What is digital identity? Where does the concept come from?

Continuation from post SSI: Digital Identity User Experience

Digital identity is one of those concepts that seems simple on the surface but becomes increasingly complex the deeper you dive into it. To understand where we're going with self-sovereign identity, we need to understand where the concept of digital identity came from and how it has evolved.

When I first started working with digital identity systems, I thought I understood what it meant. I mean, it's just your online presence, right? Your username, your profile, your accounts. But the more I learned, the more I realized that digital identity is actually one of the most complex and misunderstood concepts in technology today.

The Origins of Digital Identity

The Early Internet

In the early days of the internet, identity was simple. You had a username and password, and that was it. There was no real concept of "digital identity" because the internet was seen as a separate space from the real world. Your online identity was just a handle, a pseudonym that you used to participate in forums and chat rooms.

I remember those days. I had usernames like "cyberpunk99" and "neon_ghost" - names that had nothing to do with who I actually was. That was the beauty of it. You could be anyone online, and nobody really cared who you were in real life. It was liberating, but it also meant that the internet was this wild west where trust was hard to establish.

The Commercial Internet

As the internet became commercialized, the concept of digital identity began to take shape. Companies needed to know who their users were for billing, customer service, and legal purposes. This led to the development of user accounts, profiles, and the collection of personal information.

This is when things started to get complicated. Suddenly, you couldn't just be "cyberpunk99" anymore. Companies wanted your real name, your email address, your phone number. They needed to know who you were so they could bill you, send you marketing emails, and comply with regulations. The internet stopped being this anonymous playground and started becoming a place where you had to prove who you were.

The Social Web

The rise of social media platforms like Facebook, Twitter, and LinkedIn fundamentally changed how we think about digital identity. These platforms encouraged users to use their real names and share personal information, creating a more authentic online presence.

This was a huge shift. Facebook's "real name" policy was controversial, but it worked. People started using their real names online, sharing their real photos, their real locations, their real thoughts. The internet became this extension of your real life instead of this separate, anonymous space. It was more authentic, but it also meant that your online identity was now tied to your real identity in ways that were hard to undo.

What is Digital Identity?

A Collection of Claims

At its core, digital identity is a collection of claims about who you are. These claims can include:

• Your name and personal information
• Your credentials and qualifications
• Your relationships and connections
• Your preferences and behaviors
• Your digital assets and activities

But here's the thing that took me a while to understand: these aren't just facts about you. They're claims that you make about yourself, and the question is always: how do you prove these claims are true? In the real world, you might show your driver's license to prove your age, or your diploma to prove your education. But in the digital world, proving these claims is much more complicated.

The Problem of Verification

The challenge with digital identity is verification. How do you prove that the claims you're making about yourself are true? In the physical world, we use documents, witnesses, and institutional authority. In the digital world, we've had to develop new methods.

This is where things get really tricky. In the real world, if you want to prove you're over 18, you show your ID. If you want to prove you have a college degree, you show your diploma. But online? How do you prove any of this? You can't just upload a photo of your ID - that would be a security nightmare. You can't just say "trust me, I have a degree" - anyone could do that.

The Role of Institutions

Traditionally, digital identity has been managed by institutions, governments, banks, tech companies, and other organizations that have the authority to issue and verify identity claims. This has created a system where users are dependent on these institutions for their digital identity.

This is the fundamental problem we're trying to solve. Right now, if you want to prove who you are online, you have to go through some institution. Your bank says you're you. Your government says you're you. Google says you're you. But what if you don't trust these institutions? What if they get hacked? What if they decide to lock you out? You're stuck.

The Evolution of Digital Identity

From Pseudonyms to Real Names

The internet started with pseudonyms and anonymity, but as it became more commercial and social, there was a push toward using real names and authentic identities. This created new opportunities but also new risks.

From Centralized to Distributed

Initially, digital identity was centralized, each service managed its own user database. As the internet grew, this became inefficient and created problems with data silos and user lock-in.

From Data Collection to Data Control

The early web was about collecting as much data as possible. Now, there's a growing awareness that users should have control over their own data and how it's used.

The Current State

Fragmentation

Today, most people have multiple digital identities, one for each service they use. This creates problems with:

• Password fatigue
• Data silos
• Inconsistent user experiences
• Security vulnerabilities

I know I have this problem. I have accounts on dozens of different platforms, each with different login systems, different password requirements, different security measures. It's exhausting. I'm constantly forgetting passwords, going through recovery processes, and trying to remember which email I used for which service. It's not sustainable.

Privacy Concerns

The collection and use of personal data has become a major concern. Users are increasingly aware of how their data is being used and want more control over their digital identity.

This is something that really worries me. Every time you use a service, you're giving away data about yourself. Your location, your browsing habits, your preferences, your relationships. And most of the time, you have no idea what's being collected or how it's being used. You just click "agree" to terms of service you never read and hope for the best.

The Power of Platforms

A few large platforms (Google, Facebook, Apple) have become the de facto identity providers for much of the internet. This gives them enormous power and creates new risks.

This is the scariest part. These companies control access to most of the internet. If Google decides to lock you out of your account, you lose access to Gmail, YouTube, Google Drive, and all the other services that use Google login. If Facebook decides to suspend your account, you lose access to all the apps and websites that use Facebook login. These companies have become the gatekeepers of the internet, and that's a lot of power for any single entity to have.

The Promise of Self-Sovereign Identity

User Control

Self-sovereign identity promises to give users complete control over their digital identity. Instead of relying on institutions to manage their identity, users can manage it themselves.

This is the vision that got me excited about working in this space. Imagine if you could prove who you are without having to go through Google or Facebook or your bank. Imagine if you could control what information you share, with whom, and for how long. Imagine if you could take your identity with you wherever you go, without being locked into any particular platform.

Interoperability

SSI systems are designed to be interoperable, allowing users to use the same identity across different platforms and services.

This is huge. Right now, if you want to use a new app, you have to create a new account. With SSI, you could use the same identity everywhere. No more creating new accounts, no more remembering different passwords, no more filling out the same information over and over again.

Privacy by Design

SSI systems are built with privacy in mind, using cryptographic techniques to allow users to prove claims without revealing unnecessary information.

This is where it gets really interesting. Instead of having to show your entire driver's license to prove you're over 18, you could just prove that you're over 18 without revealing your name, address, or any other personal information. You could prove you have a college degree without revealing which school you went to or when you graduated. The technology allows you to prove claims without revealing the underlying data.

Decentralization

By removing the need for central authorities, SSI systems can be more resilient and less vulnerable to single points of failure.

This is crucial. Right now, if Google's servers go down, millions of people lose access to their accounts. If a government database gets hacked, millions of people's identity data gets compromised. With SSI, there's no single point of failure. Your identity is distributed across the network, making it much more secure and resilient.

The Challenges Ahead

Technical Complexity

SSI systems are more complex than traditional identity systems, which creates challenges for both developers and users.

This is the reality we're facing. SSI is not simple. It involves cryptography, blockchain technology, and complex protocols that most people don't understand. The user experience needs to be simple, but the underlying technology is complex. This is a huge challenge for adoption.

Adoption

Getting users and institutions to adopt new identity systems is always difficult, especially when existing systems seem to work well enough.

This is the classic chicken-and-egg problem. Users won't adopt SSI until there are enough services that support it, but services won't support it until there are enough users. And institutions are slow to change, especially when the current system seems to work (even if it's not ideal).

Standards

The SSI ecosystem is still developing, and there are competing standards and approaches that need to be reconciled.

This is another challenge. There are multiple SSI protocols, multiple blockchain networks, multiple approaches to the same problems. We need to figure out which standards will win, or at least make sure they can work together. Otherwise, we'll just end up with another fragmented system.

Looking Forward

The concept of digital identity is still evolving. We're moving from a world where institutions control identity to one where users have sovereignty over their own digital identity. This shift has profound implications for privacy, security, and user experience.

The key is to design systems that are secure, private, and easy to use while giving users the control they want over their digital identity. This is the challenge and the opportunity of self-sovereign identity.

I'm excited about the possibilities, but I'm also realistic about the challenges. This is going to take time, and it's going to require a lot of work from a lot of people. But I believe it's worth it. The current system is broken, and we need to fix it. Self-sovereign identity might not be the perfect solution, but it's the best one we have right now.

---

Next in the series: Which problems does digital identity have?