How can we communicate with each other on the Internet so that we know each other when we want to be known, yet can have privacy or anonymity when appropriate? My brief notes from April 2018 Internet Identity Workshop (below) still feel relevant a year later.

If we believe that a particular person is trust-worthy, to trust their digital representation, we somehow need to identify that some bits that travel across wires or air actually originate from that person.

In today’s Web, we have a network of trusted authorities, typically my social network or email provider creates a relationship with me and I prove my identity with a password. The challenge is that they also house all of my personal data — could there be a way for me to identify myself without making myself vulnerable to the whims or errors of these companies? New models are emerging.

  • Mobile Drivers License: British Columbia and U.S. Commerce Department’s National Institute of Standards and Technology (NIST) have funded development of a new kind of digital ID. Folks are working on ways to validate the identity and “claims” of an individual. This is not just for fraud detection. It also potentially protects the privacy of an individual, in contrast to a traditional drivers license, where I must reveal my home address while proving that I’m over 21.

  • Decentralized Identifier (DID): a standard way for individuals and organizations to create permanent, globally unique, cryptographically verifiable identifiers entirely under the identity owner’s control. Sovrin Foundation Whitepaper

  • With blockchains, every public key can now have its own address, enabling a decentralized self-service registry for public keys.

  • Trust without shared secrets. In cryptography we typically share a secret which allows us to decrypt future messages. But the best way to keep a secret is not to tell anyone. We can actually verify a secret without knowing it. Zero-knowledge proof

  • Object capabilities. In the real world we have physical objects that we can transfer for very specific authorization (e.g. a key to your car) whereas digital keys must be kept secret to avoid replication — what if authorization were couple with objects in the digital world. Some basic examples illustrate the framework, discussed further in false dichotomy of control vs sharing.

Full notes from IIW 26: PDF Proceedings, wiki

More about IIW

The Internet Identity Workshop (IIW) gathers experts across the industry to solve this particular question. People share their understanding of the problem and potential solutions in this unique unconference twice a year. I always learn unexpected and useful technical solutions, and more importantly gain a deeper understanding of this challenging problem of identity.

When Leah Silber reached out about my speaking at EmberConf, I was reluctant. I’m not doing much front end work these days, and the last time I looked at Ember was long ago when Yehudah Katz and Tom Dale held a feedback session for a very early version of their work. I changed my mind after an asynchronous text conversation with Leah, and listening to Yehudah talk about their work.

Attention to detail

Making software feel effortless isn’t effortless. I was impressed by the EmberJS team focus on backwards compatibility and agility, as well as the impressive performance of glimmer components. They were doing the kind of important, detailed work that doesn’t easily fit into a sound bite.

I told Leah that it reminded me of the work we do at Bridge Foundry, where significant positive change is composed of so many small actions. Leah echoed back all my feelings in her concise reply: “Reality is boring and full of hard work”

As I prepared for this talk, I realized that I don’t actually believe that reality is boring. Reality is messy and difficult. I thought about the hardship of when my kid was a toddler, of crumbs and sticky i-dont-even-know-what-that-was, being so bone tired all the time and also the wildflower in the kitchen and that moment of sun shining through the window casting a shadow on the wall that was so beautiful and I might not have noticed if not for a three year old that noticed everything.

So when I listened to the 2016 talk where Yehudah said that “instability is a drag on innovation” (Stability without stagnation, slide 5), I realized that we need to talk more about the people who are slowly and steadily fixing the broken things in this world. I was reminded of my colleagues in the government, both the techies who served a limited term, and the folks who dedicate their lives to service.

Small fixes to big problems

In the closing keynote for EmberConf 2019, I spoke about the parallels between the work of building (and fixing) software systems and the people systems that seem to rule our lives.

This talk was very much in the context of the Ember community, in honor of their hard work making good software that works well. I hope my words will inspire new voices to tell their own stories about what works well, of their own moments of mundane heroism or those they witness.


Below are some notes that I prepared in advance, that aren’t exactly what I said, and some things that I cut from the talk, since I always have more stories I’d like to tell.


At EmberConf 2019, Yehudah Katz in the opening keynote talked about the decisions we make, about how they encode our values and communicate to the world what we truly believe. Later in the day, Melanie Sumner talked about the things we choose to put in our software that no one asks for because we’re professionals.

We write tests and structure our websites for accessibility because we want our software to work and we choose frameworks that make our work easier. We choose to use the tools that give us power to move fast and make great things.

We live in a world where hype eclipses reality. You know how it goes… that new shiny thing that was invented yesterday makes headlines. Often when we put in the effort to make software that works well that doesn’t sound so exciting.

Maybe you have experienced that time when some heroic team worked weekends and nights to deliver in time and save the company, maybe you were even on one of those teams, I know I was, and at the time, sometimes I didn’t notice another other team that delivered solid code on time with no fuss. These days I think a lot about what we consider to be heroic.

Heroes are born through the stories we tell. We have the opportunity to define what we consider to be legendary. We each can decide what we value, the stories of success that we choose to tell.

Reality is messy. Designing and building things that are easy to use and work well is hard. It seems like people don’t want to hear about all the boring details. I’ll tell you a secret. The details aren’t boring. It’s just sometimes we need to work inside a broken system, or one that isn’t finished yet…. Reality is awesome, but things are little broken right now, things we see on the news, on twitter, things I can’t find in the Ember docs…

I joke, but sometimes it’s hard to know what to do.

Sometimes I just feel like reality is broken. This isn’t what I signed up for. This isn’t how they told me it was going to be… but I’m all grown up now, and I’ve picked up some techniques I’d like to share, about how we can change the rules

Today I’m going to share a few stories, a few details that I consider epic. And with these tales, I will share a very basic story of software engineers doing the thing we know how to do. Solving problems, shaping reality into something usable and practical. Because the world needs our skills.

Additional Notes, things I didn’t say

Abstractions make something more easily consumable — what are the essential things, or in a different context, the essential things?

What is success? have I adopted the mannerisms of the patriarchy? “Step forward, step back”

Do your homework! “This entire black history month has been like a terrible sociology 101 class where no one did the reading.” — Clint Smith

Alternate Conclusion

You’ve heard a lot of people here on stage say things. I’d like each of you to think about the stage upon which you live your own life. Each one of us has the power to change the world. In fact, we have no other option. With every word and action, we make change.

The world is pretty strange right now. People are divided. People are frustrated. No matter what side you are on, living in the world today, I think we can all agree that reality is broken. However, small actions can build on each other. Our presence has ripple effects that we rarely consider.

Who has the power to create this reality we live in? As it turns out, we all cooperate in making it so.

In a recent article, Peter Franklin draws a parallel between capitalism and Tolkien’s Lord of the Rings mythology, likening Facebook, and social media in general, to the rings of middle earth — powerful rings gifted by Sauron, Lord of Mordor, to the leaders of middle earth, secretly influencing them, binding them to darkness, and increasing the power of the dark lord.

There’s a larger concept in this mythology about power, which does not necessarily imply evil. The artifacts and tools that we create have power and purpose. In our modern world, open data and open source software can be powerful forces that create positive impact. With open source software, freely distributed libraries and applications influence behavior, affecting properties of the systems that rule our lives. By making certain things easy for other software developers, one small piece of code can have outsize effects on unrelated commercial software. Open and easily accessible datasets can create positive economic impact that can be more evenly distributed than investments of capital.

If you don’t know the story, or if it has been a while, you can catch up on the lore, reading Tolkien Gateway’s background on the Ring Verse or listen to Tolkien reading the Ring Verse on YouTube.

Tolkien’s reflection on power

Tolkien’s ring mythology aptly illustrates that to exercise power, one must give it away (and risk losing it), which he explains in one of his letters. Dr. Rhona Beare’s correspondence led Tolkien to elaborate on the rings of power as a mythical representation of power or, in his words, potency:

The Ring of Sauron is only one of the various mythical treatments of the placing of one’s life, or power, in some external object, which is thus exposed to capture or destruction with disastrous results to oneself…

a mythical way of representing the truth that potency (or
perhaps rather potentiality) if it is to be exercised, and produce results, has to be externalised and so as it were passed, to a greater or less degree, out of one’s direct control. A man who wishes to exert
‘power’ must have subjects, who are not himself. But he then depends on them.
— 14 October 1958 [1]

Whether it is capital investment, the intellectual property of source code, knowledge that you have collected as data or a small golden ring, you can amplify your power by giving it away, but then you must rely on others. Like Frodo, we can all exercise free will in deciding what to do with the power we are given. Destroy the ring, keep the elven chain mail shirt, go adventuring or enjoy our home in the shire. We decide.

[1] originally published in a booklet, later in The Letters of J.R.R. Tolkien, pdf)