FLOSS Weekly 704 Transcript
Please be advised this transcript is AI-generated and may not be word for word.
Time codes refer to the approximate times in the ad-supported version of the show.
Doc Searls (00:00:00):
This is plus weekly. I'm Doc Searls. This week, Simon Phipps and I talk with Har Montgomery of the Hyperledger Foundation, which is part of the Linux Foundation about distributed data and decentralized trust. But we go much farther than that into wallets, into what the real role of the Hyperledger Foundation is, how it's changed over the years, what all their different projects are. Cuz there are many. It involves self-sovereign identity, lots of other topics. And that is coming up next.
Announcer (00:00:31):
Podcasts you love from people you trust. It is great.
Doc Searls (00:00:39):
This is Floss Weekly, episode 704, Recorded Wednesday, October 26th, 2022. Distributed Data, Decentralized Trust.
Announcer (00:00:52):
Listeners of this program get an ad-free version if they're members of Club TWiT. $7 a month gives you ad-free versions of all of our shows Plus membership in the club. Twitdiscord, a great clubhouse for TWiTlisteners. And finally, the TWiTplus feed with shows like Stacy's Book Club, The Untitled Linux Show, the Giz Fizz and more. Go to twit.tv/clubtwit and thanks for your support
Doc Searls (00:01:19):
Here. There everybody. I'm Doc Searls and this is Floss Weekly. And this week I am joined by Simon Phipps himself, coming in as he will on screen for those graced with visuals. There he is, there I am, his layer. I'm
Simon Phipps (00:01:35):
Down here in the bunker in Southampton
Doc Searls (00:01:37):
Bunker. I'm in my bunker. I'm in a, I'm at a basement here for the next several months. Off and on. I'll be in Hawaii. Yeah.
Simon Phipps (00:01:45):
So witness, witness protection is this
Doc Searls (00:01:48):
<Laugh> that would be cool. <Laugh> in a, in a certain way. What, what advice Sons does working at a place where his coworkers who know he's very smart, but don't know why he is working there, asked him if he was their witness protection <laugh>. So, I dunno. But no, I, I'm, I'm here. This is Bloomington, Indiana, and we just got a house. So by the end of the year, we over there. Yeah. And my wife is over there fixing things up. Just came in and said, Do you know the tiles of the bathroom are plastic and not real? I, No, I didn't know that. But <laugh>, stuff like that, so,
Simon Phipps (00:02:26):
Well, you, you know, what you need in that new house is a lovely fresh blockchain
Doc Searls (00:02:31):
<Laugh> there, there's a it may turn out to be a kind of a ball and a block at the end of a chain. I don't know. It was built in 1900, which is rather young by your standards in the uk, but quite old here. So it's a, but it's, it's a cool house. Nice charming old house. So, so our, our our, our guest today is Heart Montgomery of, of the Hyperledger Foundation and crypto and blockchain expert. You're not a blockchain fan, <laugh>. Oh, that's not why, that's not why I invited you to cohost, but I, I <laugh> I'm gathering that.
Simon Phipps (00:03:07):
You, you, you know I, I, when I first saw it, I thought it was really cool. And as time has gone on, it has looked more and more to me, like slideware from a technology evangelist at a big corporation. And all the applications I've seen for it appear to be the, the almost criminal, if not actually criminal. And so I'm, I'm still looking for an example of some reason why it needs to exist that isn't about letting a big corporate evangelists have conferences in exotic locations. So, I, I think that's gonna be my you know, the, the big, the big question that I've gotta ask today is, so, you know, what is there, is there this
Doc Searls (00:03:50):
To exist other than that Mrs. Lee? And how is the play? Yeah, Yeah. Okay. So I
Simon Phipps (00:03:55):
I I'm sure heart is is is already for those questions.
Doc Searls (00:03:59):
Well,
Simon Phipps (00:03:59):
Brian warn him.
Doc Searls (00:04:01):
Well, let's, let's bring it in first. I've a little, a little, a little bio here. Hart's the ceo, cto, sorry, of get through that bit, iterate of the Hyperledger Foundation, extensive experience at blockchain and cryptography. Previously worked in blockchain and cryptography research at Fujitsu Research where he helped lead Fujitsu's efforts to develop and deploy Te Hyperledger Tech. Prior to that, he got his PhD in cryptography at Stanford under Dan Bona, I hope I pronounced that right, where he was a Stanford graduate fellow. And he's had numerous academic publications at patents and cryptography and blockchain and brings a wealth of experience and the rest of that. And High heart. <Laugh>, welcome to the show. Thanks. Very. Maybe we can start out by, by just having you address Simon's concerns because there they are. <Laugh>.
Hart Montgomery (00:04:55):
Absolutely. So Simon, I like to take a pretty abstract view of blockchain. So, you know, when you ask people like what blockchain is or, or how do you define a blockchain you get a lot of different answers. But I like to think of a blockchain as a distributed database with these centralized trust. And if you think about, you know, sort of what most blockchain implementations do today, you know, that's really just what they are, right? They're distributed databases with decentralized trust. And if you think about cryptocurrencies, you know, even which I, I gather you're not a fan of you know, sort of like, what is Bitcoin, right? Well, it's a distributed database with decentralized trust for, for money, right? If you think about something like Ethereum it's, it's a distributed database with decentralized trust for essentially computer programs, right?
(00:05:48):
I mean, they, we call 'em smart contracts, but they're essentially just turn complete programs. And, and you, you know, trust is a continuum, right? It's, it's sort of not all or nothing. You know, at one end you have traditional centralized databases, right? And the other, you have systems that are completely in, at least in theory if not in practice, decentralized. And you can have some stuff in the middle, right? Like if you run a, a Hyperledger Fabric Network with crash fault tolerant consensus, you're sort of somewhere in the middle of in terms of trust. Does that sort of make sense as a, as an abstract primitive anyway?
Simon Phipps (00:06:28):
I mean, it does, you know, it's so, so blockchain is, is a, a distributed link list as far as I'm concerned. And then it's got layer over that smeared over the top of it, some kind of a, a trust mechanism to allow people to establish links in the link list and some kind of voting mechanism in some applications to make sure people can handle clashes between the independent actions of the actors involved. The, the, the challenge I have with it is I, I've yet to see a compelling reason to use this instead of say a PLE space. I've yet to see an application that hasn't had to be fixed by having centralized authentication rather than distributed identity. And I've seen quite a few cases where the primary application appears to not be terribly sound. It seems to be like, like Bitcoin, for example, which ultimately is, is has caused, I would argue, more problems than it's ever solved. So the, the, the challenge is less with the abstract concept, which, you know, I grew up and could be called other things other than blockchain. It's that, that phrase blockchain has attracted to it all of the less reputable part of the internet, and they're all having a party there. And I think that's really the that's really the problem.
Hart Montgomery (00:07:51):
Yeah, I mean, so I can get into some applications if you like. So some of the cool stuff we've seen you know, is, is obviously not related to cryptocurrency or, or token speculation or, or anything like that. One of the first production networks we saw in Hyperledger was called Ever Ledger. Are you, have you, are you familiar with ever Ledger at all? This is several. I
Simon Phipps (00:08:12):
Don't see ever ledger. No.
Hart Montgomery (00:08:13):
Got it. So the idea behind Everledger was Diamond tracking and Trac Inc. So if you want to buy a diamond, you presumably do not want to buy a, a blood diamond, right? And so the idea was using this ever ledger chain you could see the entire providence of diamond from sort of mine to, you know, to end user, which is, I guess, however you're, you're wearing the diamond and jewelry. You could see this in, in a transparent way and it would allow users to be convinced that they were not buying blood diamonds. And so your natural question when you're talking about, you know, any application where people are using blockchain should be, why do I need decentralization here? You know, why is there not, you know, some central authority that can just manage everything? And in this case, right, there are lots of industry players that are competitors, right?
(00:09:12):
And, and, you know, they don't want, they don't trust other people to be the root of information to sort of maintain everything. If there were one central authority that, that had vision into, you know, everyone else's activities and control the source of information that wouldn't be acceptable to, to the other players in the industry. So that was why sort of a blockchain was, you know, ideal for this case was the decentralization in the industry and the transparency that the end users wanted. Right. So, you know, that, I hope that <laugh> at least <laugh>,
Simon Phipps (00:09:49):
You know, well, so I'm looking at ever ledger on screen here. So I mean, I wrote an app that sounds a lot like that when I was at IBM in the nineties. But back before the, the idea of blockchain had been coined, we, we, we created a distributed ledger and we conceived one then in the two thousands for doing transportation ticketing and for doing settlement of transportation ticketing between different transport carriers. A and so I've, I've seen applications that use a distributed link list and a distributed immutable link list before. The, the thing that looking at Everledger the, the, the, the real question here is the degree to which the the trust is independent of the application. And the, the big problem that, that cryptocurrencies have created for us is they've created a world where nobody is in control.
(00:10:44):
And so what gradually happens is people do actually take control by taking ever larger stakes in the network, and by taking ever more central convenience positions in the enablement of the platform. And it ends up being centralized, but unregulated. And so the problem that there's been with much of the blockchain that I've seen has been exactly that problem. It has become centralized while without also becoming regulated. And and so that's, that's kind of the, the, the place I'm kind of needling into. I can see why I want to use a distributed ledger, cuz I've used all myself commercially in two previous decades. What I can't see is why I want to create a system where there is no trust authority. Why, why would I want to do that? Why would I not want to? So have a consensus, trust authority, for example, as my preference.
Hart Montgomery (00:11:37):
So you're asking basically the, the motivating case for why should we use a pub, a fully public blockchain? That's ostensibly, fully decentralized. Is is that right?
Simon Phipps (00:11:49):
Yes. Yeah. And, and I've get to see one honestly, that isn't in the control of some entity covertly be that like with a lot of crypto where it's ultimately the control of crypto miners over in the, over in Central Asia or where, yeah, it's covert under the control of the technology creators who are the peop, the only people who truly understand, even though the code is open source, how the technology works. And so they, they own the, the brand name and they tend to centralize the, the control of the technology. That's what I've seen all along. I've seen, I, I really haven't seen any really big public examples of something that wants to own up to being blockchain. And maybe, maybe it is blockchain under the covers, and people don't wanna call it that because it's disruptable. But I, I have yet to see a really great example of a blockchain that will make me think, Oh, then maybe this isn't the dark end of the internet.
Hart Montgomery (00:12:44):
So I guess then yeah, so, so we use sort of blockchain colloquially to define, you know, public and permission blockchains, right? So, you know, informally, like, you know, we, we sort of use blockchain and, and distributed ledger interchangeably. You know, and obviously a lot of our Hyperledger code is focused on, you know, permission blockchains like fabric is a permission blockchain you know, but, but we do have, you know, a Hyperledger Basu which is used for both public, it's, it's a public theory execution client, and it's also used for some permission blockchains. So, you know, as far as public blockchain centralization goes, you know there, there is a big issue there, right? You know, obviously you mentioned minors now you have staking pools. I don't know if you're familiar with yeah. With the, the staking pool stuff. So like Lido has a huge percent of, of Ethereum stake locked up on it. And, and, you know, ev everyone's a little worried about this. There's also this issue of me and, and block creation now if you're familiar with that as well which is another potential censorship and centralization issue. I, I don't know if you've dug into that at all but it's,
Simon Phipps (00:14:11):
Yeah, let's, I mean, I've, I dug into some of those. So, so we, I interviewed Brian Brian Balen on Flos Weekly, previously twice actually, about about Hyperledger. And Brian persuaded me in his typical charming and, and intelligent way that Hyperledger is about taking all the good parts while not doing any of the bad parts of blockchain <laugh> you know, is that true? Is or is, is hyper directly just an ar an arms dealer to the bad guys?
Hart Montgomery (00:14:45):
Well, I think so, but, but I mean, high privilege is totally open source, right? So we're a Linux Foundation project. You know, and I, I define hyper, you know, Hyperledger has changed since the days of Brian. So I define it as, as sort of the, the Linux Foundation's umbrella project for, for blockchain. But we are open source, and so anyone can download the code and, and, you know, use it for whatever they want <laugh>. And we have seen some some use cases and some uses by some actors that, you know, in the vacuum we would prefer not to have. But, you know, it, it, it's open source. That's just how things work. You know,
Doc Searls (00:15:29):
So Bringham pause there. I think, Doc, you're ready with a with different thought here? Yeah. So, you know, my besides Brian is just an old friend my main acquaintance with with Hyper Ledger is, And, and maybe you could go into a little bit of where and how the Linux Foundation comes up with these foundations. So foundations within foundations, we've actually had quite a few people on from the Linux Foundation in various ways. When it, when it started you know, I came, I, my familiarity with it had to do with self sovereign identity and the whole self sovereign identity development movement, and a lot of which is based on blockchains, but some of it wasn't. Most of 'em did try to say distributed ledger rather than blockchain. And then when a code base was developed, it was adopted by by Hyperledger rebranded. So it was open source and under their ages, sort of in particular, for example, Hyperledger Indie, that was when it came for the Sovereign Foundation, where full disclosure, my wife was on the board at that time. And I'm wondering what's changed since then. I mean, and, and cuz I know IBM was heavily involved and it had a thing going on. I don't think IBM is still there anymore, but I'm not really sure. Yeah,
Hart Montgomery (00:16:51):
So IBM is still there.
Doc Searls (00:16:52):
Yeah. So I'm, I'm IBM is still there. Yes. It, okay. So, so what is it, what does it look like now? I don't even know what happened to Hyperledge Indy. Is it still there? It still doing stuff? Oh,
Hart Montgomery (00:17:00):
Yeah, yeah, yeah. I, I'll go into all of this. So, you know, in the beginning, Hyperledger Fabric was the first code base contributed. It was contributed by IBM and digital asset. And it still today is to what most people associate with Hyperledger, even though sort of Hyperledger has has grown much larger since then, you know, we've had a lot more code bases contributed or sort of natively built up in Hyperledger. I believe we're at 14 projects today. We just took a new project related to indie, which I'll, I'll talk about in a second. But, you know, we have, we have things like Hyperledger Basu, which, you know, is, is an Ethereum execution client that you can run either, you know, on the Ethereum may net or you can run a, a permissions network. So a distributed ledger as, as you all are calling it on Basu.
(00:17:51):
And we actually have you know there's a, a group called Lack Chain, and that, you know, runs a huge permissioned Basu ledger in South America, which I think is really cool. You know, as, as far as the identity side, you know, it's been really interesting to watch. And that space has grown, you know, tremendously over the past years. It started with Hyperledger Indie then Indie has at this point forked out multiple projects. So there's Hyperledger areas, which I don't know if you're familiar with, which is sort of the agents layer of, of identity. There's hyper or rsa, which is the, the crypto library. And then there's also recently an anonymous credential project was approved for this was actually last week, so it's not up on the website yet. But this was approved for anonymous credentials and, and specifications.
(00:18:53):
You know, so, so the identity community is, is still going really strong. You know, I think it's a really cool space. It's incredibly decentralized. There are tons of people from all over the world that work on it. You know, one of my favorite facts about the identity community at Hyperledger is we have government employees that are full time maintainers on our identity projects, which I think is really uncommon and really cool. And that those are some of our most productive maintainers. So, you know the identity community. So, so back to sort of your, your thing about ledgers. So in the very beginning you know, indie was, was an identity focused ledger. And the idea was that, you know, you have to root your credentials somewhere, right? You have to have a starting point for your, your self sovereign identity, right?
(00:19:50):
And that, you know, sort of the root of trust was going to be this, this distributed ledger. And this was the reason for like the sovereign foundation and, and everything, which I'm sure you're familiar with. But now, you know, everyone has sort of recognized that, you know, we should be able to root credentials anywhere. We should, you know, put them wherever you want. You can put them on different ledgers, you can put them on other trusted things besides ledgers. And, and, you know, so, so we've seen a, a real modularization, and this is this recent anonymous credential project that came about. So that, you know, you, you can put your, your anonymous credentials on, on anything you want and group them anywhere. So I'm, I'm really excited by that.
Simon Phipps (00:20:34):
Now, I'm, I'm just looking at all the names of those projects that are up their heart. Mm-Hmm. <affirmative>, do you have a concept map that shows what all of those projects do? Cause they've all got you know, the trademark safe names and yeah, descriptive names. And I, I wonder if you've got an architecture that shows how those all fit in somewhere?
Hart Montgomery (00:20:57):
Yeah. So, so usually on the website, we have them into sort of three categories distributed ledgers you know but unfortunately, I don't think we have a proper dag a dag a graph basically showing all of the connections and interdependencies. It's, it's, it's a great question. I can go through some of them if you want. Some of the complications in this are, are, are projects like Hyperledger Cactus or Cacti which is our our integration project. So, you know, a lot of people have have applications to where they want to connect sort of one blockchain or one distributed ledger to another, right? And this is sort, sort of the root of this is is something that's been called the blockchain trilemma, if you're familiar with this. Have you all heard this
Simon Phipps (00:21:54):
Carry on? No, I, I haven't actually. So it's an interesting, even if we have, even if we have all those other people that they haven't, so,
Hart Montgomery (00:22:03):
Gotcha. Well so the, the base idea behind the blockchain, and I believe it was first coined by Vitalic Uterine, but I'm not entirely sure. It was basically that it's impossible to have in a single distributed ledger security scalability and decentralization. You have to sort of give up on at least one of these. Now, we certainly hope people don't give football security, because that would be a disaster. So what this becomes is a trade off between decentralization and scalability. Sort of the more decentralized you are, the worse you scale, right? And, and, you know, the more centralized you are potentially, the faster you can be, you know, the lower latency, more transactions per second, so forth, right? And, and you see this, right? A lot of the public blockchains have very, very slow transaction speeds, right? I mean, how many transactions can you get in Bitcoin, right?
(00:23:04):
Something like 10 a second. It's, it's, it's not very fast. So, so the, the sort of point in this is that, you know, we don't believe that there's gonna be any single distributed ledger or, or even database that, that fits everyone's applications, right? You know, you might need to be more decentralized. You, you might need extra features like zero knowledge proofs or, or other privacy preserving properties. So we're gonna have a lot of, you know, today we have a lot of databases, you know, that, that even need to talk to each other. But we can imagine a world where we have a lot of ledgers that need to talk to each other and, and communicate you know, swap assets, do atomic swaps, all this stuff. And, and how do we do this, right? This, this is pretty tricky these days.
(00:23:51):
And this is one of the problems that this, this Cactus Project aims to solve, and it works with essentially all of our distributed ledgers on this. This is the same with hyper ledger firefly, which sort of takes a little bit different angle on interoperability and integration, where it's sort of I almost wanna call it a container for blockchain or distributed ledgers where you sort of write code once and you can run it on a bunch of different platforms. So, so I guess in summary, I'll, I'll go back to your original question and pop the stack back up to that and say that, you know it's complicated saying what projects work with what other project
Simon Phipps (00:24:29):
Mm-Hmm. <Affirmative>, right? Right. I mean, I was just looking at the whole panel plea there, and as I say, it's, it's all the trademark safe names, and I have no idea. The only way I can find out what they are is by clicking through and reading all about them. You've, with the, the video, people can see the picture on the screen there now. Yeah. And that, that, that's also been a little bit of my experience of blockchain, is that people are wildly enthusiastic about individual technologies. I, I always had the impression at the beginning of Hyperledger Foundation that all of your initial stakeholders all contributed in compatible blockchain toolkits from their labs into Hyperledger. And your early years were spent triaging the complete differences between all of those stacks. And this looks even more so now. This looks like you've got, you know you've got nine projects that look like they're probably hype ledgers, and you've got like six,
Hart Montgomery (00:25:25):
We have four ledgers
Simon Phipps (00:25:25):
Look like they're addons. Okay?
Hart Montgomery (00:25:28):
We have another view that I, that I believe is called the Greenhouse View that mm-hmm. <Affirmative> that lets you see this a little better. But well, I guess it depends on, I guess, we'll, we'll say five ledgers if, if we're counting indie. But indie, Indie is a very specialized ledger. It's, you wouldn't want to use it for a non identity purpose. We have fabric, which, you know or probably know we have Basu, which is Ethereum, Ethereum Execution client. We have Sawtooth which was contributed by Intel. We have a roha, which was contributed by Sore Mitsu and sort of has a, a mobile application focus. And we have Indy. So, so those are the ledgers. We haven't had any new ledgers join in quite some time mm-hmm. <Affirmative>. So that has been, you know we've, we've sort of had efforts coalesce around the existing ledgers which, which, you know, I think has been good.
(00:26:30):
I, I don't know, <laugh>, there's clearly some number of ledgers that's too much. And, and depending on who you are that number can, can vary widely. But, you know, yeah, we're excited to see the proliferation of, of other stuff which are tools around making blockchain easier to run, making, you know, and I use blockchain here interchangeably with distributed ledger and, you know, making distributed ledgers easier to to integrate, to operate, you know, just streamlining processes, you know? We'd like to see stuff, you know, we're, we're seeing more stuff on privacy preserving tools which is really important for distributed ledgers. And I know that's, that's something that, that we haven't talked about. You know, and I guess, you know we were talking about public blockchains. You know, one of my personal biggest concerns about public blockchains that, you know, that you didn't really get to even, is about privacy, confidentiality, and anonymity. And if you want to work on those, you know, you, you do need really powerful tools like, you know, Snarks and Zero, all kinds of zero knowledge proof stuff. And even then you have issues with traffic analysis and other stuff.
Doc Searls (00:27:49):
So, I boy, hope this raises a whole lot of questions, starting with starting with privacy. But first I have to let everybody know about Club Twit, so I'm getting it or promo for that. Joining Club Twit is another great way to support the twit Network. As a member, you get access to ad free versions of all the shows on twi, as well as other great benefits. There's a bonus TWIT plus feed that includes footage and discussions that didn't make the final show edit, as well as bonus shows we've started, such as the GFIs, and ask me anything, some fireside chats with some of your favorite TWiTguests and co-hosts as Floss Weekly listeners, you may be interested in checking out the Untitled Linux show. That show is available only to Club Twit members. And that is a great show that Jonathan and Bennett hosts another one of my co-hosts here, and he does a great job.
(00:28:44):
So join up to sign up, join up, same thing, Club Twit for just $7 a month. Head over to twit tv slash club twit and join today. And we thank you for your, for your support for supporting us that way. So, on, on privacy, actually, you, you broke out privacy, confidentiality and anonymity, which, you know, these are overlapping things and anonymity is pretty well understood. Confidentiality is a matter of trust. You were talking about that at the beginning of the show. Privacy is kind of an outcome of a number of technologies. Technology is, is, is is a topic kind of near and dear to my heart, cuz I've been focusing on it for a long time, even wrote or co-wrote a manifesto on it that really starts with its personal. And people need control over it. And we have privacy technologies in the physical world.
(00:29:38):
Like I'm wearing clothes right now. We're all wearing clothes. Those are privacy technologies. They not only guard things we call our privates and other stuff we'd rather people not see but also signal, you know you're not supposed to plant a tracking beacon on me because I'm wearing something, right? And yet online, we haven't worked out privacy yet. In fact, privacy is, is largely violated almost in a proforma way. And, and I'm wondering if you're, if you visit that at all. I mean, what your approaches are to privacy with, with with Hyperledger in general and with different projects in particular.
Hart Montgomery (00:30:19):
Yeah, I mean, this is a topic near and dear to my heart as well. And, you know, I, I could go on for, for hours on this you know, on digital privacy, you know, as we are moving things to, to the web, you know, this isn't just a, a distributed ledger or a blockchain question, it's a more general question. But, you know, the, the analogs of, of sort of real world privacy are scary, right? So, you know, the classic example of, of identity obviously is, is presenting your driver's license at a bar to show you're 21, right? You know, you've seen this a million times and, and anyone who's who's touched digital identity has come across this. So in the real world, right? You know, the bartender or the bouncer, the doorman or whatever, looks at your id, you know, scans it, make sure you're okay and, and gives it back to you, right?
(00:31:15):
And, you know, the digital analog of what's happening is this guy is, is photocopying your driver's license, right? And then selling it to everyone he can. You know, and, and this is sort of concerning you know, the, the fact that, you know, as, as, as more and more of our lives go online, you know, more and more of our information goes online. And this gets tracked in ways that, you know, that people don't realize or, or can't control. And obviously this goes back to the core of, of self sovereign identity, right? Is that, you know, you should, you should control your identity. You should control your data. But again, the, the, the question is how, And, and the question is, you know, can we put this in terms that are sort of, you know, easily understanding for, for people, right? One of the, the complicating things is, is if you have a system, you know, like a distributed ledger or an identity system or whatever how do you even define privacy for that system, right?
(00:32:17):
Even anonymity can be, can be tricky to define, right? You know, and lots of people you know, use sort of what I call the the patches o houlahan strategy for, for privacy. I don't know if you've seen the movie Dodge Ball but you know, this is basically just, you know, they just throw some tools, throw some cryptographic tools at, at the problem and, and just sort of hope it works. But, you know, if you really want to, to say a system has privacy, you, you need to formally say what privacy means, right? And you need to have a, a definition that, that makes sense. I, I hope this is, is making sense to you all.
Doc Searls (00:33:04):
Yeah. there's a, is it two things. One is I've I've love the idea of self sovereignty identity from the start just by the name of it, which a number of companies feel uncomfortable with. But I to be the internet as a, it essentially a peer to peer system at the bottom level basically promises everybody full agency <laugh> and if they want it or something close to full agency. And yet we've built lots and lots of very large companies that can do it. Only very large companies can do. And, and we need those. And then it, if you told me in 1995 that in 2022 we would still be using logins and passwords, I think you were crazy. And yet here we are. I mean, some things are, are miracles on the order of loaves and fish. And on the other, there's you know, something's never changed.
(00:34:03):
And I, I wanted to mention somebody, I just, I, I just talked to somebody yesterday. This is actually, I'm not sure it's a blockchain project. It's a tide.org. They're in Australia, and they have a way to get rid of passwords, basically by having individuals when they participate in a system, their password is charted out to many many different points in a distributed, not a distributed ledger, but in distributed database. So no one part of that database or many databases knows the whole password. Which it's an approach to getting rid of passwords that I, I found really interesting. And, and they, it's not exactly a blockchain because it's not one, one ledger across which everything is replicated. It's, there are many different nodes that are doing different things, but the, what I like about it is that it, it attacks that problem, and it starts with privacy as a, as a need.
(00:34:57):
Mm-Hmm. <affirmative>, but it's still a B2B thing. And the thing that, that I'm look, that have wanted, that I'd like to shift if we can to wallets, because wallets have interested me since Google and Apple and others brought it up like 10, 12 years ago. You know, but I, I, the wallet I have, my pocket is my wallet. It's not a Google wallet, it's not an Apple wallet. It, it's a place where I keep verifiably credentials. They, they reveal more about me than I'd like. If somebody wants to know that I'm over 18, they don't need to know where I live or what color my hair was <laugh>, you know, when I had it. But and that's one of the promises of, of SSI is that we don't have to disclose everything. There's what Kim Cameron of Microsoft, you know, with his seven laws of identity called minimum disclosure for a constrainted use and justifiable parties and plurality of operators and individual control over consent.
(00:35:57):
And, and I see us moving in that direction. But part of what I'm looking for from you is some assurance, maybe some detail on how, on the one hand doing what the Linux Foundation does, I think extremely well, which is bring a bunch of big companies and big developers and happening things together kind of into one room or under one umbrella, and have them get a, not so much get along, but work together on something that they all need and they're not gonna compete on. And then compete on gravy, whatever the gravy is on the one hand, and on the other hand, have the individual represented in here somewhere. So that's sovereign entity is actually a primary actor and not a secondary one that'll make sense as a bit of a filibuster. Sorry.
Hart Montgomery (00:36:44):
No, a absolutely. Like that's you know, self sovereign identity verifiable credentials and anonymous credentials are, are a huge part of this upcoming open wallet project. So for those of you that aren't familiar there's a big effort going on right now at the Linux Foundation to, to start a new open wallet project. You know, there's, there's a ton of stuff online if you're interested. But, you know, giving users agency and you know, self sovereign identity are a big, big design principle of this wallet and what you described earlier, which is the the key charting the, you know, that's also in scope. And while we aren't, you know, far enough to have like an architecture or a roadmap this kind of thing, which is, is usually called an MPC wallet, for a lack of a better word because it usually uses mpc, which is multi-party computation or some kind of threshold cryptography to to do this, this key charting and, and key recovery. You know, those are all things that people are interested in seeing. So, you know I, I think people are, are people recognize the, the desire and the need for these things. And, you know, I think the wallets for the future will have these.
Doc Searls (00:38:10):
So you're, did you breathe hard there, <laugh>?
Simon Phipps (00:38:14):
I, I did, I did. You know, so again, I, I'm watching all this and I saw Open Wallet when it was announced. It seems to me that we didn't listen to Simpson Garing when, when he wrote Database Nation what seems like yesterday to me, but actually was really quite a long time ago, where he really, he pointed out that centralization without regulation leads to a loss of privacy and mm-hmm. <Affirmative>. it, it seems to me that Open Wallet Foundation is very likely to need to lead to a multiplicity of centralized wallets owned by brands facing towards consumers rather than toward, to a technology that will allow me as an individual to control my relationship with brands. Am am I misunderstanding this? Or, or is that really what's going on?
Hart Montgomery (00:39:07):
So I, Yeah, I, I think if people build a wallet that, that support, like I as a company, right, can build a wallet that, that supports self sovereign identity, that supports verifiable credentials, that supports anonymous credentials that still lets you, you know, control your identity and, and control what you disclosed. Right? You know I think a lot of a lot of companies and a lot of people recognize the merit of, of a neutral wallet, right? You know, and that if there is, if there is a neutral wallet or, or a neutral wallet backbone, shall we say that, you know, people, particularly privacy conscious people will gravitate towards that. You know, so I, I, I'm not sure I entirely see how you know how it opened Wallet it would contribute to, to centralization. And I think honestly, in the wallet space at least in the digital wallet space, you know, centralization really can't get any worse. The, the space is already extremely centralized. You know, Apple Pay has just an enormous market share. And you know, outside of that, the, the Google Wallet and the, the Google Pay, you know, between those two, they, you know, they, they pretty much have the market cornered.
Simon Phipps (00:40:26):
What I, what I don't get here is is really what's gonna create that neutral wallet. Cuz what I, I'm expecting Open Wallet Foundation to do is to create a, a toolbox, a set of parts like mm-hmm. <Affirmative> Hyperledger Foundation has done that other people will then build applications with, and the other people who will build those applications will undoubtedly be brands. And what we will see is a multiplicity of brands with interoperable systems to the extent that it satisfies their business needs still being used from a point of control in facing consumers, rather than something which is gonna empower me to pick and choose between all brands that I'm gonna use which is an outcome that could only come about if it was either a q through regulation or, or through a very powerful centralized charity. So I, again, you know, what am I missing here? It looks like it's gonna build a toolkit. It doesn't look like it's gonna build a wallet for me to control the brands with
Hart Montgomery (00:41:28):
It. It is gonna build a toolkit. I'm not, I, I guess, you know, regulation is already heavily in play particularly, you know, European regulation which is, you know, as, as you're aware, much stronger than than US regulation. You know, and, and I don't think, you know, you're not gonna want a different wallet for, for every brand, right? That's, that's gonna be massively inconvenient. That's not how it works today in either the, the real world or the digital world. So, you know the hope is that, you know, the market will, will steer us towards this, this sort of like, you know, neutral wallet that does enable, you know, privacy, preserving consumer functionalities you know, that that's what we expect. You know, so does, does that make sense?
Simon Phipps (00:42:25):
You know, I, I'm, I'm much being, being a, a British cynic rather than a a a
Hart Montgomery (00:42:31):
I get that
Simon Phipps (00:42:32):
Rather than a hopeful American. You know, I, I look at this and what I see happening is the toolkit being used by a family of brands to build interoperable wallets. But they'll still want, they'll want me to have their their brand wallet on my phone so that I tend to shop with them so that I tend to share credentials with them, and they'll want to use the interoperability that Open Wallet Foundation gives them in order to have favored relationships with their partners. But none of this is gonna be designed so that it's, it's in my interest. It will all be designed in the interests of the brands. And the only way you can avoid that is if Open Wallet Foundation instead builds an open wallet that all of its member companies then choose to make their systems compatible with. And if that was what you were proposing, I'd be really quite excited about it. But it sounds very much like the world I'm gonna see as the first world.
Hart Montgomery (00:43:29):
So I hope not <laugh> we we, you know, again, we, you know, in the open source community, you know, we can sort of only get the software out there and, and hope the best things happen. You know, we can't control who uses the software, you know, necessarily for for what purposes. You know, a lot of the companies that I have talked to about this, you know, do you want to respect privacy? They, they do want to do it right. You know, there are regulations that you know, that handle, you know, particularly in Europe a lot of the, the privacy issues and things around that, and, you know, not every, people just don't want a multitude of wallets, right? People wanna use one wallet, they want to use it seamlessly. So, you know, I'm not sure that I really see this like proliferation of, of wallets happening, You know, I think, you know, there may be, you know, some, some collection of wallets, but at the end of the day, in the, the real world, I have one wallet, right? And I, I presumably wanna have one digital wallet too, right? And then if brands want to participate, you know, we can, you know, they can give me credentials. I can give them credentials, right? But, but I would hope it would be through this one wallet and not through this proliferation of wallets.
Simon Phipps (00:44:51):
Are you gonna make a, a reference implementation of of an open wallet that maybe might be the seed for a a, a, a citizen centric rather than a brand centric tool?
Hart Montgomery (00:45:05):
People definitely will. Yeah. I don't know that we will have, you know, an official Linux Foundation or an official open wallet you know, wa reference implementation. But, you know you know, like people like the government of British Columbia are involved in this project, and I highly doubt that, you know, they're going to, to put something together that's you know, it's not consumer or citizen friendly, right?
Doc Searls (00:45:37):
Yeah. a a couple things. One, one is I wanted to, I'm glad you brought up British Columbia because that I think is one of the blockchain success stories anyway, that they're using blockchain in, in their own identity system. Absolutely.
Hart Montgomery (00:45:51):
It's,
Doc Searls (00:45:52):
It's yeah, it's live, it's been there, it's been there for a while. And there's, but I, I wanna, I wanna stay on the wallet for for a minute because I, I wanna know what it looks like and what's in it because is it something that is a, you know, something I could click on the, on the front page of my, of my phone? Is it something that's just invisible and it's just basically I have a database that I just know and it just gets used and, and it just be, it's as, as as I issue. In other words, as I, I, I go to the sh I go to the show, I've bought a ticket, I, I carry a verifiable credential, I wave my phone in front of something, or there's a QR code involved, or there's just a verifiable credential in a, in a verifi pile credential scenario.
(00:46:40):
And that happens, but there's, there's one question about that, which is what it looks like and feels like, so we know what we're talking about. The, the other is what else goes in there? Because my fantasy is I have a lot of data about myself that's not just a verifiable credential issue to me, say by my school that I went to, or by the credit card company or, or the, or the drivers or the, you know, the DMV or the government in some way. But I also have like all my health records, all my financial information, all my possessions where I may wish, for example, to disclose to an insurance company what some of my possessions are. That's my, my internet of things. And I'm wondering if those kind of things are imagined as among the forms of data that pass through a wallet, that it's not just, I deal only in transactions, but rather something more rich and complicated than that.
Hart Montgomery (00:47:44):
Yeah. So you asked a lot of questions there. Yeah.
Doc Searls (00:47:47):
I'm sorry, <laugh>, so
Hart Montgomery (00:47:48):
No, no worries. It's totally fine. So, you know, this, this is very early effort, right? So we don't know exactly what the final shape will be, right? You know, we haven't officially formed a project yet. We just have a, a co you know, like a group discussing the, the formation if, if you will. So sort of questions about that, like what, what's the final shape and, and all that, you know this is, this is not yet determined. So, so I can't give you a great answer on that. As far as the other data goes there's a lot of stuff that's, that's in scope with this, right? People want to be able to do I guess I'll call it records if you will. You know, so obviously things like education credentials, but, but this would also presumably include medical records, right? You know, and, and those are particularly interesting, right? Because, you know, under normal, you have to be sort of careful, right? Because under normal circumstances you should absolutely have control over those records. But if you're in, you know, an emergency room situation, you may want someone else to be able to override that, right? So, but yes, I, I think, you know, while I can't say for certain certainly this, this general like nebulous area of important personal records would, would be in scope.
Doc Searls (00:49:23):
Yeah. well that's, that's encouraging actually. I wanna get into crypto a little bit before the end of the show, but Simon, I think you had one more, one more question about the foundation itself and what it might do.
Simon Phipps (00:49:38):
Yeah, I did, I, I mean, I dunno if it's a question or not heart, but would that, would the Open Wallet Foundation consider being a, an independent 5 0 1 C three public charity rather than a trade association? Because it seems to me that many of these questions we are talking about, about serving the public before serving the brands comes down to having an entity that is designed to serve the public instead of serving the brands.
Hart Montgomery (00:50:05):
Well, the open and while it would be under the Linux Foundation, so technically it would be under a charity yeah. But
Simon Phipps (00:50:12):
Linux Foundation isn't a charity, it's a trade association. It's a 5 0 1 c6.
Hart Montgomery (00:50:16):
Sure. so you're asking you know, I think it's an interesting question. You know, if you could put together, you know, a, a charity to, to implement you know, a a fully you know, a fully consumer focused, you know, privacy, preserving, open wallet you know, but I think that, you know, I think there are a lot of people that are gonna work on this and do this, right? Like, you know, I don't know about you, but you know, I will trust like what the government of British Columbia would put out, for instance, right? You know, so, so I don't know if if that will happen. But I do think there are certainly, you know, parties involved, you know, in in this, you know, that, that, that would would put out something that would be consumer focused.
Doc Searls (00:51:18):
So yeah. I think we've, I, I once went on about something and they, the guy was talking to says, Well, I think you've nailed out one of the floor doc. And so <laugh>, I think we've covered the, the wallet question pretty well. I'd like to ask a crypto question cuz you're, you know, you're a degree and respected authority on it. And it's a, it's a simple question, which is, can people really finally, I mean, will people understand it? I mean, because as, as soon as you get into key pairs and public and private keys and pki and how all that works, people not only tend to glaze, but people in the long run, they learn a Cordy keyboard. They know what internal combustion is. <Laugh>, you know, there, there there's some fairly complicated things that everybody can understand. To some degree people learn to drive. That's a really complicated thing to do or to ride a bike. So, could people understand crypto? Cuz cri, could crypto be something where there's common knowledge about how this works? Or is it always going to remain the domain of, of, of, of weenies like us <laugh>? I don't know. Well, I think
Hart Montgomery (00:52:25):
It's for that. I think it's, Yeah, absolutely. You know, obviously, you know, at, at a high level, I think it's definitely possible. And, you know, I think every, you know, software engineer should understand how it works at a high level. More importantly, what are the common primitives? What guarantees do they give and how do things work, right? You know, for a digital signature algorithm, for instance, right? It's a two pull of three algorithms, right? You have a key generation algorithm, you have a si a signing algorithm, and you have a verification algorithm, right? And the idea is, you know, if you have the verification key, you can verify standard or signatures, right? If you have the signing key, you can sign, and if you have the verification key, but not the signing key, you shouldn't be able to forge signatures even if you've seen existing signatures, right?
(00:53:17):
You know, and then that's the high level understanding of the primitive, but that's, that's basically it to a digital signature, right? If I give you a digital signature api, you just need to know that you don't need to understand you know, how the math works or, or anything like that, right? So, you know, understanding some of the math behind behind some of these cryptographic primitives can be quite complicated. Like pairings are, are mathematically challenging. Some of the newest post quantum cryptographic primitives, like elliptic curve misogynies, are also quite challenging. But, you know, the good thing is you don't necessarily need to understand that to use cryptography, right? You know, and we just hope that people can learn enough to use cryptography. You know, it, it's not important for everyone to understand the math behind cryptography, but it is important for people to understand the primitives and what they mean and sort of what they give you. I hope that's clear,
Doc Searls (00:54:25):
You know? That's good. That's good. <Laugh>. Yeah. Actually, did you wanna ask the question? You just put in, in the check here.
Simon Phipps (00:54:36):
So good one, semis, seriously harp, what should we call crypto cryptography now that cryptocurrency is stolen the abbreviation crypto much,
Hart Montgomery (00:54:45):
I still call
Simon Phipps (00:54:46):
It grief,
Hart Montgomery (00:54:47):
I still call it crypto. I mean, if you, you know, there people at the academic cryptography conferences still print out shirts saying that crypto means cryptography, <laugh>. So crypto, when you say crypto, to me it means the, you know, the, the big academic conference hosted in Santa Barbara annually. I still refer to cryptocurrency as cryptocurrency. So, so maybe I'm not the right person to ask <laugh>, cause I'm one of the last remaining holdouts on this, I think.
Simon Phipps (00:55:20):
Yeah. so, you know, welcome to the, welcome to the Legion of the Elderly with Doc and I this is, this is an eternal challenge when somebody steals the word that you use to describe yourself, to instead describe something that you are not very fond of. But I, I actually think this is a serious problem for the public understanding of science, because when you say crypto, I know that what you mean is cryptography. And I know that what you've got to say is of deep worth and highly educated. When a newspaper hears you say crypto, they're thinking Bitcoin and bringing public understanding, the science has got to be harmed by that.
Doc Searls (00:55:59):
It, I, I'll we're getting toward the end of the show, and I, I, I just need to jump in on, on this one, which is, we've had this problem with hackers for 40 years. <Laugh>, you know, I mean, on the one hand it's a, it's a badge of honor for those who called themselves that there's a big fat dictionary of, of terms that they use. And at the same time it means bad guys and I don't think we'll ever solve it, actually. I think that's, you know, that's a tough one. But anyway, this is, this has been a great show. And, and I'm sorry we're, that hour went very fast, even without ads in it. So are there any questions we haven't asked yet, but you can ask, answer briefly before we finish our,
Hart Montgomery (00:56:44):
I think you, you all have done a great job of, of asking questions so, you know, I've appreciated them.
Doc Searls (00:56:51):
Great, Thank you. Thank you very much. This has been great having you on the show there. Two more before we go. What are your favorite text, text editors and, and scripting language?
Hart Montgomery (00:57:06):
Well, for what I guess is the, this is the question. Oh,
Doc Searls (00:57:11):
Cause I used any answer is fine. <Laugh>, it doesn't matter. You can qualify to do what you want.
Hart Montgomery (00:57:16):
Cause Yeah, I use very different things to write like papers than I do to write code. You know, I've always been someone who uses emax to write code. My like late tech editor has changed many, many times over the years and it almost always changes as soon as I get a new computer. I think I'm using some, some kind of tech shop right now. And so what, what was the other question?
Doc Searls (00:57:47):
Oh scripting language.
Hart Montgomery (00:57:51):
Scripting language. Does bash count?
Doc Searls (00:57:55):
Yeah, it does <laugh>.
Hart Montgomery (00:57:57):
Okay. That'll
Doc Searls (00:57:58):
Be my incident. You've had Brian Fox on here talking about that as himself, dude. Yeah. Who, who created Bash. So that's great. I appreciate it a lot. It's been been great having on the show, love to have you back, especially to, you know, since Hyper Ledgers changed as much as it has in the last several years, it'll change some more. So it'd be great to hear from you again.
Hart Montgomery (00:58:19):
Absolutely. Yeah. Thank you for your time
Doc Searls (00:58:22):
And thank you too. So Simon, dude, you were, you were strong there. <Laugh>,
Simon Phipps (00:58:31):
You know, Heart
Doc Searls (00:58:32):
Did a, I didn't mean to bring you on for that reason. But, you know, you're always has tough ones.
Simon Phipps (00:58:37):
Well, you know, me and Crypto Doc, I mean
Doc Searls (00:58:40):
I didn't well now I do <laugh>.
Simon Phipps (00:58:42):
Now You do, Yeah. Yeah. so, you know, heart has been, has been a, a, a great interviewee that he's been very tolerant of some tough questions. I, you know, I do think we find ourselves at a juncture where we should be asking whether a charity should be doing the work that Lenox Foundation has, has picked for Open Wallet Foundation because we can't rely on adequate citizen centered regulation arriving in time. And so the antidote for that is to have an organization whose mission is to serve the general public rather than to serve its paying members. And it seems to me that there's a very much a need for a, a 5 0 1 C three or what I call a public charity to be doing some of this privacy centric work. And if it could do it under the umbrella of the Linux Foundation so that its work is respected by those Linux Foundation members, we may well be able to head off the crisis of privacy that I think will arise from having things sufficiently anonymous that governments can't apply regulation which strikes me actually as the worst of all possible worlds where we have a centralizable technology through aggregated power that is sufficiently cryptographically anonymous that governments can't regulate it.
(01:00:05):
That sounds terrible to me. So I, I I think that you know, the question I would love to ask is about the c3. And I, I understand heart can't answer that, but I think that's the take the question that's left on the table from this discussion for me.
Doc Searls (01:00:18):
Well, I, I, I, I look at this in a more evolutionary way. I think that the Linns Foundation was a, I think a brilliant move as I think they, there needed to be a trade association there. I don't think of them so much as a trade association, but they certainly qualify because, you know, big companies pay to belong. But there does, there does need to be a big tent where large entities that can afford a lot of developers and are doing, and, and, you know, work on which that's responsible for a lot of what we do in the world can gather and, and work on open source stuff that, that they share. I think there's a whole exactly where you say, which is on the customer side, on the individual side, the consumer side. And that's why we started Customer Comments, which is a 5 0 1 C three years ago.
(01:01:06):
It is completely funding free <laugh>. So, and if the Lytics Foundation wants to talk to us about that, that'd be great. I, I wouldn't mind being under that umbrella if that fits. I don't know if 5 0 1 c three s fit under that, but we have another example a case where that worked out. Not that there were any big companies involved in creating it with creative comments with copyright. It's a very limited scope of, of what they're responsible for, but they created a way for anybody that does any kind of art to have some control over their copyright. And that has created, that changed the world in a, in a lot of positive ways. So so I do see some, I do see some hope there. I think it's early. I think it's early, and I, and I do hear heart on, on the sincere efforts that are going on within Hyperledger or, and in the wallet thing as well. I, I think any developer working out a wallet is gonna feel his back pocket and say, I wanna work for this <laugh> and not, and not just for, you know, whatever, whatever large employer, you know, they might be, they might be working for at the time. And Yep. And who stays forever with any one large employer anymore either. So that's another, you know, if not a saving grace, at least a, a grace of some kind,
Simon Phipps (01:02:23):
<Laugh>. So I think there's lots to talk about still here, Doc, you know?
Doc Searls (01:02:27):
Oh, yeah. It always is.
Simon Phipps (01:02:28):
And again, curiously, you know, this is blockchain we're talking about, and here's me saying we need to talk about it some more. There you go. So we, we need to have maybe, maybe get a round table together where it's, there are some different voices who can argue it out without weapons.
Doc Searls (01:02:43):
Well, that's, that might be better. And, and, you know, maybe we can assemble one here, you know? Yep. That's a possibility too. And so I, I just thought of something could promote for that. But go ahead. What, what do you wanna plug before we get off?
Simon Phipps (01:02:57):
You know, I'm promotion free this week. I, I don't have anything that I want to plug the, for the people on video, just follow me on Twitter and on, if you, Actually, I'd love to see a whole load of people following me on ac on the Activity Pub Federation. So that's mastered on Oma Bloom, all of those where I am. My, my mastered on website is meshed.cloud, and I am@wemionme.cloud. I would love to have a whole load of listeners and, and viewers here joining me on Master Don. And the, the quality of the conversation is somehow much better on Activity Pub than it is on Twitter. So come find me on this.
Doc Searls (01:03:37):
Yeah. Okay. Well then, and after the next couple days, I think the 30th is when Elon Musk does or does not buy Twitter. And and Twitter may, they may be a rush to your, to your small tent there before that happens. Speaking of round tables the internet identity workshop look it up. The short link is i, i workshop.org happens twice a year. The whole SSI thing that we talked about came out of that. Pretty much everything I know about what Hyperledger is doing, <laugh> is, is actually through sessions that we have. It's an unconference. It happens at the Computer History Museum in Mountain View in California, and Silicon Valley happens twice a year. It's three full days of nothing but gatherings of people in breakouts. There are no keynotes, there are no no panels or anything like that.
(01:04:33):
It's just sponsors buy food and and projectors and things like that. They don't, they don't run the show. So any, anyway, look it up. Ii workshop.org. And and come there. This is exactly the kind of thing we like to talk about there. And also coming up next week, we have Jeff Gearing on, He's a jeff gearing.com, G E E R L I N G. He was formerly with aquia. I'm not sure exactly what he's doing right now. We'll find out a week from now. Until then, I'm Doc Searls, It's been plus weekly. We'll see you then.
Ant Pruitt (01:05:06):
Hey folks, I'm Ant Pruitt. And what do you get Your favorite tech geek that has everything. A Club Twit gift subscription, of course, Twit podcast. Keep them informed and entertained with the most relevant tech news podcasts available With the club to subscription, they get access to all of our podcasts ad free. They also get access to our members only Discord, access to exclusive outtakes behind the scenes and special contents such as AMAs, which I just love hosting. Plus exclusive shows such as End Zone, Mac, End Zone Windows, and the Untitled Lenux Show Purchase Your Geek's gift at twit.tv/club TWiT. And it will Thank you every day.
