MicroStrategy, known for its bullish stance on Bitcoin, recently unveiled a new project called MicroStrategy Orange. This isn’t about fruit (although the name is catchy), but rather an orange washing of the Decentralised Identity (DID) play, with MSTR looking to build a platform on the Bitcoin blockchain instead of launching a side-chain or using a side-chain, the data for this system will be inscribed directly into the base chain.
The idea and execution of “decentralised identities” are nothing new; they were part of the marketing material that CIVIC sold back in 2016 during the ICO era. The grift saw the token market cap peak at 500 million before trending towards zero, losing 90% of its value during the bear market.
The token still trades today, and their website and social media seem active, but honestly, what they’ve done over the last eight years is anyone’s guess.
In crypto, once an idea gets old enough, it gets rebranded and repackaged. In this cycle, several key players, like Shiba Inu, Worldcoin, Polygon ID, or Ethereum Name Service, are targeting a similar problem statement. They’re just approaching it from the Web3 angle, claiming DID will give users more control over how and with whom their personal information is shared.
What is a Decentralised Identity (DID)?
MicroStrategy started dabbling in Bitcoin and Identities in April 2023 when they integrated the Lightning Address protocol. This protocol allows users to host a static address like an email address to receive Lightning payments rather than copy wallet addresses or use QR codes.
They’ve even offered this as a service to other companies who might wish to enable Lightning addresses on company email handles, and now they’ve taken it a step further by building DID software for enterprises.
But what is a darn DID?
Imagine an ID card you control entirely without relying on a central authority. That’s the core concept of a DID or, rather, what we’re being sold. DIDs are meant to be unique identifiers you can use to prove your identity online and offline without revealing personal information.
Think of them as a self-sovereign ID card that you could secretly reveal certain information about yourself when needed or prove that you are the correct person without openly revealing your details but rather an encrypted proof that can be validated by various third parties that subscribe to DID.
It would be so convenient and better at reducing identity fraud, or so we’re told, and to an extent, that might be true. However, anything migrated away from government control would be miles more efficient, so it’s a pretty low bar.
Setting aside the so-called benefits, one has to ask how a blockchain is meant to source IDs and ensure IDs are updated without a centralised third party managing the process and the various oracles involved in reading and writing to the chain and if it needs third-party custodians to add data and interpret the data, is it decentralised?
Yes, the data is decentralised across all full nodes forced to accept it on the Bitcoin blockchain. Still, the enforcement isn’t done by the protocol consensus, which comes from some third-party protocol and indexers sourcing the data.
The Problem MicroStrategy Orange aims to solve
Currently, our online identities are scattered across different platforms. We log in with emails, social media accounts, or other credentials, creating a fragmented picture.
These systems are vulnerable to breaches and identity theft. For example, if a hacker was able to get into your Gmail account because you’re using “Password123,” they would have free reign on your social media accounts and any other platforms tied to your email address.
But suppose your accounts require you to sign with proof with data anchored to the Bitcoin blockchain. In that case, it adds a layer of complexity that hackers will only get around technically if they employ social engineering and get you to sign proof, which is possible.
Have you seen boomers use smartphones or laptops? It’s not that hard; if it were, there wouldn’t be an entire industry of call centres in India relying on boomers buying Home Depot and Amazon gift cards and sending them over to them to “remove viruses” from their computers because they claim they work for Microsoft.
Companies could also use this proof; it’s elementary to purchase a domain like Micro-strategy.com and start mailing customers with the same branding and trying to get them to hand over funds, but if email clients use DID, they could easily see which emails are coming from “authentic brand domains.”
MicroStrategy Orange aims to consolidate these and many more identity-proof solutions into its platform and provide a secure, portable, and user-controlled identity solution.
The DID systems help users and corporations determine how and with whom their personal information is shared and provide a layer of security for communicating across different platforms, such as email, social media, and fintech platforms.
MicroStrategy has already built an application called Orange For Outlook on “MicroStrategy Orange,” which integrates digital signatures into emails to verify the sender’s identity.
“Today, I’d like to introduce MicroStrategy Orange, which is an an enterprise platform for building decentralized identity applications on the Bitcoin blockchain”
– Cezary Raczko, Executive Vice President at MicroStrategy.
How does Orange DID work on Bitcoin?
MicroStrategy Orange is an open-source meta-protocol that leverages Bitcoin’s blockchain to create DIDs. Similar to inscriptions, it embeds data in the chain using a Bitcoin transaction and adds this arbitrary data to the witness data. The decentralised identifiers (DIDs) are meant to allow pseudonymity in the same way that real-world identities are not tied to Bitcoin addresses and transactions.
Here’s a simplified breakdown:
- Inscriptions: Imagine tiny messages etched onto the Bitcoin blockchain. These inscriptions can store data related to your DID, like public keys for verification.
- UTXOs (Unspent Transaction Outputs): These act as control mechanisms for your DID. By owning specific UTXOs, you hold the key to your identity.
Key Features and Benefits
- Decentralised Control: Users gain sovereignty over their digital personas, ensuring privacy and security.
- Limited Capacity: The system can process up to 10,000 DIDs in a single Bitcoin transaction, making it scalable now, but what happens when batches need to be updated constantly?
- Open-source Framework: Ensures that the protocol remains transparent and accessible to developers.
- Integration with Existing Systems: The protocol is designed to work seamlessly with various applications, enhancing its utility across different platforms.
MicroStrategy has developed multiple tools to support the adoption of the Orange protocol:
- Orange Service: Enables organisations to issue DIDs to their staff.
- Orange SDK: Provides developers with the tools to integrate the protocol into existing applications.
- Orange Applications: Supports customisation on mobile and desktop platforms for tailored usage scenarios.
- Orange For Outlook: An application that integrates digital signatures into emails to confirm sender identity.
Shortcomings of DIDs (for now):
DIDs sound more promising than your old government-issued IDs; they claim to be easier to use, more efficient, and better for safety and privacy, but is that true, and is efficiency in identifying others such a good thing?
And what are the trade-offs we’re making for this so-called gain in efficiency?
Scalability
Bitcoin is a global settlement layer built to transfer value between peers, but when you add a new transaction type to the mix, you’re competing with those economic transactions for block space.
If Widespread DID adoption happens, companies having to issue new DIDs or update current DID batches will have to outbid those making transactions and opening lightning channels, which could be costly and ineffective.
There is also an upper limit to the number of DID entries you can fit in a block, and depending on the size of the data sets, managing and updating DIDs could cost a fair bit of money.
Lost Private Keys
In DID systems, you control your identity through private keys. So, what happens if you or the issuer lose those keys? Losing them means losing access to your entire digital identity.
Unlike centralised systems where password resets are possible, recovery in DID might be complex to recover with multi-sig wallet management or even impossible if the key management was borked from the start, such as using a single-sig wallet.
Security vulnerabilities
Blockchains can secure data but don’t secure reading and writing arbitrary data, and Oracle vulnerabilities still exist. If an attacker gains access to a certified oracle or a master private key that issues DIDs and manages DID updates, they could impersonate you, a company or several people online, potentially causing financial or reputational damage.
Fragmentation
Proposing a meta-protocol is one thing; driving adoption is a different prospect. Different DID standards and protocols already exist, leading to a fragmented ecosystem. This could add additional overhead to services, as they would have to talk to different platforms to recognise and accept DIDs.
Privacy Concerns
While DIDs offer control over your data, new questions arise. Users need to think carefully about the ability to put data into a public immutable ledger; perhaps you feel it’s a good idea now, but once you embed your data in the chain, there is no going back, and if you change your mind, a DID could be worse than that regrettable tattoo you got in 2004.
Deciding what information to share on your DID and with whom requires careful consideration.
Adding non-transactional data to the chain for what?
I don’t see why Orange DIDs needed to be inscribed into the Bitcoin blockchain; it seems like a rather inefficient method of data storage and achieves very little in terms of data quality and assurances for the price you’ll likely pay.
- Why do we need permanency of data that would likely change in the future or require updates?
- Why would we keep permanent records of people who aren’t with us on every node?
- Why would we want to keep duplicate records on the blockchain when some dumbass loses their keys and needs to redo their DID?
If the whole appeal is that you’re spending Bitcoin to secure this data, surely you could have done this on a side-chain; Liquid already allows for the issuing of assets through their Elements software stack and even has a whitelisting of keys, so you can always replace a DID and move it to a new key should someone stuff up and lose their keys.
An even easier way to do this would be to fork the code from those ETH DID projects and launch it on the Rootstock side-chain, and you’d still have the cost of spending Bitcoin to update the smart contracts, the backing of the network hash rate to secure the merged mined blocks.
DID’s are DINOS, decentralised in name only; they will always need a centralised actor/layer to administer and vet the data; while there can be many vendors issuing DIDs, they lose their value if any Tom, Dick and Harry can create them, so it would naturally centralise, around a few issuers.
Hence, federated side chains allow validators to exercise more control but make data available publicly and easy to verify, which is a better fit for what DID issuers are trying to do.
It also means DIDs wouldn’t compete with real economic transactions, providing them with a network with more throughput and cheaper transaction fees.
Oh, and finally, for the love of no-unilateral exit, the DIDs could give side chains something to do other than securing 1-10 transactions every block.
The ossifying narrative starts to make sense.
I hate to be one of those guys who gets hopped up on Twitter banter, but the whole ossification pitch makes much more sense now.
Okay, listen to me now, give me some rope to hang myself, but if you’re launching a product that uses inscriptions and a portion of the community is looking to actively filter these transactions out with their own Bitcoin node implementation, wouldn’t you want to prevent Bitcoin Core from adopting these filters?
I’m not pointing any fingers; I’m just asking questions. Don’t mind me; I’m not the Gigachad commanding over 200,000 BTC; I’m just a humble pleb commanding 200,000 Satoshis.
