Is Mozilla Trying to Sabotage Distributed Identity?

The browser developer’s straw-man objections to the W3C standard raise questions of motive.

CoinDesk Insights
Oct 1, 2021 at 5:02 p.m. UTC
Updated Oct 1, 2021 at 5:05 p.m. UTC

David Z. Morris is CoinDesk's Chief Insights Columnist. He holds Bitcoin, Ethereum, Solana, and small amounts of other crypto assets.

Coin Center, the cryptocurrency lobbying group that vaulted into the spotlight during the recent U.S. Senate fight over crypto tax reporting, this week called out the Mozilla Foundation as part of an attempt to “waylay” the development of a distributed identity (DID) data and implementation standard. The Foundation, which develops the Firefox browser and is usually a half-decent supporter of internet privacy and security, filed an objection in early September to the working draft of a new DID standard being developed by the collaborative W3C foundation.

Coin Center, in an open letter this week, characterized those objections in part as “transparently irrelevant,” and more broadly warned that “a promising effort to standardize Decentralized Identifiers (DIDs) at the W3C is being waylaid by the objections of centralized digital identity providers.” The new standard would potentially disrupt centralized digital identity providers such as Google and Facebook.

This article is excerpted from The Node, CoinDesk’s daily roundup of the most pivotal stories in blockchain and crypto news. You can subscribe to get the full newsletter here.

The concept of distributed identity is fairly simple, though a bit tough to explain. At its heart is the idea that identity should be contextual online much the same way it is in real life – that you can offer different pieces of information to prove who you are in different situations. Under such a system, a wide array of issuers would be able to create identity attestations, but service providers could choose which to accept. It would create something like a free market for identity verification, without interfering with the use of “strong” forms of identity like government ID.

Among other benefits, this is a much more secure and private model than the Facebook or Google logins which currently dominate identity verification on the web. That’s in part because service providers could limit the data they see or collect based on their security risk level or specific qualification requirements. Check out CoinDesk’s in-depth explainer on distributed identity for more details.

The Mozilla Foundation’s objections to the proposed standard, though, focused not at all on the core goals of privacy, openness and security. Instead, as Coin Center’s Peter Van Valkenburgh writes, “The Mozilla objection … dedicates the vast majority of its critique to the putative environmental costs of proof-of-work mining. This is transparently irrelevant to the W3C DID standardization process.”

Objections to proof-of-work (PoW) systems on environmental grounds are widespread, but the tone of the Mozilla objection is practically inquisitorial: “We (W3C) can no longer take a wait-and-see or neutral position on technologies with egregious energy use,” it reads. “We must instead firmly oppose such proof-of-work technologies including to the best of our ability blocking them from being incorporated or enabled (even optionally) by any specifications we develop.” Burn the witch, in other words.

Environmental critiques of Bitcoin are, at the very least, still open for debate. It is strange, then, that Mozilla is taking them so much at face value as to say that PoW should be “opposed,” full stop. It is especially strange since the current DID draft standard does not even mention PoW mining, according to Coin Center, and can accommodate many data architectures.

That leads directly to the other horn of Mozilla’s objection: that because it encompasses many different approaches to data, the current DID standard “encourages divergence rather than convergence.” Coin Center argues that this objection is logically incoherent with Mozilla’s crusade against PoW: “How can the standard both be too permissive of various methods (blockchain and non-blockchain) while simultaneously too deterministic in locking the community into a particular method that, it is alleged, would have deleterious environmental consequences?”

Mozilla’s objection to the diversity built into the DID standard also seems questionable in its own right. “The whole point of DID is interoperability across different methods and therefore trust systems,” said Gregory Rocco, co-founder of Spruce Systems, creators of the SpruceID toolkit for decentralized identity. “Why do pockets of user-owned identity need to fight each other when they can just collaborate using DIDs?” In other words, the “divergence” Mozilla objects to is kind of the point.

Coin Center characterizes Mozilla’s statement as “scare tactics and hyperbole,” and it is certainly a strange and off-putting position from an organization that is usually quite intellectually honest. It will be interesting to see if Mozilla sticks to its guns here, or if insights emerge about deeper motives for its objections.

DISCLOSURE

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.