to lose. The two or three multisig.
You download the mobile app, you pair it with this hardware device here. Uh you have a key here, one on your mobile app, block holds one in the cloud. Comes with incredible features. The newest of which is chain code delegation where you can set up your wallet and you can send and receive Bitcoin from that wallet as long as you're doing it with your hardware wallet and your mobile wallet. And block is none the wiser. You get privacy with chain code delegation. in privacy mode.
You can auto stack using Cash App, Strike, Coinbase, other apps, uh, directly to your BitKey wallet. Uh, easy to set up. If you have friends and family that still have their Bitcoin on the exchange, but need to get it off, send them to BitKey. Uh, to pick up a Bit Key, go to bit.world. Use the code TFTC20 for 20% off your BitKey, and you can buy one right here. We have one in our YouTube store. You don't have to go anywhere. Just click that link. Use the code TFC20. 20% off. Pick up a bit key.
>> Sup freaks. When you take Bitcoin seriously, you start with custody. You want to control your keys, avoid single points of failure, and make sure your savings cannot disappear because you or someone else screwed up. That is what Unchained has been focused on since 2016. Unchained is the leader in collaborative multi custody and Bitcoin financial services that keep you in control. They secure over 12 billion in Bitcoin for more than 12,000 clients.
That means about one out of every 200 Bitcoin sits inside an Unchained vault.
Their model is simple. You hold two keys, they hold one key, and it always takes two keys to move Bitcoin, meaning their single key can't access your Bitcoin on its own. Just resilient shared custody that gives you institutional-grade security while keeping you sovereign. Unchain also lets you trade straight from your vault, access Bitcoin back commercial loans, open a Bitcoin IRA where you hold your own keys, and set up personal, business, trust, or retirement vaults. They even offer inheritance solutions built for long-term hodlers. or opt for the highest level private client service with Unchained Signature and get a dedicated account manager, discounted trading fees, exclusive access to events and features, and much, much more. If you want a partner that helps you secure and grow your Bitcoin without giving up control, go to unchain.com and use the code TFTCT10 at checkout to get 10% off your new Bitcoin Multic Vault. That's TFTC10 at unchain.com.
>> Yeah. And I mean this is um this is something that's been discussed in the the world of ds particularly in the sort of bitcoin/nostster ethos is particularly via zero knowledge proof and please step in if I'm speaking out of line but there are ways to selectively verify that you are 21 without revealing your exact birthday right >> I think that is where not enough focus is on. And it's a shame that like web 5 the blocks initiative sort of fell under cuz I've talked to Daniel quite a bit and actually talking to him makes me made me pretty bullish in what they built and how you could do things. I think there's definitely some design choices that they made that others should be paying attention to.
Maybe go back and see what they were doing. But I think around this selective um the ability to verify that you do meet certain credentials that are necessary to interact in the digital world without actually giving up all the information itself.
>> Yes, 100%. Coin center is also like a a big advocate um for these types of approaches as well. Um so grateful for for for Daniel Buckner, Peter Coin Center, everybody there. um who's keyed in on these things and has been doing the work um for years and years. But yeah, you know the outside of a DID, right? So if we think about a DID, what is it? It's it's basically a way it's a decentralized identifier. It's a private public key pair. Cool. What does that give us? That give us gives us the ability to um verify if somebody authored something. Great. The other piece of this is around credentials, right? So, we talked about the state issuing you a driver's license with the subject of that credential being your did and not like your PII. That's that's fantastic. It's it's also not enough, right? Like we don't want to be in a world where it's like cool, I have this verifiable credential that I can present um and authenticate with with uh my did by, you know, using my private key to sign the presentation of the of the credential. We don't want to end up in a world where like we're basically just now like taking a copy of the digital credential and now storing that for seven years instead of a picture of your license which you know it's basically well financial services. So the the ideal flow it you know and and the tools and technologies are here to like they they exist. um they're still emergent around some of the edges, but like we do have the ability uh to issue credentials um such that they they have these these specific proof points in them such that like when I go to the bar, I don't have to reveal my birthday. I just have to selectively disclose the attestation that's a part of my signed credential from the state that says I'm over 21.
Maybe maybe that credential also has a picture of my face or maybe that credential requires me to locally like biometrically authenticate myself to the device that the credential is bound to.
But there's a lot of different ways that we can we can we can build assurance between the credential and the the presenter of the credential um to to ensure that like you know the credential isn't like lost, stolen, and misused.
And there's a lot of things that the issuers of these credentials can do to ensure that like the holders of these credentials can present attestations or verified like attributes of the credential uh without completely revealing like their whole dossier, right? So um yeah, I think that is that is the way forward. Um there's I can like describe like that ideal flow if you're interested. But um that that's like really what we're aiming for is um composability, right? And the ability to just like share proofs, not documents.
>> Yeah. Uh please explain the flow because I think it's important.
>> Yeah. Yeah. Yeah. Sure. So I I think like when I think about the the ideal flow here, like I think an an issuer um and you think about an issuer, who's an issuer? I could be an issuer. I I could say uh I'm going to issue you a credential, Marty, that says you have a red hat. I have reason to believe you have a red hat. Uh can be anything.
Anyone can be an issuer of of a credential or an attestation. What I'm going to do then is I'm going to craft that credential in like a standard that allows for privacy preserving presentation of that credential. Um which is going to allow for selective disclosure and zero knowledge proofs.
and it's going to be I'm going to sign it and it's going to be bound to your uh public key, right? So, you can only present it if you authenticate yourself with your private key, right? So, that completely removes the what happens if somebody gets a hold of your digital credential. It's useless unless that thread actor also then has the private key, which if that's the case, you got bigger problems. Um, but I'm I'm going to craft the credential in such a way that I'm going to say, uh, Marty has a hat. Marty also has a hat a hat that's red, and he also has a rat a hat that, uh, has a reference to, uh, the Bitcoin Park classic golf tournament there from 2023. Different levels of specificity, then you could selectively reveal them as you as you choose. Um, let's say you're going to a bar and uh they're going to say, "Hey, like only people that possess red hats um from 2023 can get in here." Um, that's a very specific request, right? And and honestly, like when you think about going to a bar, like they're looking for a very specific request as well. Like they want to know that you're over 21. They don't care where you live. They don't care what your name is, if you're an organ donor, all that stuff. You have to reveal all of that to satisfy the requirements. But like let's say you're at this place, the bar is you must have verified proof that you could, you know, own a Red Hat. Um, I'm going to make that request to you in a format that like your wallet and your credential can directly respond to, right? So I'm going to say, "Please provide proof of Red Hat ownership."
You'll go into your wallet and you'll be like, "Cool. Here's my verified claim from Gerald.
I'm I'm going to I'm going to present this attribute." Um, and there we go.
Now, should the bar should the bar trust that that Gerald is a is a trustworthy source of authoring this information?
That's up to them.
>> You're red you're a Red Hat Oracle, man.
You're the trusted Red Hat Oracle.
>> Yeah. But again, this goes back to like context, right? Like most people at a bar, right? Like you need that attestation needs to come from a state.
But like in this context, whatever it's private accessation, you happen to have a credential. you can selectively reveal the component of that. So, you're going to generate um the presentation of that claim with a zero knowledge proof. You you you present that. You don't have to hand over your phone or anything. You can do it via via QR uh or maybe even NFC. Um and it's it's like a a onetoone like nonspace request, right? Like that's not a replayable thing. they can't take your authenticated presentation of this credential and use it anywhere else. It's a it's a peer-wise presentation. Um the verifier then validates it, right? So they they take a look at okay like who signed this? Gerald. Okay, Gerald's like the man when it comes to, you know, inspecting Red Hats. We trust him. Um they might have like a a challenge of some kind. they might if the credential doesn't include it like they want to make sure that um the presentation of this credential is in fact like signed by the by the person or the controller of the DID. So you could just authenticate yourself to your phone to sign it if you didn't already do that.
Um, and what we've done is we've we've enabled like the the this club to, you know, protect your privacy, satisfy the information that they want, and they don't have to call me, right? Like they're as a part of digesting that that um that credential. They're not like phoning home to some state agency or Gerald's like Red Hat Oracle business to be like, "Hey, Marty's here at this time at this location. Does he have a red hat?" No. like the credential stands alone by itself. It's anchored to your DID and it's built in such a way such that you can select and and present authenticated pieces of it. So um that's it like you know on and and and after that once they once they do all that stuff like they don't need to record your name. They don't need to record when you were there. They just need to know like hey like this requirement was satisfied and like this guy's in. Um maybe there's a timestamp maybe they provide some sort of like proof verification result um if necessary but like no PII is exchanged just the proof and like the requirement is satisfied and people move on. So this can be done in a privacy preserving way um using using proofs instead of just like handing over a digital credential itself and that is the way that that we should do this for sure.
You mentioned that if somebody loses or somebody loses access not maybe not loses access but somebody else gains access to the private key credentials that you have big problems but I don't want to gloss over that cuz I think that could that that is a massive point of friction that is unclear how you solve to me like obviously we see this a lot in Bitcoin um private key losing private keys or somebody stealing private keys is not uncommon um I want to call it rare. I want to call it um I want to call it uh most people aren't susceptible to it or haven't befallen that I would imagine. However, it does happen and I I think this is something that um we're still trying to uh gain a level of comfortability over is developing these new skills of handling private public key pairs and securing them. most importantly. So what's your what are your thoughts on that and how that evolves critically?
>> Yeah, I mean as we incorporate these kind of approaches um into more and more of our daily life like we need to get better here, right? like um not not just around like um you know individual responsibility like obviously that's like a key part of it but um we we need to like build systems and capabilities and and make conscious choices around like hey if you lose your empub like that's it right like that's all the protocol supports at the moment there are other did methods and approaches here which do solve for this or attempt to solve for this thing specifically.
They have other trade-offs. Um, but I'll point to like Carrie as an example. So, um, they they do like what they call like pre- rotation, right? So, basically you you have a private key um you can like pre-rotate your keys and like hold multiple private keys such that if you ever lose uh you know an earlier private key um you can broadcast a message that says like please disregard you know any messages from that in the future or if it was compromised etc. So I I think that that is like um something that we need to get better here uh across all of these methods whether it's um like you know collaborative custody kind of setups that that you and your audience are probably familiar with around like multisig and just the whole the whole spectrum there um or uh building it into the protocol itself uh like carry where you're you can you can pre-rotate now obviously like if you lose all your pre-rotated private keys as well like what what do you do here? Um, this is this is the problem with decentralized systems. There's no hotline to call. Um, but that doesn't mean that we can't build in, you know, um, capabilities and recovery mechanisms in the protocols directly that enable people to like take these precautions. So, um, you'll probably get that in a lot of my answers. It's never like a one or a zero on these things. Like we should understand the middle ground and like make a deliberate choice that suits our context.
>> Yeah. No, it makes sense. And I'm thinking of something like the bit key here like their social recovery. Maybe there is something you can do with family. Maybe it' be mandated by the state has to be family members or somebody that's a bedded close friend and you get two of them and if they're willing to sign on your behalf then you worry about like all right what if they against you? Now I'm rambling, but um >> no, I it's it's a lot of the same like like systems thinking and like threat vectors um in this context as it is with like Bitcoin security as well and and private key and self custody. So, um, I think Bitcoiners are like uniquely suited to be able to like advance this conversation because like we've already spent years thinking through like all the how all these threats manifest. Uh, and like at what level certain uh you you want certain assurances about recovery. Um, again, for certain context, like maybe it doesn't matter at all. for others it's like you would never ever consider doing this yourself if you didn't have um these collaborative recovery mechanisms. So yeah again context dependent but um there there are tools and methods today that um that that care for these things.
It's just um a lot of them are are nent and uh fundamentally like constrained um given the nature of like hey man it's it's entropy if you lose it like and you're and you did it yourself like that's it.
>> Yeah.
>> All right freaks you know me you know I don't take sponsor money from products I wouldn't use myself. So listen up. The AAN Bitcoin Visa card is one of the most interesting things I've seen in the Bitcoin lending space in a long time.
Here's the deal. You can get a line of credit up to a million dollars backed by your Bitcoin without selling a single SAT. No gains, no annual fees, no minimum draws, and your Bitcoin is custodied by Bitco, which is one of the most trusted names in digital asset security. A never lends it out. There's no rehypothecation. You stay in control.
And guess what? You can lock in a fixed rate for up to 10 years. That's 10 times longer than most lenders out there or go interest only for up to 5 years. Rates start at 7.99% APR for a product that lets you keep your stack and still access liquidity. It's hard to beat. I mean, the duration in the rates is the best I've seen in the market to date.
You also get 2% unlimited cash back every time you use the card. Spend fiat, keep your Bitcoin, the whole game. If you've been stacking for years and you need liquidity without triggering the taxable event, this is worth a serious look. Go to a.com/bitcoin.
That's av.com/bitcoin.
Check it out. What's up, freaks? This rip is brought to you by our good friends at Crowdalth. I've been a happy Crowdalth member for almost 5 years now.
My wife and I have had two children while we've been on Crowd Health. And I actually just got the last bill for third child funded. Uh it was $6,157.
Crowd Health negotiated down to $2,39 and we only paid $500. Rest was crowdfunded by the Crowd Health Network.
If you're sick of health insurance premiums and having to pay deductibles and getting ripped off at the hospital, join Crowd Health. It's an alternative way to pay for your healthare. It's not health insurance. It's crowdfunded healthcare. Uh, as you can tell, they negotiate prices for you. You pay in cash. It's much cheaper. Overall, we're much happier. They have incredible perks. Go to joincrowalth.com/TFTC to sign up. 5 years on Crowdalth. Not looking back. Join crowd.com/tc.
Use the promo code TFTC. Once you set up your account, you're going to get $99 a month for your subscription for the first three months.
>> So, next up, you you've written that the choices made in the next year or two will lock in the architecture for a generation. Why do you believe this? Why do you think this window is so narrow right now? I >> I mean, I'm just looking around, man.
Like, I I I see the age verification stuff. Um I see more and more um surveillance in public spaces um and in in private contexts as well.
Um and I think um you know you you mentioned the angle of safety. I think AI like fraud risk managers and identity practitioners have known this for a while that like you know this is a never- ending battle you know with these digital tools. But um I think it's become more obvious to folks like the level uh of impersonation risk and I think that amplifies the likelihood that as a society we will make hasty decisions um and buy into simple framings and solutions right of like hey this is a big problem uh it's wasting a lot of taxpayer money by the way it's already wasting a lot of taxpayer money but like it's probably going to get worse uh so therefore this is what we need to do and um you know I've already seen that for years right like that just the pressure that fraud and identity risk managers have to maintain their level of performance to determine if somebody is who they say they are and there's a lot of pressure to just like do something right and the the something that we've been doing is on a path where you know we're collecting more and more biometric information aggregating more and more signals we have more and more listening devices around us all the time that are capturing and synthes izing and selling our personal information. We should just be very thoughtful about like where that's going to lead us. And I think the advances in technology over the last few years have like dramatically accelerated those timelines. So, um yeah, at a at a time where we're, you know, half of the states in the United States have some kind of like age verification, states are rolling out digital credentials. Uh some of them are done well. Uh some of them phone home. Nobody wants that, right? But like this is happening, right? Um so there there are states in the United States where every time you present your digital driver's license, it's a it's a it's a ping back um you know to the issuing authority. You don't nobody wants that. Like but this is this is what we're going to have if we don't lean in and put our hands up and say excuse me >> that is that is not my right and expectation uh as an American in the digital context and I I reject it. So >> yeah, imagine the amount of blackmail that they could do. Like, "Oh, hey Marty, I know you've been telling your wife that you were going to the library to do some research, but we see that you were uh actually just going to the bar down the corner. It'd be a real shame if she found out we're going to need you to do something about that, >> right? About this thing that we want you to do."
>> Yeah. So, we we we don't we don't want that. Um and uh we don't expect that, right? like we there's been massive you know creep I would say in terms of surveillance over the last like 5 years for sure but really the last like 20 years um you know predominantly through like the way that we monetize the internet honestly like I I started my career in like digital marketing and advertising and have like early you know experience with like these private identity graphs and like custom advertising and stuff like that. Um, people have had many moments like or we as a society have had many moments of like new levels of ick, right, of like, oh, I I was talking about something with a friend and then I saw this ad. Like, what the hell is that?
>> And like it deeply disturbs people for like half a minute and then they're like, oh, but like that is kind of convenient. You know what I mean? So um you know this is this is the challenge here is basically trying to get people to deeply understand um that these are these are real fears um this is happening today in other countries throughout the world. uh people have much less freedom uh because of these these systems and you know I I want to make sure that if we as Americans uh end up in that spot it's because we understood the risks and we made the choices. now like fewer and fewer people are actually like aware and engaged but like that is never going to stop me and I hope it doesn't stop people that are listening to this to like try to make the world a better place and like uphold American values.
Um so yeah, man, it's I feel like the window is as open as it's ever been for like real change, but um it's closing fast.
>> Well, I mean to your point there, I completely agree. The masses are never going to take the time to dive into the architecture of digital uh distributed uh digital ID systems decentralized digital ID systems nor care to weigh the trade-off. So that begs the question, who are the necessary stakeholders to get this message and these designs in front of? And obviously I think politicians is the obvious one. Maybe big tech is another one, but I think maybe around correct me if I'm wrong, is the the industry which you come from, which is fraud prevention and compliance. And it begs the question, what is the state of their understanding around this topic from your perspective?
The incentives are not good, man. Um, you know, when when you think about um, okay, we we we we want to do a few things. We we want to uh actually like do a better job with determining if people are who they say they are.
Cryptography helps with that massively.
Fantastic. Um, we want to enable people to be able to um, present or like hold and present their own like identity related claims. Um, fantastic. Uh, the the rub there is the entire identity verification model like the industry is like built on a model where like that fully conflicts and like subverts their business model, right? Like these people are getting paid for every verification that happens. So if you if you're working inside of one of these companies and again I've worked inside these companies uh and you come forward and say, "You know what I think we should do? should we should find a way for people to be able to present these claims themselves uh such that they don't have to like take a picture of their face and upload a picture of their uh uh license, you know, for every website that they go to. Um you know, you're you're going to hit a wall pretty quickly just given the economics of the business model. So, yeah, the the incentives are are not good there. Um same with big tech, like they're going to move if they need to. Um but broadly like this is a source of revenue um and like you know network effects and control for them. So they're not going to just like hand it over. Um so that's why I was excited about SETI um because I I think states will likely need to lead lead the way here. Um at a federal level we we have seen recent requests for comment from Treasury on like um how can you know financial institutions rely on attestations from other financial institutions in the verifi verifiable credential format right so if uh you've already gone through identity proofing somewhere else uh you know they hand you that credential you can then use that credential to skip some account opening and like KYC process you at another bank that would be a good thing it all comes back to at this point the trust model like how do I know as bank B what bank A did what their processes were all that stuff and this again goes back to the incentives of like um of the context right so um identity verification today is is a probabilistic process the things that influence like the optimization targets of that probabilistic process in a in a private sector context are profit and loss right so if if you're trying to open up a savings account um that you know has a 7-day funds availability policy and I have very little risk like I'm going to have different thresholds on the identity verification than if you're trying to open up a mortgage and you want me to write you a check for half a million dollars. Right?
So just just that realization makes you realize that like the the assurance provided by any financial institution is a function of their own context which makes it hard for other financial institutions to rely on those attestations because who knows what the context was. So I think there's some standardization work that needs to happen uh there as well and you know we can NIST and uh other other agencies kind of help with that but ultimately like you know private industry needs to lead here. There's been some good progress and states need to lead um because the the federal government you know is like they're aware of the problem. They haven't really been doing a whole lot frankly over the last 5 10 years.
>> Yeah. Well, you mentioned there's some good actors in the private sector making some progress in this uh direction. You mentioned Carrie earlier. I'm not sure if you believe they're one of them, but anybody else in your mind? Is WorldCoin actually good? Am I have I been wrong about World Coin or >> No, >> no, you've not been wrong. I mean, it's just, you know, there's a reason why it gives people the ick, right? Like you again, like this is a very real problem.
like proving that humans are human um and proving that you are who you say you are like this is a very real problem and I don't know who started that project you Sam Alman like I I don't know the people um I do know some people from like the standard space that like worked there for a little bit and then like left shortly thereafter um but uh no like we we should not be using our uh like biometrics as identifiers Like it's it's a great way to authenticate yourself locally, right? Like on your device, fantastic, right? Doesn't leave your device. Excellent. But we do not want to live in a world where like you're just walking around and like private industry and government can just identify you from just like your face like >> Yeah.
>> Yeah.
>> Well, I think it's important that you're referencing um Face ID on the iPhone there and I think there's a lot of misconceptions about what's happening there. Mainly people think that Apple is storing your base ID on some server that they host. But however, like what's happening there is like it's a secure enclave thing. So it's biometric verification via the secure enclave that lives locally on your device which is the right model. It's similar to what happens with Bitcoin wallets. Um like I have the the fingerprint biometric here but it's stored in this enclave.
>> Yeah. Yeah. And and you mentioned SEI as well like I'm not a technical expert.
there's some um things that I don't fully understand around like seti witnesses and um basically how you build that trust graph there um because there is no like uh external dependency or like anchor so it's like self-contained but they have these like witness network um so yeah I I don't fully understand it but I am a fan of like people giving it to college try and like trying to trying to figure this stuff out but um yeah broadly like We we want to be using um identifiers that are not our biometrics and are not our personal information and we want to authenticate our ability to use those things locally um or with places that we trust a lot like maybe that's you know the DMV like I'll go to the DMV to authenticate myself. I'll let them take my picture, whatever, because I know that they're going to give me a credential that is like of high value for me that I can use in other contexts, um, that other people are going to trust and use and rely on.
So, yeah, I I I think that's like my general frame is that like using your biometrics as an identifier is not good.
Again, see China like Americans probably I think do not want to live in that world. It it results in a in a world and society where people are just fundamentally less great. Uh I don't want to live there. I don't want that to happen.
>> Yeah.
>> I mean with the with the Irish skin timing Minority Report might be my favorite sci-fi movie of all time. And it's just I just go immediately there.
Like the combination of Irish scans and self-driving cars. It's just like Tom Hanks or not Tom Hanks, Tom Cruz had to go get a get a new eyeball transplant to to avoid the the eye of uh of the authorities. Um they basically had autonomous drones that were able to go around and scan people's eyeballs to to confirm who they were. And we're not too far off from that reality right now.
>> Yeah. Yeah. And it's it and now's the time, right? like now now that would be like my call to action. Like now now is the time for people to um move past the like yeah this is really scary and sucks and like we should avoid this to like no like like these policies and technologies are like being developed out in the open now like right now. Um, so now now is the time to move past the the black pill in into the white pill of like, you know, let's find a way to instill American values around privacy and self- sovereignty uh into these tools and policies um such that like we don't end up there because I I think it's fair, you know, to just observe that like directionally like we are going that way. Um, and I I want people to like be aware of that. Um, and you know, >> yeah, >> is minority report predictive programming? Were they just saying, "Hey, get ready for this future. There's nothing you can do about it." Uh, I hope not. I believe not because the potential, like you're describing why >> we're having this conversation right now, is because the potential to avoid that is very real. the technology is at our fingertips and if we apply it the right way, we can get to the future that's privacy preserving and sovereignty preserving that we would all like to live in. And on that note, like yes, let's move towards this. But for anybody listening and myself included, like what are the lowhanging fruit first steps towards that direction? Is it interacting with policy makers? Is it interacting with private industry? Is it just making noise on exit? or is there some technical implementation that people should begin uh interacting with to to signal like hey this is the direction I would like to go >> yeah so there's thank you for asking there there's there's quite a few states that are issuing mobile driver's licenses now um for those that are like techsavvy and have the ability like find out how that works like you know are are is your is your state providing you a credential that phones home are you locked into a specific vendor. Um, are you able to selectively disclose attributes of of your um of your digital ID? Um, or is this like worse than physical ID? Um, the other things I would I would that come to mind are like supporting open standards work, right?
So, the I'm a big fan of the W3C. Um, Monorney has been doing an incredible job there for years and years in the decentralized identity space. Same with Christopher Allen uh as well co-author of of the original did spec trust over IP open ID foundation decentralized identity foundation all these are open to the public they have like a open source like development model uh anybody can can get up to speed observe contribute um I would also direct people to the SETI like model legislation out of Utah um take a look at it like there's some great stuff in there um that you know does put some very real constraints not just on the state but on the private sector as well. Um and puts like a um you know like a a digital identity bill of rights if you will in place um to to constrain private sector from just like willy-nilly selling your information. Um and yeah just like broadly like talk about these things and and not in a again like understanding the fears and the problems is very important like we need the motivation uh there to like understand like why we care about these things. but then try to quickly move into like what we can do.
Um and that's kind of where my journey started as well um with BPI of just like hey like we these conversations are happening. I remember I think you were at the the BPI event last year around summertime um and I think on stage Warren Davidson mentioned digital identity uh akin to the eye of staron >> in the room.
>> Yeah. Yeah. And I was like, well, uh, you know, I get it. But >> this is an important point because I think there's a lot of people, and I I would have included myself in that camp probably like a year or two ago, which like digital identity avoided at all cost becoming abundantly clear with the emergence of AI that we're going to get by computers and robots. And there is going to, whether you like it or not, recognize it or not, like we are entering a reality. We are living in a reality where we are coexisting in the digital world with robots and humans need to be able to identify each other in that system. Um >> yeah and and and the ways that we should do that are the same ways that we create high assurance around any other exchange of information which is we use cryptography, right? Like there there's no reason why we shouldn't be doing that for like the layer zero of humanity, right? Like authenticating people. So yeah, it's not really like a technology pitch. It's more like a values pitch like understand what's happening, understand the tools. Um the white pill is definitely not like everything will be fine. It's like the tools exist, the window is open and like the outcome depends on whether or not like the people who care show up um and support uh places like um you know Jay Stanley at the ACLU is a is a great advocate and like fair advocate for these things. Uh Peter at at Coin Center. Um obviously your you know your local legislators are like always great people to talk to. Um but like this stuff is happening regardless of whether or not we want it to. Like the worst case scenario is we don't engage and we continue on this trajectory. So that's why it's like such an urgent moment for us to be able to like put our hands up and say wait let me learn about this. We figure out what we're trying to do here. Um and ultimately like apply the physical world test right? like we want to replicate like the the the the rights and norms that we have in the in the physical space to the digital space. We don't want a digital identity. We want to like digitize identity and that that starts with individual control. Um not like corporate control and walt gardens.
>> Yeah. And that's what I worry. I mean, we're seeing it with AI already with the hyperscalers trying to position themselves uh and the technology that they're forging forward as a matter of national security that that needs to be controlled in a way that you create the regulatory mode and the license regime. And you can see uh in parallel and you can actually see the same actors obviously with open AAI and Worldcoin being loosely connected via the Sam Alman connection the digital ID saying this is critical to national security and digital security and we need the solution now oh by the way we have one um you should use this and it's they have a lot of lobbying power they have a lot of social cache u because people are very impressed with what they've built. But as we've come to know, particularly Bitcoiners, uh big tech does not always have your your best interest in mind.
And so it is imperative that we we fight for these free open distributed solutions or the closed garden uh solutions that that will inevitably be put forth by these actors.
>> Yeah, that's the you know that's that's the defense here.
Open open systems, open standards and software. um open tools that everybody can use um that that level the playing field here and um you know improve the floor for like our our sovereignty as as individuals. Certainly like private business is not going to go away here.
The public sector also has like some um you know some some some challenges because they have like an access mandate right like we talked about like the the relativity of assurance in a private sector context being a function of like profit in the public sector it's like you know they they have a m an access mandate right so they have to like overanchor on like yeah it's probably them um so you get error on both sides um and you know that this This is where like this the states and uh private sector can can play a role to um put these different models forward. Um and ultimately, you know, hopefully Americans who care about liberty and and privacy uh will will step up and make their voice heard here.
>> Yeah. Well, that's like the last last topic cuz again going back to Warren Davidson's comments and again, hand up when like agenda 2030 digital ID, you'll own nothing and be happy. I was a big like avoid digital ID at all cost. But >> and I think uh it's kind of forced an uphill narrative battle because I think many people have viewed a digital ID as uh the mark of the beast, a form of the mark of the beast, if you will. And so again reiterating what I said earlier, but maybe reframing like how do we how do we uh convince people like hey not all digital IDs are bad. They're probably necessary in this world that we're emerging into, unless you want to go live in the woods, which if you want to, more than happy for you to go do that for yourself. But we do have a society and a reality that is going to exist outside of your cabin in the woods and and go down one path or the other.
There's there's going to be a big narrative and anti-propaganda um campaign that needs to be waged as well.
I've I've heard you say it many times recently like you may not care about the state but the state cares about you like same context rather um the the alternative to engagement is not like freedom from digital identity uh the alternative is digital identity like designed without our input right um so we are kind of seeing where that's going um the fight is really over like whether digital identity preserves physical world privacy norms or continues to like erode code or fully destroy them. Um, and our goal is to like embed privacy, autonomy, portability, like legal due process and individual control like into the technology and policy stack such that the ability for this like this reality to manifest is severely constrained uh at a fundamental level.
Um it's going to take a lot of work on a lot of different angles, but um it's critically important and uh I'm I'm hopeful that u many people continue to to join the fight because um it's it really matters.
>> All right, freaks. Join the fight.
Gerald, thank you for fighting on our behalf as many of us operate blissfully unaware of of the the progress that's being made. I mean, I'm more aware than most, but I think most people are blissfully unaware of of what's happening.
And again, it is uncomfortable because and it is um it is a fact that many people including representatives like Warren Davidson saying avoid the digital ID.
Obviously have like Katherine Austin Fitz and many others in that part of the world saying avoid at all cost. And again, I'm sure there will be people that listen to this podcast and say, "Marty Marty got turned. He's a spook now. The CIA got to him. He's pushing digital ID. Yep. But that's like the weird thing is like again the ability to use cryptography to selectively reveal attestations of things being legitimate without actually revealing the information itself exists.
And in the world of digital ID that is much preferable to the world coin or the phone home to the government to verify and them knowing everywhere you're going. Yeah, we can we can not just like slow the rate of change here like we can actually revert it with these tools and technology. So like that is what's on the table. Um how much of that we take advantage of like will be determined in the next few years. Um and it's I think a lot of people it's very scary and it's so scary that they disengage like I said like that doesn't mean that like these efforts are going to stop. So like we need the engagement. If it scares you, lean in, learn more, become an advocate, um, and join the fight.
>> Gerald, it's been an honor and a pleasure. Where can more people figure or find out, excuse me, um, where you're talking about this? Where can they follow you? Where can they keep up with the progression of the conversation uh, as it as it lays as it gets, um, as it progresses?
>> Yeah. So, I'm I'm on uh, X. I'm at geraldickman.com, but uh you can find me always open to talk to people to help them kind of learn more about this direct them to things that are of interest to them. Um but yeah, those are those are the two spots.
>> All right. Well, I'm sure we'll we'll have more conversations about this over the next couple years as things progress. So, until next time, thank you for coming, sir.
>> Appreciate you, Marty. Thank you.
>> Peace and love, freaks.
>> Thank you for listening to this episode of TFTC. If you made it this far, I imagine you got some value out of the episode. If so, please share it far and wide with your friends and family. We're looking to get the word out there. Also, wherever you're listening, whether that's YouTube, Apple, Spotify, make sure you like and subscribe to the show. And if you can leave a rating on the podcasting platforms, that goes a long way. Last but not least, if you want to get these episodes a day early and add free, make sure you download the Fountain podcasting app. You can go to fountain.fm to find that. $5 a month gets you every episode a day early ad free. Helps the show. Gives you incredible value. So, please consider subscribing via fountain as well. Thank you for your time and until next time.
Ähnliche Videos
Are our DeFi tools becoming too easy to exploit?
saidotfun
228 views•2026-05-30
Solana Unchained ($UCHN) Explained: Solana’s Next Big Utility Project?
CryptoVlogOfficial
339 views•2026-05-30
🚨 Access Network App FREE Withdrawal to MetaMask?! Only 25M Supply 🔥
Airdrop26Alpha
459 views•2026-05-28
Free TON in 2026? How I Tested This Reddit TON Tool
SirenHead-z9y
2K views•2026-05-28
⚠️ALGO Has a Very Bright Future! ✅ One #Crypto Everyone Should Own!
MetaShackle
184 views•2026-05-30
BingX EventX: Trade Sports, Crypto & Global Events With One Click
AidenCryptox
311 views•2026-05-31
XRP IS GOING TO VANISH! A SUPPLY SHOCK IS INEVITABLE! (THIS IS THE PROOF!)
NCash
2K views•2026-05-31
AI Predicts What XRP Looks Like If Ripple Gets A Fed Master Account
CryptoBlazon
422 views•2026-05-30
