> Does this mean that a user can use their identity on two separate sites, and those two sites can't collude to build a shared profile of the user, without the user's permission?
That's precisely what it means. User IDs will be unique for each site and I'm hoping to anonymize email addresses as well, similar to what Apple has done for "Sign in with Apple". Some companies might be required by law to collect some PII but in that case their needs will be vetted before.
> Does the user have to choose a specific server to be involved in all their identity interactions? If the server stops working, does the user lose their identity?
I'm currently building this as a centralized product so no, there is only a single server maintained by us. I'm mostly concerned with building a great product but the prospect of decentralized, verified identities is also very interesting. I'd love to see what that could look like!
> Also, is it possible to create an account without a phone (or rather without a SIM, since those are often tied to real identities)? Does your proposed system assume that people can't register multiple identities (using multiple phones) if they wanted to?
The current product is in the form of an app so you will need a phone but you won't need a phone number (or SIM). An email address is currently required though.
My current system assumes one identity per person but it's fully possible to have multiple devices which acts as that identity. This might change depending on regulation though and is not set in stone.
If you have any more questions I'd be happy to answer them!
Thank you for those excellent answers. I do have a couple more questions if you are interested:
> [companies'] needs will be vetted before.
Is the plan that a single entity offering this centralized product will control not just which users are allowed to have identities, but which companies are allowed to access users' IDs? Presumably there is a somewhat costly process to vetting companies and their requirements, so would companies pay a fixed amount to cover this vetting process, or pay more based on the level of personal information they hoped to receive from users?
> the prospect of decentralized, verified identities is also very interesting.
What type of verification do you imagine being necessary or available for user identities?
> The current product is in the form of an app so you will need a phone but you won't need a phone number (or SIM).
Are there any technologies specific to phones that mean this couldn't run as a web app instead?
> My current system assumes one identity per person but it's fully possible to have multiple devices which acts as that identity.
So if you can install multiple copies of the app on your (Android) phone, you could have multiple identities on the same device?
> Is the plan that a single entity offering this centralized product will control not just which users are allowed to have identities, but which companies are allowed to access users' IDs? Presumably there is a somewhat costly process to vetting companies and their requirements, so would companies pay a fixed amount to cover this vetting process, or pay more based on the level of personal information they hoped to receive from users?
That's the plan, yes. The current pricing structure is to let companies pay a monthly price per active user. They would not be able to pay more to get access to more data. As this is early stages, I'm not sure what the vetting process will look like yet. It's mostly there to ensure that the the data the companies request are actually needed for their core business and will not be used for tracking. For example, a company can only request the legal name of a user if the law requires them to know it. This might be true for a bank but not for a dating app.
> What type of verification do you imagine being necessary or available for user identities?
The verification we will be performing is at the level required by some laws, for example Know Your Customer (KYC) and Anti-Money Laundering (AML) laws. Our goal is to make Pass suitable for fintech companies which have quite stringent requirements. I can also see lighter forms of verification being good enough for other applications, like the Web of Trust model used by PGP.
> Are there any technologies specific to phones that mean this couldn't run as a web app instead?
Yes. Many modern phones have a built-in Hardware Security Module (HSM) which can be used to store and use asymmetric keys securely. Browser storage can't offer the same level of security currently but there have been some interesting developments which might change this, for example WebAuthn.
> So if you can install multiple copies of the app on your (Android) phone, you could have multiple identities on the same device?
I can't really answer this right now as I'm not sure which way we'll go. It will depend on what regulations require and what we can achieve in terms of verification.
That's precisely what it means. User IDs will be unique for each site and I'm hoping to anonymize email addresses as well, similar to what Apple has done for "Sign in with Apple". Some companies might be required by law to collect some PII but in that case their needs will be vetted before.
> Does the user have to choose a specific server to be involved in all their identity interactions? If the server stops working, does the user lose their identity?
I'm currently building this as a centralized product so no, there is only a single server maintained by us. I'm mostly concerned with building a great product but the prospect of decentralized, verified identities is also very interesting. I'd love to see what that could look like!
> Also, is it possible to create an account without a phone (or rather without a SIM, since those are often tied to real identities)? Does your proposed system assume that people can't register multiple identities (using multiple phones) if they wanted to?
The current product is in the form of an app so you will need a phone but you won't need a phone number (or SIM). An email address is currently required though.
My current system assumes one identity per person but it's fully possible to have multiple devices which acts as that identity. This might change depending on regulation though and is not set in stone.
If you have any more questions I'd be happy to answer them!