Inventories, Not Identities

Why multisigs are the future of online accounts

Kei Kreutler
GnosisDAO

--

This essay is the first in a Gnosis Guild series by @keikreutler bridging cryptonetworks, web3, and gaming. The second essay is A Prehistory of DAOs: Cooperatives, gaming guilds, and the networks to come.

Join the Gnosis Guild Discord today to continue the conversation.

Inventory screen from Cruelty Squad by Consumer Softproducts. Via https://www.are.na/edouard-urcades/inventory-body.

The internet has an identity crisis.

The web came of age with the social platforms of the 2000s. While these social platforms created new forms of connection, in many ways they disappointed the early vision of the web as an open jurisdiction. While establishing norms for how we individually represent ourselves, social platforms also, in part, dampened the imagination of a pseudonymous web. Along with other promises, the web suggested itself as an experimental prosthetic, through which different forms of identity could be explored, and individuals or groups could choose pseudonymous identity.

Today, instead, we see social platform monopolies like Facebook enforcing a real-name policy, which insists individual users register with their legal identities. The platform also discourages names with “too many words, too many capital letters, or first names that consist of initials.”¹ From the “Nymwars” to a German court ruling Facebook’s enforcement illegal, the issues raised by social platforms defining legitimate identities are not trivial, and there is more at stake than we may think.

Whether it’s the enforcement of legal identities, platform lock-in, or more implicit social norms, the logic of individualized identity was baked into web 2.0. With the advent of web 3.0, we have a chance to do things differently. Ultimately, web 3.0 identity will revolve around questions of privacy, portability, and ownership. Beyond such clearly contentious issues, we still have the ability to imagine more, with a reinvigorated array of tools in our hands for thinking through identity. One of these tools is multi-signature accounts, which are accounts that can provide identity collections for individuals, groups, or organizations. Embracing more than the normative individual as a fundamental unit of account, such a paradigm could better serve the creation of resilient, accountable, and mutualistic institutions leading into the twenty-first century.

In this light, our accounts of the future may look more like inventories, less like identities, but the future is not yet set. To get there, we’ll first have to dive into the present.

The Identity Stack

The narrative of ownership is integral to decentralized financial technology. Traditional online bank accounts represent balances as numbers stored in a centralized database, which can notionally be withdrawn or exchanged for goods and services at any point. As the story goes, this requires placing trust in a banking institution. Blockchain protocols plus private key cryptography or other wallet solutions introduce the ability to have full possession of digital assets, without having to trust a third party. Hence the terms “self-custodial” or the more culturally pervasive “self-sovereign” rose to popularity to describe ownership over digital assets.

In the same way that digital assets can be self-custodial, many people present blockchain-based accounts as a way to “own” your identity. The impetus for self-custodial identity, however, is not unique to crypto culture, and it can be seen in earlier, ongoing initiatives such as the Decentralized Identifiers (DIDs) project by the W3C. There are two ideas at the core of decentralized identities. One is that subjects have private control over their identifying data and can grant, revoke, and share partial access to it. While not necessary for its implementation, a corollary to this idea is that subjects can use such an identity standard as a universal login across platforms. Early examples of the latter include Mozilla’s Gravatar project. It is clear that such an approach to identity did not become the dominant paradigm², and our online identity stack is in need of urgent renewal against creeping ubiquity of corporate sign-ins.

Blockchain-based accounts are one potentially well-posed solution to the needs outlined above, offering self-custodial data and universal login. Today, creating an Ethereum-based account does not require entering any personal data, and a subject may create an unlimited number of accounts, each represented by a unique address. The tools used to create Ethereum-based accounts are often referred to as wallet applications. The most popular among them, such as the Metamask wallet, allow you to connect to Ethereum applications and even some web 2.0 platforms like Discourse forums.³ When you connect using a wallet application, however, that wallet application is actually providing a range of services: functionally, you are simultaneously invoking fund management, identity (cross-platform address), and a profile (on-platform history) through one software account, whereas previously on web 2.0 platforms, generally each of those functions pointed to a different service.

Whereas web 2.0 platforms constituted a subject’s identity through appeals to services, web 3.0 constitutes identity through self-custodial pointers to the protocol layer. (Thanks to Toby Shorin for the initial inspiration for this diagram.)

Even further, what could serve as an identity within an application can be provided in multiple technical formats through a blockchain-based account. An identity could be the unique address of the account (such as a hex string or a human readable ENS address like ourmachine.eth), a function the account can execute, or tokens the account holds. For example, one could imagine a blockchain-based account holding a decentralized identity token, containing metadata such as name, avatar, email address, and affiliation, to which access can be granted, revoked, and shared partially.

Left: Mockup of DID token held in Gnosis Safe Multisig; Right: DID Identity Schema with Verifiable Credentials

There are already implementations using NFTs to provide decentralized identity by the important and pioneering 3Box team, and today, ownership of ENS names like ourmachine.eth are represented by transferable NFTs. Furthermore, by using verifiable credential tools such as zero knowledge proofs, a subject can verify they possess personal data without having to publicly reveal it. In short, this wide range of possibilities means web 3.0 “wallets” are actually a very powerful identity regime, and we must think carefully about how we wield them, especially as the distinction between financial applications and social applications fades.

Ultimately, what the narrative of self-sovereign identity misses, is that identity is always inherently relational, defined in relation to environment, authority, and self. The idea of owning one’s identity begins to appear an oxymoron. There are important projects like CirclesUBI (built on Gnosis Safe contracts), BrightID, and others that provide a relational web of trust solution for decentralized verification of unique identity. Essentially, these projects allow subjects to signal they sufficiently trust another in the context of the application, producing a network of identities linked by varying degrees of connections.

CirclesUBI trust network on October 17, 2020 via CirclesUBI engineer Sarah Friend

It’s worth noting that Ethereum-based accounts provide an implicit web of trust model, because by default, an address’ network of transactions are public, which means that analyzing a private blockchain-based account’s transactions could reveal its owner’s legal identity. In this model, it means that a subject’s privacy is still a function of their network’s.⁴ For this reason, it may prove culturally important to approach web of trust solutions as producing unique identities situated within networks, rather than global identities by default, in order to retain contextual flexibility between public and private data in identification regimes.

While not guaranteeing anonymity, pseudonyms are one key component to preserving this flexibility. In the 2019 talk The Pseudonymous Economy, Balaji S. Srinivasan makes the case that rather than a binary, pseudonymity sits on a spectrum of public and private identity. Occupying the middle ground between Facebook’s real-name policy and 4chan’s posts without accounts, platforms like Reddit and Twitter are home to many pseudonymous accounts. The key quality, here, is that these accounts display persistent pseudonymity. While remaining private in some aspects, a persistent pseudonymous account’s previous actions can be observed on the platform and accumulate public reputation over time. This takes the form of Reddit’s karma or Twitter’s follower count. Although, especially in the case of the latter, these metrics can signify notoriety as well as credibility. In his talk, Srinivasan suggests a separation of concerns between real names, earning, and speaking. We can see this trend already with finstas or Twitter alts, in which multiple accounts stand for different evocations of legal, economic, and speech activity. While in large part Srinivasan offers this model to buffer social networks from ad hoc retaliation, other core cultural arguments can be made in its favor.

Since the web has never been separate from “real life,” it is a primary site for identity formulation. In Being Your Selves: Identity R&D on alt Twitter, Aaron Z. Lewis explores how an ecology of pseudonymous Twitter accounts differentiate, integrate, and extend notions of self. This is also the case in massive, multiplayer online games, in which not only younger generations but millions of people come to relationally define themselves through such platforms, and this trend will only become more widespread as the $90 Billion gaming industry continues to grow. The identities created within these worlds, however, rarely resemble their legally recognized counterparts. Rather than an escape from self, alt identities “teach you that your legal identity is also a kind of mask — an ever-evolving ‘montage of loosely assembled parts’.”

When approaching web 3.0 identity, we can choose to enable an assemblage of needs dependent on the accountability requirements of different contexts.⁵ Along this spectrum lies the idea of persistent pseudonymity, for which blockchain-based accounts are particularly apt through providing a public, pseudonymous, and cross-platform address that displays its actions over time, what Shreyas Hariharan calls on-chain reputation. What we need, then, is a technical stack that supports not an identity, but a collection of identities to navigate the highly varied contexts of web 3.0.

Multi-signature Accounts and Composable Identity

Multi-signature wallets have become important infrastructure for blockchain-based accounts. They are accounts that can manage funds, display digital collectibles, and interact with applications, which, as their name suggests, have multiple keys as owners, and they can require multiple key signatures to confirm a transaction. Keys can be other wallet accounts. While typically described as requiring M out of n signatures, this means a multi-signature wallet can be configured to require a custom amount of confirmations for each transaction, such as 2 out of 3 signatures, 6 out of 10 signatures, or even, like a typical private key-based wallet, 1 out of 1 signature.

In a 2/3 multi-signature account, after 2/3 key signers confirm the transaction, the transaction is executed.

This modularity becomes extremely useful in different contexts. In the case of self-custodial wallets, the story of the person who lost their private key and therefore access to their funds is ubiquitous. By using a multi-signature wallet, the risk of losing a private key can be minimized. If a user’s multi-signature wallet requires 2 out of 3 signatures, and they lose access to one of the private keys used to confirm a transaction, they still have not lost access to their funds. In a group context, a small organization or a larger organization’s leadership could have each member represented as a key owner on the multi-signature account. To confirm a transaction, a simple majority of signatures may be required, thereby having an organization’s general governance process supported by code.

For example, multi-signature accounts allow cooperatives to hold resources in common, and their bylaws can be easily supported by a multi-signature account’s intrinsic features. To allocate resources to a new venture, a vote by cooperative members with simple majority in favor may be required. If each member is an owner of the multi-signature account, a transfer could be executed if a simple majority of the total owners confirm it. Even further, members of an organization can delegate their votes to other members or delegate even to other organizations represented by multi-signature accounts, easily allowing for liquid democracy voting schemes. With multi-signatures as a primitive for cooperatives, we have the basic blueprint for a revitalization of new mutualistic institutions in a peer-to-peer context, including mutual funds, mutual credit systems, and mutual insurance. Today, multi-signature accounts are already widely used for collective profit-sharing.

Screenshots of the Gnosis Safe Multisig used for UNI Grants, a grants program supported by the treasury of Uniswap, the popular decentralized exchange on Ethereum. The grants committee functions as a 4 out of 6 multi-signature account.

Multi-signature accounts provide collectives especially impactful leverage even in less traditional settings. While the imaginary potential behind decentralized autonomous organizations (DAOs) blooms wildly, one straightforward way to describe them could be voluntary associations in favor of digital cooperativism. Most popular blockchain-based applications today have some form of token governance through a DAO. In practice, this looks like using voting tools such as Snapshot for a project’s token holders to vote on proposals about the project’s development, communications, and resources. Usually, these funding resources are held in a multi-signature account such as a Gnosis Safe Multisig. When a project’s token holders accept a proposal by vote, the owners of the project’s multi-signature account can execute the proposal. For example, highlighted in the screenshots above, the UNI Grants multi-signature account will send funds held in the multi-signature account to development teams whose grant proposals have been accepted. As is the case with UNI Grants, most DAOs’ multi-signature accounts are controlled by multiple keys owned by a project’s leadership, community representation, or, as more tools for decentralized execution of vote outcomes like SafeSnap are available, no one specifically, which allows for anyone in the community to execute a proposal’s transaction. Because they support transparency, modular permissions, and collective ownership, multi-signature accounts have become the operating system for DAOs.

Diagram by Lea Filipowicz and Beth McCarthy

Put in more traditional terms, multi-signature accounts can be explained as a form of joint bank account. Markedly, as anyone who has set up a joint bank account for an international company may be aware, rather than several months or more, such accounts take less than 60 seconds to create, and they are borderless. Yet multi-signature accounts offer far greater customizability than joint bank accounts. For example, in addition to features like standing orders, Gnosis Safe Multisig allows co-owners to set granular signatory rights, program any arbitrary transaction, and interact directly with any decentralized ecosystem application through its interface. A suite of modular financial (and beyond) tooling becomes immediately accessible, and the Gnosis Safe Multisig begins to appear more like a platform than an account. In today’s ecosystem, the Gnosis Safe Multisig is already used by several projects underpinning the decentralized web, allowing users to maintain a DAO-owned Radicle repository for decentralized code collaboration, sign up for the mutual credit system CirclesUBI, and fund public goods on Gitcoin.

Mint and Split

The Gnosis Safe Multisig also becomes a showcase for decentralized culture, enabling collectives to display their NFT art collection from Rarible, SuperRare, and other platforms and to split profits from their collaborative work.

NFTs displayed in a Gnosis Safe Multisig.

Supporting a wide range of use cases, blockchain-based accounts are manifold in their function, acting authoritatively as wallets, identities, and beyond in one platform. Since multi-signature accounts presuppose groups or identity collections as their primary unit, we have an interesting and as of yet underexplored form of composable identity in our hands.

Composable identity approaches identity as inherently relational, providing modular tools for individuals, groups, and organizations to present themselves within technical systems. The language around composable identity on web 3.0 is still evolving. In a recent essay The Future of Wallets, Billy Rennekamp breaks down the often convoluted, technical problems blockchain-based accounts are trying to solve: private key management, application interface, and transaction management. Rather than trying to be a panacea to three complex technical niches, Rennekamp proposes wallets should assume the model of account coordinators, “The Account Coordinator’s primary goal is to keep track of which keys have which capabilities on which networks. [It] should allow you to audit the interactions you’ve had on each application while preserving a coherent sense of self.” Rather than technically managing an account, it provides an overview of a collection of accounts. While it’s possible tomorrow’s wallets will be able to competently combine specialized protocols to address the three problem areas, taken in a cultural context, the account(s) coordinator looks similar to the proposition for composable, collective, and pseudonymous identities, and it moves it into the next space. Rather than identities, on web 3.0 we may have inventories.

Inventories in the Metaverse

An early metaverse? Giulio Camillo’s Theatre of Memory (1519–1544)

Another name for web 3.0 could be the metaverse. First coined in 1992 science fiction, the term metaverse initially referred to a persistent virtual reality in which humans interacted through avatars. While it’s not everyone’s favorite term, it has recently returned to more mainstream conversation through figures like Matthew Ball, a venture capitalist, media strategist, and blogger with analyses like The Metaverse: What It Is, Where to Find it, Who Will Build It, and Fortnite and the five-part Epic Games Primer. Such invocations of the metaverse focus on its most obvious frontier: massive multiplayer online games. One can see the role of web 3.0, however, in one of the core attributes of the metaverse cited by Ball:

Offer unprecedented interoperability of data, digital items/assets, content, and so on across each of these experiences — your ‘Counter-Strike’ gun skin, for example, could also be used to decorate a gun in Fortnite, or be gifted to a friend on/through Facebook… Today, the digital world basically acts as though it were a mall where though every store used its own currency, required proprietary ID cards, etc.”

What we will see with the metaverse is not merely one persistent virtual world but interwoven many, that will increasingly merge with the whole of the web. Rather than the typically depicted spatial realm accessible only by headset, the metaverse will be a recognition of how digital sensoriums are already embedded in our mundane experience. As it stands today, many multiplayer games capitalize on the locked-in sale of skins, customization for players and their gear. As the metaverse’s terrain becomes recognizably coextensive with our own, it becomes likely that platforms which allow asset portability from one game-world to another will, perhaps counterintuitively, more likely thrive, as they can access more of their player’s life, and in return, a player can port their Caves of Qud loot to a space station in High Fidelity with the same narrative grace of meeting old friends in the back of a crowded bar. Underpinning this “unprecedented interoperability” will be web 3.0 accounts, because they bring persistent and unique identity to persistent worlds. Even beyond supporting interoperability, web 3.0 accounts are the likely candidate for navigating the metaverse because they offer wallets, identity, and login functions in one platform. Within this portrait, web 3.0 and, in particular, multi-signature accounts begin to function much more like in-game inventories, which hold not only assets but identities as assets, complete with cross-platform and cross-game narratives. These identities can be worn like clothing suited to their platform, and their accountable reputation follows them. These identities, also, can be cooperatively shared.

“Someday: Fund Management → Inventory Management” via @flowerstructure

“At the heart of the internet’s psyche,” as strategist Jay Springett says, “is the raid.” A term used by guilds in massive multiplayer online games like Eve Online, the raid is usually a collective action by a group of players to accomplish a goal. In Eve Online, it could be looting another guild’s resources, or in the recent case of $GME, it could be a subreddit trying to short squeeze a hedge fund. Whereas multiplayer game guilds have, in the past, had to bootstrap methods for distribution of resources gained in a raid or, like the clans of Fortnite today, start companies, multi-signature accounts provide accessible infrastructure for coordinating groups from the start. Multi-signature accounts become the inventory primitive for guilds, squads, and decentralized autonomous organizations, allowing them to collectively hold, steward, and distribute resources from one co-owned account. Having a shared multi-signature account means that creators can easily split profits from cryptoart or govern an NFT that opens entire digital worlds. These resources are not confined to the strictly financial, but extend to collective stewardship of avatars like Lil Miquela, headless brands, digital collectibles, RPG characters, DACs for ecological systems⁶, and XR experiences, and allow multi-signature squads to rapidly deploy the potential cultural influence of major media studios or even political action committees.

Illustration from Octavia Butler’s Adulthood Rites: Xenogenesis 1988 Edition

At their core, multi-signature accounts enable composable identity on web 3.0. When we approach identity as an inventory holding multiple contexts, we can expansively navigate the highly varied use cases of a peer-to-peer web, and reimagine what we are. By reevaluating identity in our technical systems, we can also fundamentally remap agency in the political sphere to come.

This essay is the first in a Gnosis Guild series by @keikreutler bridging cryptonetworks, web3, and gaming.

Join the Gnosis Guild Discord today to continue the conversation.

Many thanks to Other Internet Peer Review, Toby Shorin, Callil Capuozzo, Aaron Z. Lewis, Laura Lotti, Jay Springett, Arthur Röing Baer, Bryan Lehrer, Sam Hart, Billy Rennekamp, and Beth McCarthy for their feedback in developing this essay.

[1]: https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy.
[2]: The Ethereum Blockies and Identicon patterns appear inspired by earlier initiatives such as Mozilla’s Gravatar project.
[3]: Tools like Cryptoauth enable users to log in using Ethereum addresses on web 2.0 platforms using OpenID Connect bridge. Another notable protocol, WalletConnect aims to establish an open standard for web 3.0 accounts to connect with decentralized applications.
[4]: It’s important to note that, often at odds with public perception, Ethereum accounts do not have private transactions, meaning that by default an account’s history of transactions is publicly accessible. Additionally, account creation is still subject to network and application layer concerns regarding anonymity. On a technical level, this is where tools for transactions with increased privacy like Tornado Cash become essential for the Ethereum ecosystem, and other consensus protocols like Nym and Zcash provide promising alternatives for private transactions.
[5]: This paradigm, also, offers a return to culturally approaching the conversation on privacy through developing a definition of power within cryptonetworks. To paraphrase an early cypherpunk ethos, anonymity could be inversely correlated to power within a network, or the more power, the less anonymity.
[6] The web 3.0 identity stack will be critical for determining how ecological actors are represented in technical systems. This will be the topic of a later essay.

--

--