Bankless - 154 - Sign-in With Ethereum with Wayne Chang
Episode Date: January 23, 2023✨ DEBRIEF | Unpacking the episode: https://shows.banklesshq.com/p/debrief-wayne-chang-sign-in-with-ethereum ------ ✨ COLLECTIBLES | Collect this episode: https://collectibles.bankless.com/mint�...� ------ Wayne Chang is the co-author of EIP4361, otherwise known as the Sign in with Ethereum (SIWE) Standard. He’s also the co-founder and CEO of Spruce, a company that is working to grow SIWE adoption to make the internet more user-first. Can Ethereum help us take back our identity on the internet? There will be two phases of crypto–in phase one we take back our money. In phase two we take back our identity. Tune in to find out how. ------ 📣 Crypto Tax Calculator | Free Crypto Tax Calculator https://bankless.cc/CTCpodcast ------ 🚀 JOIN BANKLESS PREMIUM: https://newsletter.banklesshq.com/subscribe ------ BANKLESS SPONSOR TOOLS: 🐙KRAKEN | MOST-TRUSTED CRYPTO EXCHANGE https://bankless.cc/kraken 🦄UNISWAP | ON-CHAIN MARKETPLACE https://bankless.cc/uniswap ⚖️ ARBITRUM | SCALING ETHEREUM https://bankless.cc/Arbitrum 🚁 EARNIFI | CLAIM YOUR UNCLAIMED AIRDROPS https://bankless.cc/earnifi ------ Topics Covered 0:00 Intro 8:50 Identity on the Internet 17:15 Current State of Identity on the Internet 23:25 Web2 Log-in Risks & Incentives 25:50 Authentication vs. Authorization vs. Identity vs. Identifier 30:52 Sign-in with Ethereum 36:12 The Benefits of SIWE 39:15 The Rest of the SIWE Iceberg 40:50 Bringing Your Own Data Vault 46:19 Data Representing Identity 48:54 Identity & Data Vaults 50:40 Dapps & Use Cases 56:16 The Future of SIWE 1:02:33 Zero Knowledge Proofs & Minimal Disclosure 1:07:09 Bots 1:08:30 Deep Fakes 1:09:39 Session Keys & No More Cookies 1:15:14 Ethereum the Blockchain’s Role 1:17:25 Ethereum & Identity 1:19:40 Why Log-in with Ethereum? 1:22:30 Censorship Resistance 1:24:40 Festival of the Commons 1:29:40 SIWE Next Steps 1:31:43 Why SIWE is Important 1:32:52 Closing & Disclaimers ------ Resources: Sprue https://spruceid.com Read EIP 4361 https://eips.ethereum.org/EIPS/eip-4361 Wayne Chang https://twitter.com/wycdd ----- Not financial or tax advice. This channel is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This video is not tax advice. Talk to your accountant. Do your own research. Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here: https://www.bankless.com/disclosures
Transcript
Discussion (0)
Welcome to bankless, where we explore the frontier of internet money and internet finance.
This is how to get started, how to get better, how to front run the opportunity.
This is Ryan Sean Adams.
I'm here with David Hoffman, and we're here to help you become more bankless.
David, I just realized we talk about internet money and internet finance in the intro.
We should also add internet identity to the list of things we are covering in bankless.
Today's episode is about Ethereum, its ability potentially to take back our identity on the internet.
We're exploring that topic with Wayne Chang, who's a researcher and a core dev behind the sign-in with Ethereum project.
If you haven't heard about this project, this is the episode to pay attention to.
A few things to look out for.
Number one, why Google, Facebook, and Twitter are actually banks for your identity.
And of course, we are bankless.
So is there an alternative?
Number two, we talk about why Wayne thinks Ethereum can disrupt the Silicon Valley tech companies and become the standard way you sign into every application and social media platforms.
on the internet. Number three, we talk about how this leads to a more sovereign, decentralized,
and free internet for the world. Crypto has been called. You've heard us talk about this before,
a separation of money and state. This is the separation of identity and state and is perhaps
even more profound. David, why is this topic so important to you? Why do we set up this conversation?
I know you were very excited to bring Wayne on and talk about signing with Ethereum.
Yeah, sign in with Ethereum. It's like one of those small holes as a rabbit hole.
that once you go through the hole, it only gets bigger and bigger and bigger as it goes.
The implications of a simple swap of sign in with Google or sign in with Facebook when it turns
into a sign in with Ethereum, it seems so simple.
But the downstream changes of how that completely changes the landscape of the internet
and how users on the internet are able, as a result of that, to go from a commodity to the big Silicon Valley apps
to an actual user once again, a free and sovereign user of the internet, it's quite profound.
And it really does go down to the depths of what does it mean to have an identity, to be a person.
And Wayne is a deep thinker, both as a developer as to how do we come up with standards to
implement this sign-in with Ethereum Vision, but really what does it mean to authenticate?
What does it mean to be a person as it goes to the internet?
And these are conversations, Ryan, that we had in the debrief about human identity is a
infinite boundless thing, yet we know that it is captured by the current status quo of the internet
because so much of what makes users on the internet is defined by Facebook. It's defined by Google.
It's defined by Twitter. So what happens to the internet when we can unlock it from the constraints
of these Web2 apps and finally make a version of ourselves that's as limitless as the kinds of
assets that we can mint on Ethereum? I think it's such a fantastic conversation. So if you want more
that conversation, you can sign up for the debrief podcast, which is the only podcast that
exclusively comes out on the bankless premium feed. If you don't have the bankless premium
fee, there is a link in the show notes to go sign up for that. And so you can get that extra
podcast into your podcast feed wherever you listen to your podcast. On the debrief, this time,
we actually brought in Wayne for a quick five-minute explanation of Zucco's Trilemma as well.
So stay tuned for that. One last thing before we get into the episode with Wayne, Bankless is getting
into the world of Web3 tokenized content. So we are tokenizing every single Monday podcast,
including this one, at collectibles.com slash mint. The mint goes live on Monday. And if you are a
bankless premium member, you are on the white list to mint one of the 100 NFTs that goes out with this
podcast. Again, you can try that out at collectibles.com.com slash mint. This is a pretty fun experiment.
We're also going to have a Twitter space with Wayne on Monday, of course, as well.
if you guys want to ask questions about the episode. There is a link in the show notes if you would like to partake and join us in this exploration of Web3 content.
Guys, we're going to get right to our conversation with Wayne. But before we do, we want to tell you about the sponsors that made this episode possible and especially about Cracken, who is our number one recommended crypto exchange for 2023.
Cracken has been a leader in the crypto industry for the last 12 years. Dedicated to accelerating the global adoption of crypto, Cracken puts an emphasis on security.
security, transparency, and client support, which is why over 9 million clients have come to
love Cracken's products. Whether you're a beginner or a pro, the Cracken U.S. is simple, intuitive,
and frictionless, making the Cracken app a great place for all to get involved and learn about
crypto. For those with experience, the redesigned Cracken Pro app and web experience is
completely customizable to your trading needs, integrating key trading features into one
seamless interface. Cracken has a 24-7-365 client support team that is globally recognized. Cracken
available wherever, whenever you need them, by phone, chat, or email. And for all of you
NFTers out there, the brand new Cracken NFT beta platform gives you the best NFT trading experience
possible, rarity rankings, no gas fees, and the ability to buy an NFT straight with cash. Does your
crypto exchange prioritize its customers the way that Cracken does? And if not, sign up with Cracken
at crackin.com slash bankless. Hey, Bankless Nation, if you're listening to this, it's because
you're on the free bankless RSS fee. Did you know that there's an ad-free version?
of bankless that comes with the bankless premium subscription? No ads, just straight to the content.
But that's just one of many things that a premium subscription gets you. There's also the token
report, a monthly, bullish, bearish, neutral report on the hottest tokens of the month. And the
regular updates from the token report go into the token Bible, your first stop shop for every
token worth investigating in crypto. Bankless premium also gets you a 30% discount to the
permissionless conference, which means it basically just pays for itself. There's also the
AirDrop Guide to make sure you don't miss a drop in 2023.
But really, the best part about Bankless Premium is hanging out with me, Ryan, and the rest of
the Bankless team in the Inner Circle Discord only for Premium members.
Want the Alpha?
Check out Ben the Analyst's DGENPIT, where you can ask him questions about the token
report.
Got a question?
I've got my own Q&A room for any questions that you might have.
At Bankless, we have huge things planned for 2023, including a new website with login with
your Ethereum address capabilities, and we're super excited to ship what we are calling
bankless 2.0 soon, T.M. So if you want extra help exploring the frontier, subscribe to
Bankless Premium. It's under 50 cents a day and provides a wealth of knowledge and support on your
journey west. I'll see you in the Discord. Bankless Nation, this is a topic we have been waiting a long
time to talk about and you're super excited about. It's in our bullcase for 2023, isn't it, David?
Sign in with Ethereum, and we've got the perfect guest to help us out with this topic.
Wayne Chang is the co-author of the Sign In with Ethereum EIP. It's called EIP.
4361, that is the Ethereum Improvement Proposal that is proposing the properties of sign-in with Ethereum.
And he's also the co-founder and CEO of Spruce, which is a company that's working to grow this very
important standard.
And what signing with Ethereum is doing is trying to make the Internet more user-first.
Wayne, welcome to Bankless.
Thanks so much for having me.
This is great.
Well, I want to start with a big question in people's minds.
Identity on the Internet.
Yeah.
Is identity on the Internet broken today?
We have to first define what identity means because that's a very overloaded word and means a lot of things to different people, right?
So there's definitions from like standards organizations like NISSO that say identity is a set of attributes around an entity.
How useful is that?
You know, maybe to certain implementers.
There are other groups that have other opinions about identity.
I'm just talking about technical specification, what some technical organizations think.
They're non-technical interpretations, of course.
but some more useful and holistic definitions, for example, our identity is the way that we recognize, remember, and respond to people and things.
So broader than just a really technical definition, right?
And typically, identity is only useful in a context, functional identity versus so-called foundational identity,
that you're a human on this earth, maybe as part of a nation, is something closer to foundational identity in semantics.
But functional identity, hey, I want to,
show that I can drive this car, or I want to go to the bank and access my account,
or I want to log in and see my cat pictures in storage somewhere, right?
Those are more functional identity-oriented.
A conversation that we've had on bankless frequently,
we've had this conversation with Chris Dixon.
It's come up a number of times in bankless is that the internet was not built with a native
payment system.
There was not money on the internet when we created it.
And as a result of that, that's had some downstream effects.
It's created the advertising.
model. It's turned internet-going adventurers into commodities for these big applications like
Facebook and Instagram. I'm wondering, Wayne, if it's a fair to frame this conversation that we're
about to have as similar to, the internet was also not built with identity primitives in it from
day one either. And the downstream effects of that are kind of the paradigm that we find ourselves
in today with Web 2, login with Facebook, login with Twitter, login with Instagram. Is that like
a fair kind of foundation for setting the table of this conversation? I think that's
very fair. And another example of sort of the vestigial artifacts from ARPANET when you had a bunch of
highly trusted universities, setting networks to talk to each other. And there was just inherent
trust because you basically knew everyone as part of that network. You did not have to do that much
adversarial thinking to make those systems secure because, you know, you had local trust.
But as we scaled up, you know, those things weren't baked into the core protocol. And we're
starting to run into those problems. And there are some market solutions to those things,
sometimes with adverse incentives. So yeah, I think that's a pretty good description of why we are
where we are now. Can we talk a little bit about identity? Because I do want to get to that question of
is identity on the internet broken. But I still feel like we're in the definitional phase of what
identity on the internet is. Practically, what is identity on the internet? I think I guess my identity
in the real world is, let me see, it's probably there's a nation state component to it. So I have a
driver's license and a passport and a social security number. And I'm an American citizen. I'm also a
Canadian citizen. So I have a Canadian passport as well. That's a piece of it. It's also somewhat
socially defined, I suppose. Like when we say like, I identify as, right? And I might identify as a
particular gender or particular like religious affiliation or I certainly identify as probably
a crypto native and Ethereum. Somebody from the bankless nation. These are all.
identities that I have, but I also personally identify as a dad, for instance. And, you know, someone on the
internet would say I also identify as an AI that is under much dispute. But like, what do we mean when we
said, so that's a real world, but what do we mean when we say identity on the internet? I guess for me,
it would be like, okay, well, I have an email address, and that is some sort of identity. And if it's a
Gmail account, that I can sign in with my Google account in places. I have an Apple ID maybe. I have
probably a Facebook idea. I have a Twitter ID. I have a password manager with all of these
identifications, I suppose, to all of these various web applications. And then I also have,
like, you know, social media profiles that sort of tell you who I am. So maybe LinkedIn is my
professional presence. And Twitter is kind of like, you know, I don't know what Twitter is.
It's some kind of bio combination of whatever I am on Twitter. But what is the digital identity
and how does that intersect with the, like, what are we actually talking about today in current
state when I even ask the question of, is identity on the internet broken? What is identity on the
internet? Yeah. And I think part of the answer to what is identity on the internet has to do with
what are you trying to do, right? And depending on that, a lot of things are relevant or not,
identity is just such a contextual thing that you really need to describe scenarios, whether it's even,
you know, you have to present your passport somewhere to get into another country. That is a scenario
that makes that part of you relevant. And as you alluded to having a professional presence,
you have different identities for different contexts in your life.
When you're with your family, it's probably different personality even than when you're at work.
Think about your work slack versus maybe you're hanging out with people on Discord or in a WhatsApp group.
It's a different dynamic and you bring different aspects of yourself to those places.
So it's not necessarily the case that you can just have, you know, everything in every context and what makes sense to people.
In fact, when you're, you know, your work self, you actually don't want to bring up a lot of things that might not be relevant if you're just trying to do your job.
and a good one at that. Likewise, you don't want to bring your work stuff necessarily to
social media sites where you're just really trying to enjoy the personal side of your life,
right? So these different areas where you already have different digital presences, I think,
are important to consider when we talk about identity. So that's what identity is on the internet
then, too. It's sort of similar. It's, I guess, the aggregation of all of these various logins I have,
something to that effect. Is that really what we're talking about? It's my Gmail account,
my Twitter account, my Facebook account, and Instagram and all of these things? Is that what identity is?
And if so, who owns these? Are they mine? Are they somebody else's?
Yeah, and I would say it's some combination of those. And preferably, the point of view is that you
should own those and decide when those things show up, kind of like having a hand in poker and
deciding which cards to reveal in what situation, right? So that's how we'd really like
the internet to work instead of a lot of things being controlled outside of your purview if it's
especially about you. I think as we're trying to get it.
it down to the basement of things, which we love doing on bankless, getting all the way down to
the core primitives of what makes the world tick. It's important to note that your identity is something
infinite and unconstrained and limitless. Like who you are as a person is very different in almost
any different scenario, be it on the internet or in the real world. Sometimes, to use my co-founder
as an example, he plays the role of dad. Sometimes he plays the role of podcaster. Sometimes he
plays the role of investor. Sometimes he combines these things. I'm sure he has musical taste. These are all
different things that make up humans and that also transcends across time. And it can also be
constrained by the systems, the social structures that we inhabit in this world. So we talked about a form of
identity as like the nation state. The nation state bestows upon you a nation state approved
identity at birth. Here is your identity. It is this passport number.
a 3-742-1 or your social security number or your phone number. And so you are given your identity
by a nation-state inside of the nation-state context. And that is actually a constraint on identity,
because of course you are not just the person that the nation-state believes you to be.
You are not just a social security number. And so it's important to note that your identity is
infinite. It's expressive. It's adaptive. It changes over time. You select it. You control it.
And then also we have our social structures that we exist inside of, our nation states, our
web 2 apps that limit our ability to express who we are.
And so, Wayne, I want to ask you the question, how has over the trajectory over the
internet, can we do an audit of this state of identity in the internet?
Perhaps we can keep this to Web 2 because these structures that we have, Google, Facebook,
Twitter, these previous other like log in with, you know, insert your Silicon Valley Tech
giant here.
what is the state of identity on the internet today?
Can you do an audit for us on this?
Yeah.
And is it broken?
Yeah, is it broken?
So, average person has maybe 100 passwords to manage,
according to one survey in 2021 from Nord Pass.
And because of so many U.S. issues, onboarding services, forgotten passwords,
a lot of people have opted to give that job of, you know,
a testing for their login to an entity.
Typically, a large tech company, popular ones include Facebook,
Google, Apple, Twitter is emerging, but I don't have exact statistics right now.
But a lot of these use a protocol to call Oath 2 under the hood, which allows you to delegate
access to resources.
That was the purpose of it.
So Oath 2 was invented because of the problem where you have a photo sharing website and
you have a different website that does printing.
And if you want to print those photos, you can either download all those photos and
retitle them in the printing site, or maybe there's a lot.
there's a way for the printing site to talk to the photo sharing site directly.
In the land before OOath 2, we would basically give the password to the printing site,
and they would basically log in on our behalf, right?
And there's a lot of horrible security things with this.
So we want to move away from just giving passwords to those systems,
although it's still in place in some places on the internet today.
But that became Oath 2.
And then some clever people thought about,
hmm, what if we could also include a set of photos,
identity information as part of the payload that you could give as a resource, right? And that's how we got
to Open ID Connect, which is the dominant identity protocol on the internet today governed by the
Open ID Foundation. Now, the really interesting thing about Open ID Connect is if you talk to a lot of
the developers and architects of it, they always wanted a decentralized internet where you'd have a bunch
of identity providers that you could have an account with and you could sign in with this service.
that was, I think, the intended effect of a lot of those architects.
But what happened was a few intermediaries that played these roles, started to grow and grow,
and they had these network effects that caused them to be pretty dominant.
And that's where we're left with today, with a lot of people using those services.
And what's interesting about it is I think that people are giving up a lot more control than they realize.
So if you have a Gmail account they use for everything and you sign in with Google in places,
if at any point you lose that Gmail account,
it's not just Google services that you lose access to.
It's basically potentially anything you use that Gmail account to sign up with, right?
Because the forgot password button will be broken for you
because you can't access your email anymore.
And it's maybe it could be preempted to reset across all your accounts, right?
So that's a big level of trust.
I don't know if everyone is comfortable that they're taking.
Maybe some people are and that's fine, but we think it should be a choice.
So we think that moving towards more direct authentication systems like signing with Ethereum without an intermediary is a very exciting proposal.
And we've gotten a lot of alignment with the ecosystem on this.
When you say lose access to something like Gmail, in that category of lose access, what are we talking about?
I mean, you could also be censored by something like Google.
It doesn't have to be you for getting your Gmail password.
Right.
It could be someone just a system administrator, someone who has access, and for all the great controls that we hear about, we constantly hear about stories in these large tech companies where some employee had unauthorized access to a certain spot or some kind of system failure caused this thing to happen, right?
Or even there was a request by this other entity and they had to do this and all of a sudden your access is gone.
There's a long trail of this happening in news articles, et cetera.
And that's the point.
you don't own that identity, that authentication Google does.
That's right.
And if we would look at Silicon Valley as like a topology of size of tech companies, you kind of have the big ones, right?
Facebook, Google, Apple's probably in there, Twitter's up there.
And then there's like a bunch of smaller, like Silicon Valley apps that probably use these bigger companies to log in with, right?
So Canva, Pinterest might be having like a login with Facebook or a login with Google button.
And then so all of these like smaller Web2 apps use the bigger Web2 apps for identity, right?
They've outsourced the need for identity to these bigger Web2 apps.
Putting on like a finance brain, it kind of feels like the banking system where we have these commercial banks,
like Wells Fargo, J.P. Morgan, Chase, and they are signed up with the Federal Reserve.
And the Federal Reserve kind of dictates everything.
Like they give or take away accounts, right?
And so does your commercial bank give or take away accounts from you?
And so what you're saying with like because of this convenience, a lot of like our identity systems,
if you choose to like log in with Gmail or Facebook, whichever provider you choose, whichever
central banks of identity that you choose, everything downstream breaks if you get deplatformed there.
And so you've given like these central authorities custodianship over your internet identity.
And that's just like a bank.
Is it fair to consider these like Web2 apps banks for our identity?
I think it's fair with two caveats that I can think of now. One, there's no oversight body for it like there is for banks. And even if you have one, it's, you know, how effective can it be? And it's not FDI insured either. So if you lose it, you know, what recourse do you have? Okay, so that are some of the risks and drawbacks. Bankless listeners understand the perils of centralization. What about just like user data and other just risks and drawbacks of WebTube-based login that we haven't touched on? Is there anything that we should really touch on before we move on? Yeah, one thing that I really think about, and we'll get to those.
probably later in the conversation too, is just how much innovation are we stifling?
It's always really easy to see the stuff that's there and then you lose it.
But what about the stuff that could be there?
And now it can't be there because we have the current rails that are in place.
And how I'm thinking about this is once you sign in, sometimes you get the dialogue that says,
do you want to share this part of your account?
And it is convenient for a lot of people to do that.
But if you are a large tech company and you provide, let's say, a store,
service or photo service, do you really want to let the user share from a different photo
stories that they like and not the one that's part of your closed ecosystem?
I think there are a lot of interesting incentives that have to happen when one company
controls the N2N login experience for billions of people pretty literally.
And there are some commercial interests at play too.
So this kind of differing of incentives and principal agent problems, I think, is at the very
core of it. And when you move to these decentralized direct authentication methods and you have the
right protocols to let the user build up their entire login experience and what data gets imported
or not, then I think a lot more is possible. And Wayne, are you also saying, if I kind of talk about
second order effects there is like, are these big tech companies also incented to keep you in their
walled garden, incentive to like promote their identity platforms as the single identity? I would
imagine that would help them establish a moat around their core business and kind of block out
competitors, block out innovation. Are you saying that there's a negative incentive at play here,
too? I think there's a positive incentive for a company to build up with their internal network
effects, right? More stickiness through that, more ability to have people use the systems every day.
And also, it works so nicely with all the other pieces of the ecosystem right away. And it's more
difficult for other services. So yes, I think there's a natural Walt Garden effect here.
Just one last bit of housekeeping while we're on kind of definitions and the existing problem before we talk about signing with Ethereum is, can you tell us the difference between this term identity, which we've talked about so much, and this other term authentication? Yeah. So what's the difference between identity and authentication? Yeah, and I will add two more just so we have a complete set of stuff to talk about, right? So let's talk about identity versus identifier, right? So Wayne at spruce ID.com, that's an identifier for me, right? That's something that I can type into a computer.
And a theorem address, you could argue, is an identifier, right?
But an identity is so much more complex than that, as David said.
It's just pretty boundless and very contextual for us to even talk about it, right?
So that's one difference.
And other examples of identifier would be E&S name, domain name, something like that?
That's correct.
Yeah.
Any kind of thing that you can use is a digital handle.
And you can use that to, you know, maybe one identity is associated with many identifiers.
Is my phone number an identifier?
Yeah, it can be considered an identifier. It's kind of used in relation to the context in the system. So, you know, sometimes you might log into a reservation service for a restaurant and that's your main identifier. And then we have the pair of authentication and authorization. And I'll tell you how that's related to identity and identifiers. So what's authentication? Authentication is basically being able to determine if someone is who they are claiming to be, right? And there were three ways to do that.
that we know of. If you discover a new category as a listener, please get in touch because,
you know, you will win many prizes and things. What we've determined in the identity ecosystem
so far has been something you know, like a password or, you know, secret phrase, something you
have, maybe a UB key that you carry, or something that you are. And that starts to get into
biometrics, you know, things that you can't change about yourself so easily, like how you walk,
your retina, et cetera, all the modes of authentication seem to fall into these three broad categories.
Sometimes, you know, you squint which one it's in. But using a bunch of these factors in real life or
on the internet, we're able to identify that someone is who they say they are, who they're
claiming to be, or who we think they are. And that's authentication. So the practical authentication
for a lot of people is a username would be the identifier maybe, or it could be authentication. And
then password. That would be the something you know category, which is the vast majority of ways we log in. And then
if you add a two-factor authentication on top of that, so if you guys are familiar with something like
Google Authenticator or using your phone number as a second factor of authentication, is that tied to
device? And would that be authentication for something you have? Sort of like my device, I have this. I have my
mobile phone so I can type in this code that generates every 60 seconds. And then that's the second
factor when we talk about two-factor authentication, right? That's completely correct.
Cool. Identifier, authentication, authorization, what's next? Yeah. So we may use identifiers in the process of
authentication to see that, oh yeah, that's the identity, right? Confirm the identity. And after we
have an idea about who we're dealing with, we're able to understand what they might be able to do.
In the system, maybe they log into a website as the administrator or a basic user, right?
those two different roles have different privileges within the system. So basically that's what
authorization is. Now that we've identified who signed into the system, we can figure out what they
have discretion over. So it's basically what you can do. It's kind of your role, right? Do you have
the ability to on Reddit post a comment or do you have the ability as a Reddit mod to delete
comments? That would be an example of authorization. After you've authenticated, then you're
authorized to do a particular set of things within this ecosystem. Is that correct?
Yep, that's right. And drawing back to the example we're talking about before,
when you're signing in with a service, they are basically the proof point. So let's say you sign in
with your login service, you go to a resource, and the resource says, hey, prove to me that
you're actually logged in and you are who you say you are. And then the login service will attest
or not that you sign in correctly. And that's how these sign in with whatever services work.
Got it. Okay. Now, you said there were four. Is the fourth just identity? Oh, yeah, just identity.
Okay, which is everything else we were talking about earlier. Yeah, it's a notoriously difficult
term to define even for people working in identity. So now moving the conversation to sign in
with Ethereum, I guess based on those definitions, what is the scope of sign in with Ethereum? We'll talk
about what it does and what it is, but since we just talked about the definitions, does that
give us the identifier? Is that authentication? Is that authorization? Is it identity? The full
packages are all four of these pieces? Or just a part of it? How I would put it is that all these
pieces are part of the identity puzzle, right? And nothing will just head on tackle identity in
its entirety. I think it's piecewise as the best approach as well. So signing with Ethereum
uses Ethereum addresses as identifiers as part of authentication.
That is all it tries to do.
It has extensibility so you can work on other things like authorization,
but sign in with Ethereum itself just wants you to be able to prove that you're the
controller of this Ethereum account or the subtracted account, such as for a Dow.
Okay, so your Ethereum address, which I'm sure at some point,
ENS names are going to become relevant in this conversation.
for sure. But your Ethereum address, 0x, 1, 2, 3, 4 is your identifier.
Right.
As in you are letting that Ethereum address represent who you are, represent you are person to whatever you are logging in.
Is that a way to think about this?
Yep. Okay.
For that session, yep. And maybe not even a person. A machine can use sign in with Ethereum with that Ethereum account.
And then what is the authentication part of this?
Yeah. So let's talk about Wallet Connect. Connect wallet. Rather, it's a button.
while Connect is a protocol that allows you do it over mobile,
but I meant to say Connect wallet.
When you go to ADAP, you'll usually see a Connect wallet button.
And when you press that, your wallet pops up usually,
and you pick which account you want to use, right?
And then at that point, all your wallet's doing is telling the DAP front end,
hey, this is my Ethereum address for this session, right?
There's no checks being done, actually.
So you could actually spoof and say any Ethereum address,
even if you don't have the private keys
to control that Ethereum address, right?
So what sign in with Ethereum does
is it adds an authentication layer on top of that
so that you can prove you're actually the entity
that can control that Ethereum address
and then you can proceed after that.
And all that is, right,
is signing a message with your private keys, right?
So you're going to a website
that is sign in with Ethereum enabled.
That website is like,
hey, what Ethereum address are you?
You give that an Ethereum address, and it could be any Ethereum address.
But then the next step is to be like, okay, prove it.
And that comes with signing a message using the private keys that correspond to that public address.
And then once you sign that message, you can now prove to the website that the Ethereum address that you gave it is actually the one that you have.
And then all of a sudden, this website knows that you have the private keys to this public Ethereum address.
And that's how we log in with Ethereum?
That's correct.
And I think that some things I will expand on in that is signing with Ethereum is a technical specification.
It's kind of like a cookie cutter for how that message looks like for the user to sign.
And what's really important about standardizing this message format is we can get a bunch of great security and U.S. benefits from it.
People have been having Ethereum users sign messages to prove they have the key for a long time, right?
As early as 2015, 16, probably we've seen open source projects with this.
incorporated. What signing with Ethereum does is got the ecosystem rallied around a common
specification for it, that cookie cutter template. And when we can get everyone to agree on that,
including DAPs, including wallets, then really magical stuff happens for UX and security.
Is that like a standard? Is that what we're talking about? So signing with the theorem is a standard.
And we actually use a lot of the same terminology in standards authorship that they use at ITF.
In fact, we lean upon several IATF.
That's another standard body where Oath was published.
We use a lot of those same terms in sign-in-thetherium.
And so we're going through the same process in Web 2.
I was at the time too young to really care or know about how these standards of O-O-Oth came together,
but I'm at the perfect age to watch how the standards of sign-in with Ethereum are coming together.
That's the frontier that we're on right now, right?
We are trying to get people in alignment in consensus with the sign-in with Ethereum
standard, and that's what you're doing at Spruce. Is that a fair illustration?
I would say that we have progressed pretty far on that, and we have hundreds of applications
in production that you sign in with Ethereum and major wallets, you know, actively working on
support for signing with Ethereum. Standards are based on network effects, though. If no one
uses a standard, it doesn't really matter, right? But if everyone's using it, all of the sudden,
it's really useful. So it's a coordination game for sure. I think you're about to say, Wayne, that once you
have some sort of standardization, like something like sign in with Ethereum, then you get some
benefit. And you're going to give an example of that benefit. What is that? What were you going to
say? So there are three main benefits. Two really, really direct ones. One is more of an
extensibility benefit. So the first benefit is UX. If wallets can identify the exact format they're
expecting for a sign in message, then they can make a really nice U.S. for a user to sign in.
If you've ever signed a weird plain text message in your wallet, it doesn't feel comfortable. And you're
not quite sure necessarily what's going on unless you really understand the DAP. But if this is
just the standard across all DAPs and wallets can just recognize its format and it literally looks like a
login button, that's a much nicer user experience for people than trying to decipher a message
with a bunch of technical bits in it. And the second thing is security. Sorry, just to really drill this
point home is that there is a number of different ways to input your Ethereum address and sign a message
across many different DAPs, Uniswop.compound, like OpenC,
but what you're saying is those are all individually like one-off solutions. And so as a result of those one-off solutions, how it's presented to the user inside of your ledger, inside of Metamask is also a one-off solution. And then you're saying that that makes the user uncomfortable because it's like, okay, I'm used to signing messages, but each message is incongruent with each other. It's a new experience every single time. And I think what you're saying is like the repeatability of keeping with a single sign-in with Ethereum standard can start to make users feel good about.
what they are doing and experiencing, which is they are just logging into a website. And it's
totally fine. You're not giving permission to have your wallet drained. Exactly. And that's where
a lot of the wallet draining problems come from in our industry when people just blindly sign things,
you know, because they're used to signing things they don't understand. And I'd love for us as an
ecosystem to get out of that habit. 100%. And I cut you off before you were going to go and
list another one. So what keeps going down this line? Well, we get better U.X and we get better security,
too, because if the wallet can basically inspect the data inside that message to be signed,
we can add guarantees, right?
So if example.org wants you to sign in with Ethereum, right, the wallet can identify that
message structure, pull out example.org or whatever other domain is there, and make sure
that we're being served this by example.org proper over a secured connection, not a man in the
middle that's going to, you know, Example2.org trying to get us to sign a message so they can
impersonate us with Example.org. So this property is really important. It's called domain binding
because it's bound to that domain. And the wallet will just reject or give you a big red flag,
like if you go to a website with a bad certificate saying, hey, this is totally wrong. I'm sure
you want to do this. And so is this the end of this story? It's like, all right, we got Web 2 login,
log in with Facebook, log in with Google, we can just replace it with sign in with Ethereum and like, boom, end of podcast. Are we done here? Because I feel like we're actually just like scratching the tip of the iceberg. Can you kind of give us a preview of what's below the water about the implications of this?
Yeah, so signing with Ethereum is just the beginning, just the first step, the top of a very, very wide funnel of additional parts of the tech tree that bring us towards a more user-controlled identity system and internet, I think.
And it has a lot to do with what I mentioned about unbundling the login, right?
Instead of just one or two systems controlling how the into-end login experience works, this is the kind of file sharing that you can use.
These are the kinds of photo services that you're allowed to bring in.
These are the contact lists that you can, you know, share after you sign in with X, right?
We want to let the user define the entirety of that across whatever services they want,
because the only two folks that should have to agree on what to share is the user and the service they're talking to, right?
Why is there an awkward intermediary in the middle who has a ton of discretion over what can be part of the session, what can't be part of the session?
and can we do that all in a secure manner
and also improve privacy properties
better than what we have today in Web 2?
So thinking about how we move away from, you know,
users logging into platforms
to how do we get platforms to start logging
into users' data vaults,
any data vault that they want to bring to the equation, right?
That's the direction that we want to see a shift in.
Wait, can you run that bias again?
So what is the paradigm shift there?
I just want to make sure listeners understand
the implications of that?
So today, when you're logging into a service,
maybe a big social media platform or something,
they will have this database.
It might be many databases collaborating,
but it's all under the domain of that organization,
that company, right, all under their control.
And typically you get access to that at their discretion, right?
And instead of you getting access to a big silo like that
and, you know, them being in control of if you get access or not,
we'd rather see people bring their own data vaults with them to services.
Okay, so I'm logging into Instagram, and that enables me to get access to all of my
Instagram files, photos, whatever, or maybe perhaps I'm logging into Dropbox, and all of my files and Dropbox are there.
That's where we are now.
How is this relationship inverted to the point where, like, I'm actually bringing my own data to these platforms?
Can you just walk us through that again?
Yeah, what does it mean to bring your own data vault somewhere?
Yeah, so Dropbox is a great example.
So typically Dropbox can be very useful for people when, let's say you're adding an attachment
to your email, right?
Some email services have a Dropbox integration and you can fetch it from there.
Well, why can't you just fetch it from any service that speaks this data file sharing
protocol, you know, and you can just plug it in.
And it can be hosted wherever you want.
It doesn't have to be on a domain that's approved.
you can just add it as part of your session
because you're approving it, right?
So that's the idea
that you can bring it with you
and things aren't siloed by default.
I'm just running through this in my head
coming from kind of a defy world, right?
And so like, you know, bankless listeners
will know one thing we've been so excited about
with defy is, of course,
you bring your assets and your money with you.
And we can plug those assets
and that money via private key
into all sorts of different user interfaces.
So you can plug that into Xerion or Zapper
or DeFi Lom
or whatever, and it spins up. This is very different than the Wells Fargo banking experience,
where I have to log into Wells Fargo. They have my money. And they create this user interface
wrapper, but they have the money. They have all of my money. I don't have it. I'm not bringing it
with me. I'm accessing it through their app. And if you want you to send your money to Robin Hood,
you have to take your money out of the Wells Fargo vault and put it into the Robin Hood vault.
And get their permission. Please, sir, can I have my money? Whereas with Defi, what's so exciting is
and you have your assets with your private keys,
and you just plug that into whatever interface that you want.
And one other side benefit is, of course,
is we see the defy user interface going through rapid improvements.
I don't think I remember the last time that my bank interface improves.
Like, it's just the same old crappy thing that it was 10 years ago
and 10 years before that.
It just hasn't improved.
Whereas with defy interfaces, they're all competing with one another
to have the best interface that I'm willing to bring my private keys to and plug into.
This is a similar, I think, in what you're saying is the user has sovereignty.
The user has sovereignty of their money.
Now the user has sovereignty of their data and their identity profile.
And they bring that with them into the app instead of the app housing this.
Are we starting to understand the picture here?
Yep.
I think that's exactly it.
And then you can further beg the question, well, where do these data vaults live?
If it's so decentralized, right?
And I think it's a natural question to ask.
And we are really excited by certain architectures that are enabled by public.
blockchains for this. So if you have a smart contract and you can edit a little section of it,
and in that section, you can put in a list of computers allowed to replicate your data,
right, running the same protocol. That becomes the governance for your storage. So you can hire
vendors. You can do things like encrypt your data before storing it. And that is how you
maintain control over your data vault. Because if you don't trust any of the vendors at some point,
you can just even run your own if it's open source software.
It speaks to the same protocol.
Even if it's in your basement,
you can replicate to that new node
and eject anyone from that smart contract.
So you ultimately retain governance over your data
and even better if it's encrypted form for a lot of use cases.
So this would be a world where I could encrypt my data,
store it in IPFS, or I could go hire AWS or Google Cloud
or Microsoft or whomever I want, but it's all encrypted.
And they just serve it to me as a commodity.
and if all of that fails, then I could just host this on my own servers and still access it because it's my data vault.
And better yet, the resource resolution is based on a smart contract address, right?
So there's no domain name to fight over.
No central entity is to fight over for DNS control.
And you can even solve Zuka's triangle part of human readability if you get an NNS name and you tag it to that smart contract.
Right.
So there are a lot of things possible when we think about systems that look at public blockchains as a root
governance. We'll get into Zucco's triangle that's named after Zucco Wilcox. We've had him on the podcast
not too long ago. But Wayne, this is probably, I think, one of those things, these dynamics that
probably breaks people's brains if they're not ready for it, like telling people who are outside
of the world of crypto about the relationship between like, oh, no, you hold your assets, and then
all of these financial services have to come to you. That's not something intuitive and they're
not going to understand unless they actually start to experience and play around with crypto.
And I'm guessing a lot of people are like, okay, I kind of understand the pattern.
I get it.
I can custody my own data.
I resonate with the whole web two service providers like Facebook and Twitter are banks for our identity.
And now we can store our own identity.
But I think it's still going to be confusing to listeners to say like, all right, like you have your data.
What's an example of that data that represents your identity?
Like what is that thing that is in our little data vault?
Like what's the story that users can relate to to help them understand?
understand what that means. I think that one of the big topics in digital identity, not just
thinking about decentralized systems, but just broadly digital identity over the next year is going
to be the mobile driver's license in associated technologies. We started to see the rollout of a lot
of these pilots, and there are technical standards happening at ISO that have to do ISO's international
standards organization determining how do you get your physical driver's license onto your phone
so you can use it for a lot of use cases, including, you know, if you're at a traffic stop,
if you're online, et cetera, right?
So how this is going to work is that uses cryptography, just like blockchain's do.
And their DMVs are going to cryptographically sign a data packet that says, you know,
these are the facts about your driver's license, height, weight, you know, even address.
and that is an example of the data being stored.
And there's really, I think, user forward ways of doing this
and making sure that this is all of your control
in your devices, never accessed without your permission.
And there are other ways of doing it
where maybe you start making a honeypot,
a central database containing all of it
for access by a variety of actors, right?
So we always want to see us leaning towards
these sign pieces of information
that represent who you are to being under the control of the user.
And those are the protocols that we're trying to architect
and combine with Ethereum accounts and other things that people like to use.
You use the term data vault to describe what this is.
Like, okay, so if the DMV can sign a message saying,
all right, this guy's got a driver's license,
you can put that signed message into your data vault,
and all of a sudden your data vault has an object in it,
and that object can prove to whoever you authorize the access to,
that you've got this driver's license.
And I'm assuming this can really unfold
in many, many, many different ways.
I think really the point here
is that users now have,
and I'll call it an identity vault.
An identity vault of,
there's a place for you to put things
that you choose represent you,
and through the gate
of your Ethereum address and private key,
you can gate that to whoever asks.
Am I on track with this metaphor?
Yeah, definitely.
Just wanted to add
A bit of clarification too.
So depending on what kind of information it is and what are the security requirements around storing it, right?
Because personally, I would never want my driver's license to leave my device.
I don't want it to be on a cloud or anything like that, right?
I want it to kind of even be bound to the device.
So if I lose it, I just go get another one.
Don't want people to be able to pretend on me.
But if I have a grocery loyalty card or if I've associated my Twitter account to my theorem account
and that statement has been signed off on,
I'm more comfortable having that sync across my different devices through a data vault that can contain a cloud component.
But whether that data vault is restricted to your device and everything has to live there, or you're allowing a cloud component to it, that should be under your governance.
And you should decide that along with what the security requirements of the credentials are.
Sure. Are there any other examples that we could talk to really just drive this point home as to like useful data that one would put in their data vault?
Because we're not talking about, I'm like, I'm not using my identity vault to like store.
the photos that I took on my iPhone, because there's a bunch of photos that are just screenshots
that I should really just delete. Are there other use cases that you guys pass around on the
spruce team that are good examples of identity data that you would put in your vault?
Yeah, and it's a combination of identity data, but any other data too, where it's basically,
I think this is one of the pieces that we need to get Web3 UX to the level and even exceed Web2.
How many times do you go to ADAP again? You have to import another token list or point things
or have to set an entire mess of settings for defy apps.
That's like liquidity settings.
For music apps, that's, you know, other preferences.
If you could just bring that with you, no matter where you are, you could do a different
music app, your top artists are still there, you know, that really helps the U.S.
Because today, DAPs don't have anywhere to store the data because they just write to the
public blockchain.
But a combination of that where you can write to the blockchain, but also kind of like
a hybrid mode, you can authorize parts of your data.
DataValt to come part of your session, we have data storage all of the sudden without compromising
on any of our values of decentralization. Uniswap is the largest on-chain marketplace for self-custody
digital assets. Uniswap is, of course, a decentralized exchange, but you know this because
you've been listening to bankless. But did you know that the Uniswop web app has a shiny new
Fiat on-ramp? Now you could go directly from Fiat in your bank to tokens in Defi inside of Uniswap.
Not only that, but Polygon, Arbitrum, and Optimism, layer 2s are supported right out of the game.
But that's just Defy.
Uniswap is also an NFT aggregator, letting you find more listings for the best prices across the NFT world.
With Uniswap, you can sweep floors on multiple NFTs, and Uniswop's universal router will optimize your gas fees for you.
Uniswap is making it as easy as possible to go from bank account to bankless assets across Ethereum.
And we couldn't be more thankful for having them as a sponsor.
So go to app.uniswop.org today to buy, sell, or swap tokens and NFTs.
Arbitrum 1 is pioneering the world of secure Ethereum scalability and is continuing to accelerate
the Web 3 landscape.
Hundreds of projects have already deployed on Arbitrum 1 producing flourishing defy and
NFT ecosystems.
With a recent addition of Arbitrum Nova, gaming and social daps like Reddit are also now calling
Arbitrum home.
Both Arbitrum 1 and Nova leveraged the security.
and decentralization of Ethereum and provide a builder experience that's intuitive, familiar,
and fully EVM compatible. On Arbitrum, both builders and users will experience faster
transaction speeds with significantly lower gas fees. With Arbitrum's recent migration to Arbitram
Nitro, it's also now 10 times faster than before. Visit Arbitrum.io, where you can join the
community, dive into the developer docs, bridge your assets, and start building your first app.
With Arbitrum, experience Web3 development the way it was meant to be. Secure, fast, cheap, and
friction-free. How many total airdrops have you gotten? This last bull market had a ton of them. Did you get them all?
Maybe you missed one. So here's what you should do. Go to Earnify and plug in your Ethereum wallet,
and Earnify will tell you if you have any unclaimed airdrops that you can get. And it also does
POAPs and mintable NFTs. Any kind of money that your wallet can claim, Earnify, will tell you about it.
And you should probably do it now because some air drops expire. And if you sign up for Earnify,
they'll email you anytime one of your wallets has a new air drop for it to make sure that you never lose an
air drop ever again. You can also upgrade to Earnify premium to unlock access to air drops that are
beyond the basics and are able to set reminders for more wallets. And for just under $21 a month,
it probably pays for itself with just one air drop. So plug in your wallets at Earnify and see what
you get. That's EARNI.fI. And make sure you never lose another air drop. Vitalik in his recent article
that was applications that excite me on his blog post, he talked about identity, but he was
bearish about identity platforms yet bullish on identity. And really the point that he was trying to
drive home is that Web3 identity, he's extremely bullish on the future development. But no one can
really define what identity is. And when you tell me there is a data vault that you can put data
into, I think one of the reasons why people might get confused by that is because data is such a
broad category. And that's kind of the beauty of it of there is no way to confine identity
into any one specific rule set or like it can be it's generalizable and so one of the reasons why
Ethereum excites me beyond Bitcoin is because it's generalizable. It's turning complete. You can do
anything with it. And going back to what I was saying with identity at the very beginning,
identity is, you said boundless. There are no limitations as to what your identity could be.
And so maybe that's a fair way to really drive this point home of what a data vault is.
is it can be anything, and it's anything that you choose for it to go into.
And it's, I think, really just a matter of these various service providers learning how to put
data into these identity vaults and have other service providers find that data useful.
Is that really the hard problem of adoption here?
Yeah, and that's exactly why we're in the Web 3 and DAP ecosystem for the reasons that
Ryan mentioned earlier.
There are just so many different verticals experimenting with new ways of doing things,
day-to-day that we are seeing experiments across verticals like health records and legal identification,
enterprise data. We're seeing a lot of DAPS focus on artists and music, et cetera. These are all
different types of resources that need to be shared in this more open and decentralized way across
different platforms. In order to make it work and build resilient systems, we need to hone in on
specific use cases, you know, prove out that it works across, you know, sharing one thing to other.
For example, if you can share the entirety of the MP3 files that you have on your music mixer DAP to another one and import it, we have figured it out for that very niche vertical.
And that can expand out to other categories and mix and match.
So to the extent that we can experiment and have more fast iterations, you know, that really helps the evolution here.
Wayne, can we talk about, you know, putting some, because we're talking about some futuristic stuff, right?
The world we live in is still a world very much of Web 2.
and we're talking about sign-in with Ethereum.
We're talking about this idea of self-sovereign,
decentralized identity that an individual controls
and they bring data vaults with them.
I want to ask you about maybe the medium to long-term future,
the far-off future.
If sign-in with Ethereum is maximally successful,
and we achieve the vision that you and the team
and all of the developers around the world are working towards,
what does that look like?
What does the future of signing with Ethereum actually look like?
And I want to ask some specific questions,
I'm going to do this in kind of a lightning round, because I want internet users today to get a
picture of what this world looks like. So my first thing is, how would I log in with social media
apps? Does this mean there's a, I can log in with a username and password? I can log in with my
Google Facebook ID. And then I can also log in with Ethereum, just sign in with Ethereum.
And I go like, I hit the Metamast transaction. I hit the thing on my ledger. I hit, you know,
something on my mobile phone and boom, I'm signed in. Well, since you asked for the very strong
version of it, Ryan. What happened was, would be that you generate a completely new identifier just
for that interaction that's not correlated with anything. Okay. And you don't actually need to have any
transactions to spawn a new Ethereum address. You just make a new one and you can sign in with that.
We can then associate other data that you want to to that session and you can bring in parts of your
portable social media graph. If you're signing in with Ethereum to a service and it's a support,
the extensions that are under development,
then you'd be able to bring in a bunch of signed statements
that represent things like follows, likes, tweets,
and you can bring that as part of your session,
or you can bring it out.
So the beauty of that is a new eth-address to spawn.
That means there's no trail, essentially.
I'm not linking any other privacy-leaking data to that,
and that's the strong version of this.
But the ability to just sign into any of these social media apps
is the picture you're painting.
Yeah, it's not just one,
and then you have to depend on the data inside the database,
but you just have your whole graph with you, right?
Okay.
What does this mean for password managers?
That's the bane of my existence.
You said earlier that, you know,
the average password people have are 100.
I think I must be a little above average,
at least in the password category.
Yeah.
You know, people use password managers for this thing.
I don't know if you've been tracking the success of password managers.
Last pass just got freaking hacked again a month ago,
leaked all of this data.
Like people, you know, freaking out as a result of that.
and, you know, as they should be.
Does this mean passwords go away?
You were talking about this idea of authentication,
which is something you know and something you have.
Password is something you know.
And now we've moved it.
We've done kind of a hot swap.
And now it's something you have, right?
Because private key is not something you know.
I don't know what private key is,
but it's something I have.
So does that mean we obviate and we kill passwords
and password managers?
We've been trying to kill passwords for like a decade now.
It hasn't worked yet.
So I think that there's still going to be
a long tail of passwords floating around.
But I think that there will be fewer and fewer passwords as we see more passwordless login solutions make their way into the market.
And I think for password managers in particular, they do have an opportunity to move up market and start helping with other forms of data.
Auto-filling things, managing credentials, being part of this whole idea of a data vault, right?
That is, I think, a really good progression.
I think one of the Archeles heels, though, is that they haven't necessarily needed to innovate on the custody side so much.
Some of them have decent recovery flows, but I've just seen so much more investment in this category in Web3 and the walls we have here.
Different multi-party compute solutions, social recovery mechanisms, these abstracted accounts that allow a smart contract to participate in key recovery.
Custody and U.X are probably the two biggest problems in identity in Web 3.
Well, let's look at that right now because, again, we're talking about the strong version of this.
We're signing with Ethereum is maximally successful.
Does this mean I'm using metamass to log in with everything?
am I using a hardware wallet?
What happens if I lose my private keys or if I pass away?
This age-old problem is like Metamask is great for what it is,
but it's not yet ready for mass adoption for everybody using it and for sign-in.
Is there a different future that a fully realized version of this would paint?
Yeah, and it's not necessary that you use a particular wallet.
You can use the wallet of your choice,
whether the market evolves for it and supports it.
That's what you're looking at.
So I think that in the strong version of it, you don't actually have to pick from the wallet selection screen anymore.
It just kind of knows.
And it's a lot more transparent, right?
Because you've already set up what you like to log into that website with.
In the strong version of this, too, do we have smart contract wallets where we have like, you know, recovery, social recovery type features?
Because that's a fear people have as well as, my God, what if this signed with Ethereum was my password to everything?
And I lose my private keys.
I'm totally like, what happens to me then?
We frequently talk about the dystopian nature of China and disappearing people, right?
But if you get the exact similar relationship with being disappeared, if you just lose your private keys, that's bad.
We don't want that.
Yeah.
So today we already support something called Dow login, where someone can log in on behalf of a Tao.
What?
Yeah.
So a lot of Taos have these delicate lists that they typically can log in on behalf of a Dow if you're on that list within a smart contract.
and that allows you to, you know, administer bounties or manage your relationship with a service as the doubt, not you.
So we support that workflow based on the smart contract.
In principle, you could just have a list for yourself and rotate keys out.
So we have the inklings and beginnings of this already, I think.
Okay, so again, maximally successful.
Here's a pain point that I have in my current state.
I was telling David the other day that I've just been opening up some exchange accounts, right?
And in order to authenticate me, they need my nation state identification, which is basically
a JPEG of my driver's license.
And then I have to look in the camera and smile and get a selfie, right?
And that doesn't feel very secure to me because if anyone has those JPEG files, they could
do the same thing and open account somewhere else.
Do we get rid of that in this maximally successful version of signing with a hearing?
Definitely.
The role of zero knowledge proofs will only increase in identity, in my opinion.
We have some clumsy ways to do selective disclosure.
day. For example, one of the privacy benefits of a mobile driver's license and other forms of
credentials, when you're at the bar, you don't need to show the whole thing, right? And that's
a big problem for people who don't want the bartender or whoever to see their address,
because why do you need to look at that just to see if you can drink in the U.S., which is over 21, right?
So in these solutions that are that the tech industry is working on, a lot of the privacy
maximalists are making sure that we're putting just fields over 21, just proving that. You can easily
imagine, if you're familiar with zero knowledge proofs a little bit, how you might be able to prove that in a zero-knowledge way where you have maybe a date of birth or something, and there's some kind of circuit that transforms so you can see if you're over 21 or not.
Basically, my driver's license is proving that I'm a citizen of the United States. I'm not on an OFAC sanctions list, basically. So you're saying I could do that privately using sign-in with Ethereum zero-knowledge proofs rather than, you know, my selfie.
So two parts to that, but I think, yes, you could do that.
And the zero-knowledge proofs can happen completely independent as part of this digital credential, right?
And it could be enabled for zero-knowledge proofs.
But then you might use signing with Ethereum if you wanted to associate it with your Ethereum address or you decide not to do it.
And just to really drive this point home, because I remember, I think I was listening to a podcast when I had the same aha moment.
And it was that bartender metaphor that really did it for me where you're going into a bar and,
the bouncer or the bartender says,
hey, can I see your ID?
So you give them your ID,
and what do you do when you give them your ID?
You give them your date of birth,
you give them your home address,
you give them your weight,
your height, your eye color.
There's a bunch of extra information
that you give this bartender,
and you actually don't even need to give the bartender
your date of birth.
You just need to prove to them
that you are older than 21 years.
You don't need to tell them how old.
You just need to prove
on a binary yes or no.
basis, yes, I'm older than 21 years old. And so, Wayne, what you're saying you can do is you can take that data of a driver's license, put it in your identity vault. And then if this exchange website that Ryan's trying to sign up for wants to understand that, yes, I am a citizen of the United States and I'm not on a no fact list, you can put that through a zero knowledge proof. And out of that zero knowledge proof comes a binary answer saying Ryan Sean Adams is a citizen of the United States and he's not on a no fact list. And it doesn't give that exchange.
any more information beyond that. And I think there was a term for that that you use. I think it was
like minimal disclosure or something. There's like an ethos about this that's in this world. Can you talk
about that? Yeah. So Kim Cameron commonly has his laws of identity, which has minimal disclosure
as part of that. And it's a lot of the principles of people with the decentralized identity
ecosystem. So I think another important thing to talk about is what is privacy, because that's
something people say over and over again at hominin, but no one really sits down and talks about
what they mean by it, right? So I think speaking of other ideas that we like to draw upon in this
ecosystem, there's an author Helen Issenbaum who writes about contextual integrity. That's her book.
And in that, she has a definition of privacy that she works off of. And that definition is
having appropriate control over information flows. So it means that you're, what expecting to happen
happens. Maybe your medical records can be shared from your physician to a specialist, but maybe not to an
advertiser, right? So having appropriate control of your information flows might even mean that you
have an ENS name that you like to be public and associated with your public Twitter presence.
And that definition, that could achieve privacy because it's doing what you want to do in terms
of disclosure. What about some of these big problems the world is facing right now? I'm wondering
if signing with Ethereum has a role to play here. And let's talk about two. It seems to me there's a
big problem. Twitter is seeing this, but everywhere is kind of seeing this with different bots,
propaganda bots, for example.
How can you tell what's a propaganda bot
and what's a real person
on Twitter, something like this?
And Elon Musk is trying to battle the bots
with, I think, much limited success, right?
Does this sign-in-with-E theorem solve that problem?
I think it solves it in that
we can allow people to bring the data
they want to share as part of their interaction, right?
So if you sign in with Ethereum
and you hadn't an Ethereum transaction at all,
that creates a really high cost of attack
compared to zero, right,
that you paid a gas fee to do something,
that could be used as part of a civil prevention strategy
to know that this is not a bot.
If you did other things and you collected little credentials for it,
then you can present those as well.
So it can combine your on-chain and off-chain data
and a way that you choose to prove what you want to about yourself.
This is, by the way, where I could see nation states getting on board
and getting excited about this,
because I don't think they currently have an internet-native way
to prevent propaganda bots from attacking their citizens
and swaying elections, do they?
No, but, like, this is a solution to that, potentially?
That there's promise in that.
How about the idea of deepfakes?
You know, so what, you know, all the deep fake problems,
if a fake David and Ryan, somebody spun this up with, you know, an AI
and put out, say, YouTube video that looked just like us
and told us to buy whatever scam coin, like, this is a huge problem.
Can it solve deep fake problems and, like, that level of, you know, authentication?
So there's one mode we're experimenting with,
for signing with Ethereum, where you can spawn a new random key.
And you can use sign in with Ethereum to give it some powers to create credentials,
issue them, or do other things like access to data vault.
We call there session keys.
And basically, if you used a session key to issue a data license that says,
hey, I, Ryan, say that this is definitely not a deep fake, signed off by the same key that
everyone knows you as your Ethereum account, right?
they can check that there was a root of trust in that Ethereum account, and it authorized that
content to come out. And that way, anything else could just have more scrutiny versus the stuff
that you basically attributed as genuine content.
Can we go into Session Keys a little bit more? Like, what's a Web 2 correlate for Session Keys?
And how is Session Keys kind of changing the game with how it relates to that?
Yeah. So I think that Session keys are a way to use Ethereum addresses to sign other things
in Ethereum transactions.
And we don't always want to, you know, if you have your private key that's very important
and it's in a hardware wallet, it's good that there's some friction there before you just sign
things willy-nilly, right?
But that creates a U.X problem.
Imagine if you had to use your key to sign for a lot of things, like renaming a file in
decentralized Dropbox or moving stuff around.
And every time you got a wallet prompt to do that, that U.S. is really, really difficult
to work around and kind of a non-starter.
So what we can do instead is make a new key in the browser.
And that's not a very, very secure place to keep a key.
So we give it far less permissions.
So we can do far less damage.
And it expires automatically, very similar to a cookie.
And we can interpret sign-in with the theorem request to give limited sets of power to that key in a way that you authorize for that session.
So that's what we call it a session key.
And you can use that session key to do things like access your data vault,
You can use it to issue credentials.
For example, if you're on a decentralized social media app and you click follow someone,
maybe you sign off on a statement that, hey, I follow this person.
They get a copy.
You get a copy.
It points to a place where you can retract that if you decide to unfollow them.
And basically, you can go on your merry way with all these credentials of people you've followed
and your followers.
You can bring that with you wherever you want, right?
So session keys can enable a lot of things, and they shift us towards interactions
that are just based on signing.
And we don't need cookies anymore
because cookies are used to maintain sessions.
Can you say that?
So we don't need cookies anymore.
So for people who don't know what cookies are, right,
I guess maybe, I don't know if we want to go to all the detail,
but just a quick crash course of cookies,
this is the thing that apps and websites use to track you
from website to website, basically.
And so they can be used for good U.S.,
which is kind of the genesis of them,
but they're also used to kind of like, you know,
store data about you and maintain kind of your identity from place to place in ways that you
might not want disclosed. So you just said that this could obviate the need or kill the need
for cookies. That seems like that could be a very good thing for users who want to maintain
sovereignty of their own identity and their privacy online. Am I reading too much into that?
Or is that really what you're saying? There's some nuance to it, but yes, we wouldn't need cookies
in this model. So the types of cookies that really erode
privacy happen third party cookies. And the whole advertising industry is figuring out what to do as
those go away. They are going away. So people are panicking. Third party cookie means that a different
website is able to, you know, plant cookies on you and kind of track you around. We won't go too much
into it. And then there are cookies. If you've ever been to an EU website and, you know,
it says allow all cookies are just the ones we need, right? Well, just the ones we need are typically
used to maintain sessions. So when you revisit the website, you're still logged in.
That is important to the function of the website so they can remember who you are and continue where you left off.
But I'm saying it's possible to shift to a system where you just show up with your keys again and you can sprinkle a little power into a session key and that can improve who you are with any of your interactions without them having to maintain this so-called stateful relationship with you, having to remember you every time.
You just sign and bam, it works.
Kind of like sending a transaction to Ethereum.
You don't have to log into Ethereum to send a transaction.
You just make one.
And it sounds like it's just lowering the barrier to what it would take to have a private key-enabled Internet experience.
So what you're saying is like there's a bunch of use cases where having all of the benefits of what we've been talking about here with the sign-in for Ethereum podcasts.
Except there are many, many, many use cases on the internet where even the act of just like a drop-down menu in Metamask where you click approve is too much time in labor and attention.
attention. There are parts of the ways that we navigate through the web where we need it even more
seamless than that. And so you're saying a session key is this like in the background,
disposable private key that has temporary limited authorizations that allow you to experience
the internet in its fullest without having to be prompted to sign a message all the time.
Yeah. Not only is the UX better, but I think there's a huge empowerment element to it too.
Because if you are online in digital world, right, and now you're able to be able to,
to make digital statements by signing them cryptographically, that is a huge degree of empowerment.
For example, you can do things that you just can't do now.
What if you wanted to give someone these photos, but just for a week?
You can't hold on to them longer for that.
How do you represent that?
You can make a data license that says one week from this date, signed by one of your keys,
and that can be linked back to you, right?
So I think the ability to make digital statements, and you can view Ethereum transactions
as a kind of digital statement is a really important question.
primitive to moving towards decentralization. So this whole thing, this whole paradigm is called
sign in with Ethereum. But Ethereum is a blockchain with like assets and stuff. So far, I don't
think we've talked much about the actual role of the Ethereum blockchain as it relates to sign
in with Ethereum. What role does the blockchain play? Yeah. Well, without Ethereum, there would not
be signing with Ethereum, first of all. But after that, you can think of it as a network effect.
Why do people want to install sign in with Ethereum at all, right? Well, a lot of
lot of the early use cases have to do with, we want to see if someone has a certain NFT or asset
or something so that they can get different treatment in terms of they got the right NFT so they can
do this thing. So it is authorization for a lot of these services. So you said we talked about our
data vault, our identity vault where we keep data private. But maybe our public addresses on
Ethereum are our data museums. Yeah. As in like, hey, go look at my NFTs and like the other things
that I've collected, all the POAPs. Is that a fair way to describe this?
is a great word that we should adopt as an industry because it gives exactly the right context
because it's there on display, right? So we can think of that as a base layer that everyone can see.
And then you can start layering other stuff that you want, depending on what digital interaction you're having.
But prior to this, like to sign into a website, when again, we're using the term sign in with Ethereum.
But you're not making a transaction. There's no other use of the Ethereum blockchain other than the
data museum utility that we just talked about, or is there something else?
There's like no gas fees that this requires.
Right. There's no gas fees. So you can make a new Ethereum address. You can sign in with
Ethereum. It costs you nothing, right? But I think that what's exciting about it is you get
to use what's established on the blockchain about you. But it might also cause you to get more
things, right? What if you can access another air drop or something because you sign in with
Ethereum? Now you're writing back to the blockchain. And we think that there's an opportunity
to create a virtuous cycle where you're either writing back to the blockchain. If you do want to
showcase it in a museum or you're writing back to your data vault. And this allows us to move
towards really decentralized applications. Okay, so Wayne, I'm trying to understand a bit more like
just getting my head wrapped around Ethereum's role in this and identity. And you mentioned
when we brought this up just now, a network effect. Yes. So Ethereum is kind of like the cedar
for getting private keys. It's a bootloader for getting private keys in everybody's hands.
And how does it do that? By Ethereum becoming very useful. And
I have many different Ethereum addresses because it's already very useful.
So I have, you know, already natively have kind of sign in with Ethereum.
So it's a bootloader.
I understand that as a piece of it.
Would it be inaccurate to call Ethereum, we call it a settlement layer for assets, right?
Which is, I think, definitely the right mental model for what Ethereum actually is.
Is it accurate to say it also becomes, with signing with Ethereum, a settlement layer for identity?
It could be.
I'm not sure that that's, okay, is that accurate?
not. Does identity actually require the crypto economic security properties of Ethereum,
or is that just sort of a byproduct of we just seeded the world with a whole bunch of private keys?
Does my question make sense?
It does. I do think of Ethereum as one of the most successful public key infrastructure
adoption events ever, right? And that has huge implications for folks. But in addition to that,
I don't think it's just that, right? I think that signing with Ethereum is the most natural way for
with your users to log into services, sure. And I think, is there a settlement layer for identity,
which identity is already a loaded term, but for part of it, for example, if we zoom into control of
identifiers, talking about losing keys and everything, there are smart contract wallets or
a multi-sig. It can serve as the base layer for that. So you use an abstracted account to sign in with,
and if you lose any of those keys, you can have recovery mechanisms to build it back up, right? So,
in a sense, that is a settlement layer. There are also other settlement.
element layers too. If we need human readable addresses like ENS names, then you might want to have a
common name space that you can't civil attack or have two of something or double spend having the
same name, right? That is an important primitive. DNS solves that for the internet.
Why isn't this then log in with Bitcoin or log in with Solana? Like, why are we calling it these things?
So it's important to understand that there are, I think, a lot of technology components specific to the Ethereum ecosystem that we really thought were constructive in building decentralized identity ecosystems on top of.
So I think that the Ethereum builders have a certain expectation about, you know, how you sign messages to begin with.
We use an EIP one-in-one, which is personal sign from Ethereum.
And Bitcoin doesn't really have something like that.
maybe one of the bibs is similar, but then what wallet would I use to sign it with?
So by being able to really zoom in on which tech stack we're able to do, we're able to
have a lot of problems just solve for us.
Like we wouldn't be able to solve custody the same way that an ecosystem of wallets can
solve custody, right?
So to add that as part of our dependency tree before we get signed in with whatever to work,
it's a huge step.
So we saw like a very good positioning the ecosystem.
And also, as I mentioned before,
there is a DAP developer ecosystem who are excited to build for their users applications in a decentralized way, right? And these are across different portables. Sports, art, engineering, they're like developer DAOs and even transportation, tracking, you know, car usage and things like that. That could really benefit from these ideas of having sessions, having data vaults, having credentials issued and verified by users, layered in with a lot of.
lot of those stuff that you find in the public blockchain. I'm wondering if it takes advantage of
some of Ethereum's other kind of core features. So here's one great property about Ethereum.
It's great for kind of money, censorship-resistant money, and that is uptime. The thing just
never goes down. It always runs. Is that important when it comes to sign in with Ethereum?
Let's say Ethereum went down. Could you still sign in with Ethereum?
Well, just with the base account you could. But if you have a Dow login or abstracted account
and we can no longer look up the smart contract containing if you're actually in the delegated list or not,
that part would break, right? So an entire system is built on that would break. So it's really important
that that stays on for the more advanced functionality to exist in which Ethereum does serve as that
settlement layer. So you're just saying that Ethereum is a part of a grander tech stack and some
things will break and some things will be fine? It will gracefully degrade to a point, but I think a lot of
the more interesting complex features require an online blockchain. And some of them just
won't work at all. And then how about censorship
resistance, right? That's a great
property for money as well. It kind
of dovetails with this idea, I think, of credible
neutrality, which Vitalik has talked about
many times at Ethereum has. And I think
here's a link I'm making in my mind through this
episode is this idea that
you want, in order to provide
a global settlement system for
identity, let's say, or a global platform
for identity, you want the most
credibly neutral platform
known to humanity. And so, like,
you can't have a corporation,
control it because why a corporation is corporate governance and they can be nefarious and they can
be evil they're also located in a nation state what happens if one nation state goes to war with another
nation state for instance well then how can citizens of the warring nation trust the corporation
original nation right and so you want to put your identity assets on the most credibly neutral
database if i'm even using the right term available and i think that property also comes into play
It certainly comes into play with money. Does it also come into play with identity? Is that instinct correct?
Yeah, it's certainly correct. I think we're interested in building identity protocols that are decentralized
in that typically in most identity models you have the issuer who writes statements, maybe your school says you graduated,
you have the holder, maybe that's you and you have your diploma, and you have an employer who wants to check that you went to a certain institution.
They're the verifier. So issuer, holder, and verifier, right? And by decentralized identity, what I mean most,
is that you can play any of those roles.
You can write the fact that, you know, I know David in a credential and give it to David.
And David could do the same for you, right?
So you can play the role of issuer, you can be a verifier or you can be a holder.
And systems that are built with this in mind without favoring any kind of, you know,
large entities or something across these roles, they can just kind of exist neutrally
independently and kind of a fractal too.
And those smaller instances can integrate into infederate into larger instances.
And I think that's a very important property of neutrality and interoperability.
Wayne, are you familiar with Andreas Antonopoulos' Festival of the Commons idea?
Yeah.
Yeah.
So for bankless listeners, first, you should totally listen to Andres' Antoinopoulos' Internet of Money.
I listen to it.
It's an audio book, but it's also a book.
And he uses a metaphor, the Festival of the Commons, which is supposed to be the opposite of
the tragedy of the Commons, where the more people that are in and engaging with the
commons, the better it gets. And it's partly a metaphor for the ethos of open source. The more people
that contribute, the more people that are operating on this thing, the better the code becomes. And like,
my gut instinct is telling me that there's something about sign in with Ethereum that is aligned
with this whole festival of the commons idea. And I think that's really about how do we fill up our data
vaults, or identity vaults, so that there's like a party in there rather than an empty vaults.
Because like right now, I don't have a data vault. And if I,
did have a data vault, I'm not really sure what I would put into it. And so I think there's
kind of like this bootstrapping problem where, like, I'm not going to get a data vault because
I don't know what to put in there. And no one's going to make anything for me to put into that
data vault because no one has a data vault yet. But I think as soon as this ball starts to roll,
it starts to go from an empty room into like, you know, a party in there. Am I tracking onto something?
Yeah, totally. And I think that it's going to just have to be use case driven. So there were very
specific use cases that you start with, such as storing preferences for DAPs or being able
to bring parts to your social media graph with you, and the Data Vault side will just be invisible.
And people working on it should make sure that it is user controlled, but you won't really
think about it so much.
You'll just think about, oh, I'm able to load up my SoundCloud account.
And now all my favorite artists are loaded up because I decided to share that.
And that's what you wanted to do, right?
The fact that it went through a data vault you controlled is aligned with the principles,
but not necessarily to focus on at this point.
As more and more things get accumulated through these different use cases,
we're going to find overlaps that you might want to present your cell cloud account over here,
or you might want to present the fact that you're a member of this data over there.
And I think once we start to do that, we'll think about how do you manage all this stuff in your data vault, right?
So I think that's going to help the emergence over time.
There's a video that we, it's been a while since we talked about this video on bankless,
but it turned into a meme, I think, during the bull market.
And it's of this video of this one guy at some festival somewhere, and he's just dancing.
Weird dancing, totally solo.
He's dancing for like 20, 30 seconds.
And then one more person just decides to be weird and goes and dances with this guy in the middle of this music festival.
And then like five seconds later, a third person joins and a few seconds later a fourth person joins.
And then as you watch this video, the whole entire lawn just like gets up and everyone's like dancing together.
And it's just like, it just needs a little bit of a snowball to like roll.
And I kind of think that's how we end up filling our data vaults.
Is this like we have one use case, we have two use cases, and then this ball starts to roll.
Is that how you see this roadmap going?
Yep, definitely.
And I think the initial conditions that we need to align it, you know, Festivist of the Commons, well, I think one of the most important things is getting everyone in the same room.
So we had, you know, community calls every month and we still do on Twitter spaces where we have people like engineers and product people and just people who use wallet.
show up from wallet companies, from DAPs, users,
and they're all in the room and listening about the problems we're experiencing,
and we start to reach rough consensus around what are the problems that are important to solve.
So some of the topics, for example, is how do you encrypt to an Ethereum address, right?
Everyone has a different way of doing that.
And if we just agreed on one way, in the same way that we were able to agree on signing with Ethereum
and figure out how it interoperates with other parts, then no one ever has to solve
problem again, and we just kind of get that core piece of the tech tree for free.
Right. Okay. So it sounds like I'm reminded of the phase in Ethereum's roadmap where
all the research and development was done. Like, we know that we can build it. Now we just have to
build it. And it kind of sounds like that's where signed in with Ethereum is the pieces are all
laid out. It's just now we need to put them together. Like there's no like hypothetical research
that needs to be done. It's just a matter of like we need people to come to consensus on things and
start implementing standards. Yep, exactly. And,
I think that that's another benefit of the Ethereum ecosystem. We're watching other developments
that the Ethereum Foundation and other researchers are working on, especially in zero knowledge.
And we're just saying, oh, wow, you could just take a snark and put it in this use case.
And instantly, you have zero knowledge applied to identity credentials instead of just the blockchain, right?
So being able to just leapfrog like that, too, is another big benefit.
So, Wayne, I would say something like 99.99% of websites that we log in to use a Webtoe,
login system, the thing that we are trying to disrupt. They use identity banks for us to prove our
identity to them. How do we get from where we are now to where we want to be, where 99.9% of
websites use login to Ethereum. How do we go from A to B? Yeah, I would say it's a different model
of computing that is enabled. You're signing in password list, but you also have all this
potential bringing your data vault, bringing your data with you, et cetera, right? So we have to
identify the market first for where that actually makes a lot of sense for the applications.
And right now that's DAPS and adjacent application.
Let's call them Web3-enabled Web2 platforms as well.
And for them, it's actually the best thing for their user.
Like, Ethereum users don't want to add their email address or a phone number or something.
They already have an Ethereum account.
It's literally the best way for them to sign into a service, right?
And then DAPS, actually, a lot of them don't have back-in databases or they'd much prefer
the user bring their own, right?
So for these demographics, it's actually the best solution.
And to the extent that this ecosystem is able to prove out use cases across a bunch of different verticals, such as, you know, art, such as health care, et cetera.
And that will accumulate the value of this mode of interaction to the point where you can get enough value proposition to convince other people.
If I go to, you know, large companies today who are, you know, happy with their post-gressing,
database and I say the user can bring their own database, I'm going to get some eye rolls. But for people
who don't have a database to begin with, they're actually really excited about that mode. But if the
user Data Vault can do so much more and there's so many more privacy benefits when you sign in with
Ethereum, then I think we can get to the point where we start to look at the next markets and expand
from there. Right. So that's how I'm conceptualizing it. Wayne, just summarize this for us as we start
to draw to a close here. Okay, so sign in with Ethereum. What does this do for
What does this do for people on the Internet, the human beings that we all care so much about?
We talked about shifting power back to the individual.
Is that the core feature here?
Bottom line this for us, why did you decide to take on this problem?
And why is it personally important to you?
And what do you think it can achieve for the world?
Sign in with Ethereum is one of the first steps to letting users control their data across the web.
Using public-private key cryptography, we're able to just enable new modes of interaction that are user-centric at core.
Issuing credentials, being able to write permission slips to access data, moving to a model where instead of logging into the platform, the platform logs into your data fault.
I think that all this is possible when you switch to signing with Ethereum because of the direct authentication and builder ecosystem after that.
Wayne, thank you so much for being with us today.
David and I are super bullish on this technology. I tweet this back a couple of years ago. I think it
remains true and I'm even more bullish about it. There will be two phases of crypto. In phase one,
we take back our money and phase two. We take back our identity. I think we are entering phase two.
Signed with Ethereum is a key part of that strategy. And this makes me optimistic about the world.
And ultimately, that is why David and I are in crypto, why I hope you bankless listener are in
crypto. And Wayne, it sounds like that's why you are building in crypto as well. So we
appreciate your time and thanks for all the work towards this mission. Really grateful to be here.
Thank you. Action items for you today, bankless nation. Go to the spruce website. That is spruce ID.
com. You can also read about the EIP. We've been talking about the original signing with Ethereum
EIP. That's EIP 4361. We'll include a link in the show notes. It's a little light reading.
Not too bad on that EIP. Have you ever read an EIP, bankless listener? Because now today is your
opportunity. I thought you were about to ask me, David. I know you didn't ask me if I've read an AEIP.
I've authored an EIP, my friend.
That's a different story.
Barely.
Risk and exclaimers, guys, of course,
you've got to let you know,
crypto is risky.
You could lose what you put in,
but your identity is something
that you will never lose.
Hopefully, if we get signed
in Ethereum humming,
we're headed west.
This is the frontier.
It's not for everyone,
but we're glad you're with us
on the bankless journey.
Thanks a lot.