The Guts of Self-Sovereign Identity, for Distrusters

5 min readAug 28, 2023

Suppose that no kind of tagging or branding is necessary for us to be enslaved through digital identification, with or without central bank digital currencies.

Nobody seems to hold this view, let alone argue for it. Worry about digital ID among the skeptically-minded thus appears grounded in fear of being rounded up and managed like sheep or cattle.

Oppressive tagging is inherently centralised. Ergo, objection to it is irrelevant to SSI or implies that the concept of a decentralised identifier is (DID) not robust in theory or else practice.

To explain why not, a further argument would thus be required to expose a flaw in the DID specification or at least one system alleged to meet it.

Yet in fact, most expressions of worry about digital ID suggest a categorical lack of awareness that SSI exists, let alone that it dominates digital ID initiatives.

How can this be when Klaus Schwab controls everything on earth for central bankers?

To be honest, I’m not entirely sure.

It may have something to do with the fact that evil is typically stupid and however availed of intelligence, at most cunning and generally never innovative. Engineers and entrepreneurs, on the other hand, persistently compete to meet practical needs, including secure online identification.

Then there is the original decentralised nature of the internet, the ethos of which endures in its venerable pioneers and their nerdish heirs. There was naturally a time when this crew mixed pretty thoroughly with decent journalists and genuinely progressive activists. Yet the kinship sadly declined since Democrats embraced resentment of Wikileaks for alleged collusion with Russia, joining in common cause with predominantly neocon Republicans and thereby the Western deep state in general.

A sense of community around informed, wholesome and healthily sceptical idealism thus took a hit and became more fragmented into its various sub-spheres. But the legacy of cypherpunks who gave us Wikileaks and crypto continues to evolve and prosper in that technical sphere. It is just that there is no longer so much intercourse between those who pursue it and the present, relatively agitated, world-wide community of conspiracy realists.

That is merely a prefatory remark, however, to clear the ground somewhat for laying the issue out in terms of first principles, as follows.

When we come into the world or do any other thing that somebody notices, they get information about us.

The case for SSI is that by design and for all contexts, compared to any other theoretically possible analog or digital scheme, it provably maximises discretion and security in revealing personal information.

I will presently argue for this and indeed the following proposition.

If SSI is coming from monsters, to help them get us, we should welcome it as part of a plan that can only backfire, because each attack surface of SSI and its uses is minimal compared to those of the status quo and every alternative.

There are only two vulnerabilities that SSI does not patently excel at reducing and both are extrinsic to it. These vulnerabilities are:

  1. A backdoor to your device.
  2. Abuse by the recipient of information you elect to reveal to them.

The backdoor vulnerability is no worse for SSI than anything else because it only applies upon data entry or decrypted recall by the user. Storage and transmission risk are virtually nil due to key-pair encryption.

Consent to share information for reaching agreements is inevitable in life. SSI maximally reduces the information content and thus any scope for its abuse. Per consent, no more than one specific question is answered (and with no room for doubt).

Examples include that you are over 18, without any more detail as to age; that you are a unique human, without indicating who; that you are a citizen of a particular country, without giving name, date of birth or address, etc.

SSI will not stir an increase of demands for identification just by making them easier to meet, because apart from consent, under the present status quo there is little difficulty or hesitance in meeting any imaginable demand for credentials.

A decentralised identifier (DID) is literally nothing but a tiny, method-associated, data string. In effect it is merely a pseudonym and key-ring to which credentials are attached that, apart from the issuers, can be known to nobody without the holder’s case by case consent.

The only other things attached to it are public and private keys, familiar as common to all cryptocurrencies.

Biometrics could only relate to SSI if and when a DID is credentialed as representing a unique human. Perhaps ironically that is the least specific, sensitive or potentially comprising kind of personal information there can ever be.

Any other access, storage, transmission or processing of biometric data, if sold as SSI, necessarily counts as fraud and assurance of preventing such comes through full transparency via open-sourcing, public scrutiny and regular auditing.

Now if that sounds dodgy, one might seriously ask what on earth should not sound dodgy.

But suit yourself either way. Others will make their own appraisal and we’ll see what eventually happens, against the backdrop of a few agreed facts and vying narratives.

Yet under the worst case of massive SSI fraud and abuse, which pass undetected despite everything, some personal information of yours, of the general sort presently on various internet-live computers you don’t control, will end up in a new record that may be used against you in some nefarious way, though only if you get an eyeball or two subsequently scanned by an unsound private or government entity.

How much easier would this really make anything for big or small bad actors? Why wouldn’t all that tech-intensive cloak and daggery be more pain than its worth by comparison to tweaking current mass-surveillance by the NSA, phasing in centralised biometric scanning, ramping up corporate and state hacking, or soft-pedalling permutations of the three?

Could SSI just be a cover story and all the more dastardly a deception for evincing every bit of the straightforwardly wholesome and liberating utility it promises?

Is it some kind of gateway drug to fully dystopian centralisation, even though we’re long-accustomed to daily use of insecure, centralised digital methods of identification?

Would the thrill of newfound security and empowered personal sovereignty just get us addicted, not to more of the same, but somehow to the precise opposite?

Is that how drugs work?

I submit that one may find amid the foregoing a good question or two.

Yet my fundamental point, again, is that if the entire development of SSI were nothing but the careful setting of a predatory trap, it is nonetheless categorically the best way to guard and pursue freedom.

That’s right, hard data logic in the public domain trumps the bejesus out of all establishment or conspiratorial intention and influence, let alone counterculture.

That is the realisation which makes a cypherpunk. I salute cypherpunks.

Naturally you needn’t answer (if even own a relevant opinion), but who and what the hell are you?

Luddites and diehard conspiracy theorists might stick to their guns, yet when arguments fail they may only have emotion or assertion for sustenance and to the degree that they cling to such in the present case, their theory and practice indicatively overlap with each other’s.

Anyway, one can lead a horse to water but not make it drink.

Yet if it could speak, you might chance a debate on why not.

And that being so…

How dumb might it be to persist in braying or avoiding the issue?




Were anyone to discover the whole truth, they would sadly find it offends all parties.