What Is A Trust Anchor in the Web of Trust

How uPort is helping create a network of private data authenticators through the power of distributed cryptography.e

Let’s start from the beginning.
uPort is building a decentralized identity platform.

Utilizing the collective efforts of many brilliant minds before us, uPort is helping usher in a new era of the Internet — merging together ideas like the Web of Trust with decentralized technology, like the Ethereum blockchain, to create an always available, ever persistent and immutable Universal State Management System for digital identity.

How do I put this simply?

We’re taking back ownership of our digital identities. Join the Community.

And together we are building the Web of Trust.

Let’s talk about trust anchors.

awwww 🤗how cute 💒trust anchors!

First A Little More Context — A Decentralized Blockchain

The Ethereum blockchain, a Universal State Management System, can be described as a censorship resistant distributed global ledger. One of the inherit features of this distributed ledger is the ability to construct
self-sovereign identity protocols atop the global database.

Ethereum’s emerging Web of Trust will power the Internet’s next identity evolution. And that’s a good thing.

Before we starting talking the Web of Trust and specifically trust anchors, let’s start with self-sovereign identity. What is self-sovereign identity?

Self-sovereign identity uses multiple, relatively complex layers of cryptographic ceremonies to provide complete data ownership back to the individual, while maintaining interoperability (trust) across the Internet.

Put a little more simply, you can control your private information on local devices (owned by You) whether that’s browsing history, financial records, medical information, etc… and still share that information with third-party entities, while maintaining the trust and authenticity using cryptographic signatures.

The current Internet’s de-facto identity providers, like Google and Twitter (plus many others), will eventually be dis-intermediated and users won’t have to rely on a central authority, to provide critical Internet functionality, like identity and authentication. Because these centralized services provides will be removed from the equation and power will be given back to the individual, this is referred to as self-sovereign.

Sovereignty is defined as “supreme power or authority.”

Self-sovereign identity refers to supreme power and authority over one’s individual digital identity. Through the power of decentralized systems and carefully choreographed cryptographic ceremonies, it’s possible to give users back control of their private information, without compromising data integrity and authenticity as it’s securely shared a network.

Welcome to Web 3.0.
Where the individual is empowered and business costs are lower.

How Does the Modern Web of Trust Work?

Let’s pause for second. I don’t want to pretend the Web of Trust is a new idea or concept that has emerged with blockchain technology. Perhaps quite the opposite. Like I said before, many brilliant minds have been working on these decentralized digital identity systems and protocols for some time now.
It’s likely the Web of Trust and other decentralized focused technologies provided the original inspiration for blockchain technology.

However, these new technologies like the Ethereum blockchain introduce novel concepts, like digital scarcity and decentralized money. These novel concepts when applied using mechanism design, is great news for building networks and communities, around otherwise obscure cryptographic ceremonies.

What exactly do I mean?

What appears to be occurring is a resurgence, some might say a renaissance, of established ideas like a Web of Trust, Public Key Infrastructure and even Key Signing Parties.

These ideas, while they existed in fringe communities and networks, will become staples in digital identities evolution and helping to reshape the global economy. These concepts are beginning take a hold of the Internet’s core infrastructure and essential building blocks. And that’s a good thing.

There are two keys pertaining to a person: a public key which is shared openly and a private key that is withheld by the owner. The owner’s private key will decrypt any information encrypted with its public key. In the web of trust, each user has a ring with a group of people’s public keys.
Users encrypt their information with the recipient’s public key, and only the recipient’s private key will decrypt it. Each user then digitally signs the information with their private key, so when the recipient verifies it against the users own public key, they can confirm that it is the user in question. Doing this will ensure that the information came from the specific user and has not been tampered with, and only the intended recipient can read the information (because only they know their private key).

Put simply, a Web of Trust allows users to authenticate the originating point of information using the a public/private key-pair data signing ceremony.

In addition to following this decentralized trust network model, uPort has created additional systems, like the storage of JSON web tokens, to allow for indefinite storage of encrypted messages, which can than be shared with other third-parties. Otherwise known as our verifiable attestations.

Community Is The Driving Force

Without digital communities, built upon cryptographic primitives, it’s not hard why to see these technologies didn’t reach mainstream adoption amongst individuals. Before blockchain technology, the general population didn’t know what a public/private key-pair was or why it was important.

cryptocurrencies everywhere!

With the advent of popular blockchains, like Ethereum, and the emerging ecosystems surrounding blockchain technology, everyday people are being introduced to cryptography vernacular.

And because of this alignment of incentives, it’s now possible to re-introduce community building and peer-to-peer technology systems into our social and culture norms using the shared understanding of how and why cryptography is important in our day-to-day lives.

The Importance of Trust Anchors

So we’ve established what a decentralized, self-sovereign identity is. The arrival of an existing idea’s time i.e. Web of Trust and Blockchain technology. But, we’ve yet to discuss the importance of trust anchors and their roles within a network of decentralized identities.

Let’s start with the core problem. A user story.

What if I’m the only person who can make claims about myself?

In other words if I am the only person able to make a claim about my name, birthdate, address, etc… without any third-party verification, than you have to put a LOT of trust in me to always tell truth. But what if we’ve never met before? And I’m incentivized to tell a false claim about myself for my personal benefit. How would that work?

Let’s create a totally hypothetical situation. I would never ever, ever do this (ever), but imagine I’m 20, and of all my co-workers are 21+ and they say to me…

“Hey Kames, let’s go out for drinks this Friday after a hard work of week of coding and meetings!”

unto which my hypothetical response would be…

“Like totally bros! Let me just generate a quick claim that states I’m actually 25, so when the bartender asks for my identification, I’ll just share that claim and get into the bar easy-peeezy, pumpkin squeezy”

I need go no further to demonstrate why self-made claims are a bad idea.
Not always — but for many and most occasions.

Fortunately, that’s not how the physical world works. Nor the digital one.

We don’t take each individuals word as truth — and that’s for a number of different reasons actually. Sometimes people will lie, because they have an incentivize to do so. Other times, people will attempt to tell the truth, but in the process, as we all know, humans have the tendency to project their subjectivity and share “true-ish” claims with others.

Trust but Verify — An Optimal Strategy

Regardless of the situation, it’s important to have trust anchors who verify critical information. An entity or collections of entities, who have properly aligned incentives to always tell the truth, or at a minimum have the capabilities to very the validity of claim.

Let’s start with a few examples of trust anchors and corresponding networks:

  • Government
  • News Media
  • Humans

When closely examined it becomes obvious trust networks are integrated into every part of our society. We use these trust networks for literally everything.

Government Trust Anchors

The government issues identification cards, containing essential information like name, address, height, hair color, etc… And we as individuals, business and organizations recognize these ID’s as valid. They are a valid source of trust for almost everyone.

For example nation states, like the United States also issue Social Security cards to every newborn baby, to more or less serve as a universally unique identity or as developers call it, a UUID. A Social Security number is a lot like a decentralized identity, except it’s from a root certificate, so it’s actually a centralized identity 😅 but you get the point.

Social Security cards are given validity because almost everyone trusts the United States Government to issue valid identifiers. And Social Security numbers are unique to each individual, which make them valuable.

Hence, the United States Government is a trust anchor.

News Media Trust Anchors

While the following example is a more abstract in contrast to the example of physically issued identity cards, I think it serves as a good demonstration of people’s desires to outsource trust to third-parties. It’s impossible to know everything, across all knowledge domains, at any point in time, and so we use distribute these cognitive costs to specialists in the Media networks.

Hence, we make sense of the world by relying on trust anchors (brands) to help us navigate the world via news in the form of reporting, articles, interviews, tweets, and other means of more easily understanding the world around us, without requiring reasoning about everything from the bottom-up i.e. not using first principles methodology to try and understand everything happening on a day-to-day basis.

Moderns humans rely heavily on media outlets to serve as trust anchors.

However, as of recently, this trust is quickly being degraded because of the phenomenon known as fake news. I mention this fact, because it’s important to highlight that as trust networks evolve, it’s essential to remember not all trust anchors are to be trusted for an indefinite amount of time.

Trust anchors incentives can and often do change.

Humans— The Original Trust Anchor

As a final demonstration of trust anchors let’s talk about humans.

Humans for thousands of years have used each other as trust anchors. It’s no secret, Mankinds evolutionary success is predicated on our ability to build strong community bonds. That’s what we do. Through shared language we share knowledge and information about the world around us.

An interesting phenomenon observed in human networks is Dunbar’s number.

Dunbar’s number is a suggested cognitive limit to the number of people with whom one can maintain stable social relationships — relationships in which an individual knows who each person is and how each person relates to every other person.[1][2] This number was first proposed in the 1990s by British anthropologist Robin Dunbar, who found a correlation between primate brain size and average social group size.[3] By using the average human brain size and extrapolating from the results of primates, he proposed that humans can comfortably maintain only 150 stable relationships.[4] Dunbar explained it informally as “the number of people you would not feel embarrassed about joining uninvited for a drink if you happened to bump into them in a bar”

Dunbar’s number represents the ceiling for how many “intimate” relationships we can maintain in our social networks. I understand it to be the number of people we can reasonably communicate with on a regular basis to collect information about the world around us, which provides value and enriches our individual lives. It’s goes without saying, the world is a confusing and dare I say dangerous place and we leverage each other to “die less” in this hostile environment known as Life.

My personal hunch is our brain is hardwired for this average number (150) because the amount of bytes/bits contained in spoken word is very finite. The speed in which information can be communicated via sound and contextually processed, without the aid of modern technology, is astronomically low in contrast to our global networks of information matching the speed of light i.e. fiber optic cables.

For millennia Mankind has been faced with these trust anchor limits.

Distributing The Cost of Risk Analysis — Non-Zero Sum Games

But, one has to ask “Why?” do trust networks exist to begin with?

Trust networks, then, consist of ramified interpersonal connections, consisting mainly of strong ties, within which people set valued, consequential, long-term resources and enterprises at risk to the malfeasance, mistakes, or failures of others. (Trust and Rule | chapter 1, kindle loc 336)

A concept that intrigues me tremendously is the idea of non-zero sum games.

In other words, what’s the most cost effective method for creating win/win situations amongst the largest group of people.

Situations where participants can all gain or suffer together are referred to as non-zero-sum. Thus, a country with an excess of bananas trading with another country for their excess of apples, where both benefit from the transaction, is in a non-zero-sum situation. Other non-zero-sum games are games in which the sum of gains and losses by the players are sometimes more or less than what they began with.

Perhaps not surprisingly to many (who may have similar ideals) is the belief and understanding the Ethereum blockchain, a Universal State Management System, has a high probability of being the the 21st Century’s leading candidate for creating the world’s most robust digital system for orchestrating complex and nuanced zero-sum games, due to digital constructs like tokenization and other methods of quantifying abstract units of value.

I earnestly believe technology like Ethereum’s blockchain is going to help usher in the beginnings of a new cultural evolution, because of it’s capabilities to augment core building blocks of human evolutionary patterns.

The evolution starts with a network of trust anchors i.e. a Web of Trust.

Trust Anchors Help Reach Objectivity- The Why

I’m of the opinion the world is subjective. We live in a world of 1’s and 0’s. Something is either On or Off. A statement is either True or it is False.

Do. Or do not. There is no try.
-Yoda | Jedi Master

The role of a trust anchor is to help align people’s reality. To provide a shared frame of reference. To present the facts, and only the facts. The world is constantly shifting around us — it’s hard to keep up with everything.

By relying on trust anchors it’s possible to reason about the world. Faster.

Distributing Costs Across A Network. A Web of Trust.

For example, as it stands many companies and organizations have to perform KYC/AML services in on a case-by-case basis. It’s a costly and repetitive process.

How many millions, perhaps billions of dollars are being “wasted” due to duplicated identity verification efforts? And not just wasted and we can’t do anything about it scenario, but wasted and we have the technology to introduce cost saving measures… 🤷‍

The Emerging Web of Trust via Existing Networks

As I stated several weeks ago, it’s my personal opinion, due to the economic incentives and general direction of the blockchain ecosystem over the course of the next 1–3 years (security tokens and traditional financial instruments) lawyers, networks of lawyers and large law firms will be the likely first candidates for establishing an initial Web of Trust.

These physical trust anchors (lawyers) are already embedded in the current networks capitalizing on blockchain technology. The relationships exist. Demand is constant.

A potential (it’s still an assumption) is the Ethereum blockchain will be the forcing function for the world’s first robust Web of Trust, because a vast majority of companies launching services on decentralized blockchain still require KYC/AML services.

For example centralized exchanges, initial coin offering and distributed applications like VirtuePoker all require identity verification. Unless companies want to stay completely in the “shadows” and entirely decentralized, there is simply no getting around current rules and regulations… yet 😏

Why Lawyers & Legal Firms Will Usher in the Web of Trust Era

It’s likely security tokens will be the next wave of innovation on blockchains.

As demonstrated with ERC20 tokens and initial coin offerings (ICOs), the blockchain provides new and interesting ways to raise capital. That’s likely to continue in 2018, 2019 and 2020 IMHO. The “collectibles” craze and ERC721 standard, while interesting for digital games, will also probably start to impact tokenization of assets outside of games as well.

More global resources are committed to securities and financial instruments. Not digital collectibles. That trend is not likely to change.

Businesses want to lower costs.
That will catalyze innovation and disruption.
Decentralized identity will disrupt existing systems with cryptographic instruments that can distribute costs across entire ecosystems.

Lawyers and law firms are in a prime position to establish themselves as trust anchors in these emerging self-sovereign identity paradigm.

Ok… but what does becoming a trust anchor actually entail?

Let’s imagine a Large Law Firm (let’s call them LLF) has correspondence with 1,000’s of individuals each year. Whether that’s to help with business licenses, legal assistance, and/or other legal services… I don’t know I’m not a lawyer.

During that process someone or something is verifying the identity of the person receiving legal services. Perhaps review of a passport, driver license or even financial statements from a bank. It doesn’t matter. What’s important is verification of identity is being performed… but not saved.

Cha-ching 💸business 💰 opportunity 🤑people!

Law offices aren’t currently setup to start issuing globally recognized attestations. Why would they be? Decentralized, self-sovereign identity is still a very new concept and it’s likely no-one has productized an application atop these emerging cryptographic protocols.

That’s likely to change.

Verifying identities and issuing digital verifiable credentials, that live with the user will become a standard business services in the years to come. Because businesses can disperse the cost of KYC/AML services across the entire ecosystem, and it’s always a goal of businesses to lower costs, it’s not a matter of IF, but rather a matter of WHEN?

Sovereignty is given back to the individual because strong 🔐 cryptographic systems power the underlying protocols. Businesses 🏛can decrease operation costs, because of economies of scale applied to entire networks of trust anchors.

The question remains “Who will seize this opportunity first?”


Establishing networks of trust is woven into Mankind’s DNA. We are a species of community and coordination. We navigate this risky “Game of Life” by leveraging each others knowledge about the world around us.

We build trust networks. And we anchor each other in reality.

For 1,000’s of years we built networks of trust via family, friends and our local communities. Overtime we learned to outsource trust to centralized agencies and large organizing entities, so we could more easily make inferences about truth and non-truth.

Today, we stand at the next frontier.

Establishing a global, highly optimized Web of Trust powered by a network of properly aligned trust anchors to help achieve Mankind’s ultimate goal of creating vast networks of non-zero sum games to participate in the “Life, liberty and the pursuit of happiness.” game.