Projects
![]()
No projects found
Investors
New
DAO Treasuries
DATs
Lend / Borrow APRs
Chains
Categories
Spaces
Let's talk Geeq ID
Recorded: April 17, 2025 Duration: 1:03:24Space Recording
Short Summary
In a recent discussion, experts explored the launch of Geek ID, a revolutionary identity authentication solution designed to simplify user verification across platforms. The conversation highlighted trends in fragmented security systems, the decline of user trust in current methods, and the potential for partnerships and fundraising opportunities in the evolving landscape of digital identity management.
Full Transcription
Það er það er það. Hey, everyone.
Hey, Elon, is that you?
This is me.
Okay, great.
Hey, John, how's it going? Good, how about you?
I'm great, I'm great, thanks.
Stefanie is also joining, I assume?
She's trying to, she's got her phone in her hot little hand, so we'll see.
Let's give it a few more minutes for people to join as well in the meantime.
Okay. Thank you. you're very evocative
all right while we wait for Stephanie, I guess we could dive into it, John Lund, as well.
Because as we don't have a guest speaker today, Stephanie had the idea to talk about Geek
ID, the identity authentication solution, basically, from Geek.
Okay, sure.
Sounds great. authentication solution basically from geek okay sure sounds great before we start i'm wondering
if somehow the uh spaces time was confused because it's very odd that they're no one else is here
you know like the spaces are every thursday at 8 p.m utcTC. So that shouldn't be...
I don't know.
I've noticed there's a lot of people listening in afterwards, though.
Okay.
Okay.
Well, so let me sort of start maybe and see if I can give a high level.
So, as you know, I work at Vanderbilt, and we have an IT group there, and they're constantly changing the approach.
So as you know, I work at Vanderbilt,
I think that somebody has tried to give them religion about the necessity of security. I think they're getting messages
from the general counsel's office and the IT group.
And it's just a lot of people with different stakeholders,
with different demands, different priorities.
And it doesn't really seem that there's any central control
or our vision there.
I have a YubiKey, which I use.
And I could also use XeroAuth or Google Authenticator
or something like that to get in.
And that took trouble to set up.
And every time I log into one of their services, I have to go through Duo and then another authenticator.
And often I have to go through Microsoft because they're also trying to integrate with Microsoft 365.
So the upshot is it's a mess.
it's a mess. It's stupid. And I'm not even sure how they're sharing credentials across
It's stupid.
things because we also have Oracle. We use Oracle Cloud for a concourse, for travel and
so forth. So it's a fractured mess. And everybody has slightly different systems and they're kind of bubble gum and duct tape to put them all
together. And it just takes endless time and it's ridiculous. And I really don't know,
you know, what I'm doing. And I can't really imagine Vanderbilt as a very clear idea of
who's using their systems. So that's, I don't know the Vanderbilt is particularly bad, they
might be. But I have a feeling this is true a lot of places.
And the more that you have to integrate with other people, if you have clients you have to get into or government agencies you have to go to,
again, you have to somehow relate their authentication and permissioning networks to your own.
And so even if you manage to navigate that and keep your credentials straight,
there's not really a cross record created.
My boss wouldn't know, for example, that I went and filed my payroll taxes with the IRS, they would hope I did, but that would be on a
different system, it wouldn't be something that was integrated into accounting, except, you know,
explicitly and especially. So, so we have fractured systems, we have credentials that are spread all
over the place.
And it's hard to keep track of.
So you know that what's going to happen is that a fraction of people are going to write
their password on a post-it note and put it at the top of their computer or use the same
password every time.
Or if they get a phishing email, they're going to think, oh, my God, I did something bad,
and I want to cover my tracks. And they'll click on it and hope they fix the problem before anybody
finds out about it. So it's just a system that's complex and set up to fail. And so the way I think
about this sort of as a general idea is that if something is not transparent,
it's not clear.
You know, I don't know that I'm doing the right thing if I can't understand it.
So it's got to be simple.
It's got to be the same step every time.
It's got to be something where there's an interlock, where I know that I've done the
right thing.
I know that I've done the right thing. I know that I've authorized the right way.
And if it's appropriate people to check me, they they're able to check me.
So what we have now is is a disintegrated mess that you keep on patching things onto because we keep on seeing new vectors of attack.
keep on seeing new vectors of attack, because you're just
climbing higher in the tree as the lion jumps higher and higher.
So it's kind of a losing proposition.
And it's also very expensive.
So the upshot is that I think we're on an unsustainable path.
And there are too many failures that we see.
Stephanie just showed me a very sophisticated
phishing attack on Twitter.
She can share it with you if she would like to.
But the idea is that a phishing email came
and because of the way that the public infrastructure works and the
way that you get verifications that people came from the right place, it doesn't actually
guarantee that people are who they say they are.
It just guarantees that certain things came from a particular website and not who they
are or why there are what the
website means. And if you even managed to go to the trouble of checking the signatures
on emails and, and texts, which I guess don't really have signatures for the most part,
even then, the way that these this was verified, everything looked correct,
except it was verifying the wrong thing.
And unless you're really a security expert,
you wouldn't have been able to see
that what was being correctly verified
as right signatures and so forth,
effectively said, this is coming not from Google,
this is coming from somebody else
who's trying to steal your data.
And I promise you that's true because the keys verify that that's true. But it doesn't tell you that
that's what's verified. So it's really not very useful. So that's where we're starting.
We feel like we need something that is elementary, can be understood by ordinary people and and does a
better job is something that is that is not trying to build higher walls as the cannons get more
powerful something that is that it's durable and and permanent so so i'll stop for a minute that's
that's uh that's sort of the setup of what we're trying to do.
All right.
Maybe Lon also have something to say about Gig ID, maybe?
I just wanted to echo what John said.
And in terms of experience, I'd be curious if the group,
whoever's here, would chime in if they felt that way.
I certainly have similar experience where there's lots of different authentication systems and it's kind of a mess.
Yeah, I mean, I just don't know that I'm doing right.
And, you know, I use a password service and I've got, gosh, I don't know.
I must have 400 passwords, all of which are high security. They're, you know, suggested to me,
none of which I could ever remember, but, you know, it's just, it's, it's far too many credentials
and they're all trying to authenticate that it's me. So it's, you know,'s like, I've got 400 nicknames, you know, I'm this guy, I'm this guy,
I'm this guy, but no, I'm really just me. And you're asking me to remember all of my,
all of my various passports. And it just seems crazy. So,
John, not to complicate it too much, but I just throw in, in my use case, sometimes I want,
I don't want one site to know that I'm the same person that another site knows me as.
So there are cases where I kind of want to just to have less things out there that can connect me.
I'll use a different user ID and use a different password.
So sometimes you do want to have kind of more than one,
but GeekID also allows you to do that.
Yeah.
No, I agree with you completely.
We had a conversation earlier, I think, in which, you know,
the idea is that we would like to have identities that we put on
specifically for a purpose.
You know, my identity when I go out
and have a drink with the boys is not the same
as my identity when I'm trying to give a paper at conference.
They're different people.
And I'd be happy to keep those things separate.
You know, the problem is the other conversation
we had last week is that all of these auth systems
are trying their very hardest to break that.
Because you may have a different user ID, but they're fingerprinting your computer and they're looking at your IP address.
And soon they'll be using AI to figure out if the way that you type in your password or your keystrokes or your whatever services you're using are similar to the last time you came in and then try to link that across sites. So, you know,
even there where you're, you're,
you're keeping different IDs putatively to for privacy,
the authentication services are trying to break it for security.
Yeah. I've absolutely seen that.
And simple example is when I, I go to my Apple TV, I use YouTube, but I don't log in.
But somehow it gets a lot of the same things in my regular feed where I am logged in.
So it's definitely observable.
It's very creepy.
I wasn't eavesdropping, I promise.
Just lucky guesses here. um yeah my wife is
a little paranoid now whenever we say something and you see an ad about it it's like who's listening
in now yeah no i mean i can't imagine having anything that was voice activated in my house
or really anything you know that home automation sounds really cool but as soon as
you do it you're going through somebody's cloud and then that means that you've let a stranger
into your house with whatever whatever instruments and and uh sensors they might have on their devices
yeah it's a funny thing actually i have i have a a friend who has a ton of, let's call it tools, built inside his home. I'm just going to say, Alexa, close the windows, Alexa, put on music, these kind of things, right?
And I told him, I'm not sure if I can live in such a home, where everything is listening in to you all the time, you know?
It doesn't feel comfortable to me, at least. No.
In fact, Amazon just changed
their privacy policy,
or I don't know if it's privacy, but basically
now they always
upload everything
from the Amazon Echo
up to the cloud.
So it's
more and more invasive, I guess.
After all, you have nothing to hide, Lon.
You shouldn't worry.
Oh, that's right.
That's right.
I think that's Eric Smith said something like that.
Yeah.
It's insane.
It's very hard to resist if you,
if you, I mean, I guess it's not.
I mean, I just don't,
I just don't use any stuff like that.
I even got rid of a Nest that I had.
It was very cool.
I loved it when it was just Nest, but then it became Google.
And no, I mean, it knows when I'm in the room.
It knows how I'm using the room.
It has light sensors and everything else.
No, I'll pass.
Well, so what is it we can do? So we're trying to reduce it. I guess there's two dimensions of what we're trying to do.
One is we're trying to reduce it to something that's very
simple, transparent, that a user can understand.
Because if it's too, it's not only that the user can use it.
To me, I think it's really important that the user
understand what the user can do., it's not only that the user can use it. To me, I think it's
really important that the user understand what he's doing. Because if not, it's easy to fish
you. It's easier to fool you. I should have an idea that when I put a key in a lock, I turn it,
and then the lock is open. And I turn it the other way, the lock is closed.
On the other hand, if I have a keypad and I push a button
and I push a sequence, I could be launching a nuclear missile
because I don't know where it's connected to.
So I want something to be clear and lockstep
so that I understand what I'm doing and what I'm committing
to and moreover for that to be provable,
for that to be something which is not just taken on faith.
So that's one.
Users should know what they're doing.
It's informed consent.
If by giving your credentials, you could be agreeing to all kinds of things,
that's just, you know, to me, that's unacceptable.
The other is going the other direction to be a little bit more ambitious.
I have these 400 identities and one correctly says that I want some of them, but most of
them are there just because you have to have different credentials wherever you go.
But this means that when I do want to have a degree
of integration or, you know, and there are times when I do,
for example, Apple users do want integration apparently
because they pay for a system that lets them integrate
their various electronic services.
Employers want an integrated service.
Vanderbilt wants me to be able to use Oracle Cloud
for expense reporting.
And on the other hand, use Microsoft 365
for collaborative work and use all of my,
send all of my official emails out over Vanderbilt IDs
that are collected and then analyzed by Microsoft
on behalf of Vanderbilt.
So having all these things integrated,
oh, and another one,
I go to Fidelity to look at investments
or the health insurance provider.
I'm coming as an employee of Vanderbilt.
I'm coming as somebody who was vouched for by Vanderbilt.
And on the other hand, when I go to a health provider, I'm going to somebody who's vouched for by the insurance company.
So these kinds of cross-enterprise activities or even inter-enterprise activities on different platforms,
or even enter enterprise activities on different platforms.
There you need to have an ability to have an identity that can be understood for what it is.
Who's endorsed it?
Who says what it is?
The health provider needs to be able to take the word of the insurance provider,
who needs to be able to take the word of Vanderbilt that I'm an employee and that they're paying for me and that the insurance company in turn
is going to pay the health provider. So all of those are promises that have to go across
enterprises. So, you know, again, authenticating myself to my health provider doesn't do any good
because I'm not gonna pay him.
He has to know who it is that's gonna do the pain
and that I'm in fact the person
that it is gonna be paid for.
And obviously, if we have more complex private enterprises
where I'm invoicing and have customers
and have to have supply chain and all that other stuff.
Well, in that case, there has to be collaboration across enterprises. And in that case, we have to have supply chain and all that other stuff. Well, in that case, there has to be
collaboration across enterprises. And in that case, we have to find who is this person in a
different enterprise? And what is his status in a different enterprise? And can I believe that giving a person authorization and permissions on my system,
on the hope that they are in fact the buyer for one of my customers,
that's very risky.
So I really do need to know that the people that, you know,
I don't really need to give people authorization.
I just need to be able to work with them.
And I'm working with them on the basis of credentials
that are supplied by other users.
And so it's kind of stupid that I'm
trying to provide local credentials on the hope
that who's ever at the other end of the internet connection
is who they say they are.
It's going to be increasingly difficult with AI
and other kinds of attack vectors.
I don't know.
What do you guys think?
Stephanie, you should talk.
Yeah, I asked her for a request,
but I'm not sure if notifications are working properly, actually.
I'll speak until Stephanie jumps in.
I think these sort of cross-enterprise concerns are really interesting. It's just a really interesting area to explore
because everyone wants to subsume everything into their one system.
But just as John explained, it's just not possible
because you have all these different vendors
that need to be tied together,
let's say in his example with Vanderbilt,
but that's certainly true with other businesses
where they have multiple vendors
and they need to know your identity across those vendors.
So I think it's kind of an unsolved problem as far as I know right now.
Except for us.
We solved it.
Yes, yes.
The other thing I was going to say is I think in the world where agents are really active and out there on your behalf,
I think that that's another use case for us.
So if you have an agent that has an identity and then you've granted it permission to do things across different vendors or enterprises,
then that, that identity binding is, is really important there as well.
Yeah. Right.
And, you know, to explore your idea of partial identities, you know,
if I had an agent, let's say, that's going out and trying to find,
I don't know, a vintage bowling ball or some crazy thing that I happen to want,
I don't really want the world to know about my unhealthy desire for vintage bowling balls.
But I do want my agent to be able to search and negotiate.
I also don't want people to say, oh, that's that guy that is addicted to vintage bowling balls.
And so therefore I can raise the price.
And so therefore I can raise the price.
So if I could provision my agent
with effectively a letter of credit saying,
you don't really need to know who this guy is.
You don't need to know anything,
except there's a credit provider that has a credential
that you believe that promises to give up to $100
at the request of this completely anonymous agent.
And that's all you really need to know.
I mean, I don't really care who's buying the bowling ball as long as they have the money.
So that's a sufficient identity that they are a holder of a letter of credit.
And again, that's something that requires a separation
between me, my agent, and even my financer.
There's no reason to connect them.
We just have to know that there is some other agent
vouching for my agent who is working for me,
which is not a thing that anybody else needs to know.
Hey.
There she is.
Hi, hi everyone.
Hey Robbie.
Your mic is both working too.
Unbelievable.
I've been battling it all this time.
So I wanted to pick up on that, John, if I,
forgive me if I'm repeating what you all have been talking about,
but what you just described is a chain of authorizations that originates from you and goes to the agent in some kind of private way.
And then from the agent who carries your line of credit, you're able to complete the transaction to whoever owns the bowling ball.
But is that correct?
Yeah, yeah.
Yeah, and you can do that through Geek ID's sort of verification
at each leg of the way, right?
at each leg of the way, right?
You can provision the agent,
and then the bowling ball lady can check out the agent.
So it's kind of restricting things to one line segment
of verification at a time.
Well, I should tell you, you're spoiling it.
You're giving...
Oh, I'm sorry.
I'm trying to build dramatic tension here.
I'm sorry.
I'm sorry.
Okay, so I'll stop.
I'll stop.
But the point in my mind is that that is different from what you were describing at the top of the hour, which is that somebody,
you have to go to Vanderbilt and then Vanderbilt vouches you for somewhere else, then that
somewhere else goes back to Vanderbilt.
So there's always this, it's a triangle rather than the thing that I'm not going to say.
Well, so I guess I was trying to make a separation. triangle rather than the thing that I'm not going to say.
Well, so I guess I was trying to make trying to make a separation. I'm saying on the one hand, things should be simple
and transparent because and they should be they should be based
on a clear foundation because it's not users are going to be
easily spoofed there's because they're not going to understand
what they're supposed to do. So the system needs to be easily spoofed because they're not going to understand what they're supposed to do.
So the system needs to be comprehensible in just a very few steps so that I know what I'm supposed to do and I know what I did when I finished doing it. And that was my complaint about Vanderbilt.
I don't really know. I'm going to a site. Well, really, am I supposed to go to oracle to do this thing and and you know it's
i i'm being shunted to a site but i really don't know that i'm being shunted to the right site
i think i think i see a lot of familiar people here thank you everyone and they know
a lot of familiar people here thank you everyone and they know because they know
us quite well that we stand for simplicity and I'm all in favor of
getting rid of the garbage in our lives that make it complicated so okay so
next point John it one of its not simple because that's just opening a way for people to get fooled.
The other is that it's to be more ambitious on the other end to be able.
One reason that things keep breaking is they keep on.
There are these sort of bailing wired together, these taped together solutions that are trying to get interactions across platforms
and across enterprises because you're having to share data,
you're having to share activities and share work
across platforms and across enterprises.
And that's fundamentally limited
by authorization, identity identity and permissioning.
If I don't have that locked down,
that I'm just opening up attack vectors.
And you have this very clear dilemma between lock it down
so you don't get screwed on the one hand,
and on the other hand, make it unusable.
If you make it unusable, you're totally secure. But the more usable you make it,
the more likely it is that somebody is going to break in and take advantage.
Well, that's before our invention. I mean, I'm not going to go to somebody and pitch them,
get screwed or make it unusable.
Well, no, no, no, no. But I mean, that's what you have to do with the current systems, because I've got this complicated authorization system, and you've got one, and somehow we have
to talk to each other. But that means I'm not going to let you into my system, because
why would I show you my permissioning table? That's an incredible security breach. So we're
playing a guessing game. You know, are you sure you are? Maybe. Yeah. No, I think this leads into a topic that we need to build toward a different day.
We're talking about Geek ID.
No, it is.
Geek ID, come back to me.
No, this is it.
Wait, the interoperability is an issue that we stumbled across last year when I was doing
issue that we stumbled across last year when I was doing a deep dive into healthcare. And
a deep dive into healthcare.
the fact that they were trying to be interoperable data systems was driving me crazy because all
they were doing was punching holes in their firewalls in the name of interoperability.
You know, and that was a bad thing that there was a huge healthcare ransomware incident last year to change
healthcare that shut everything all these connected systems down for months
so we have a solution to that but that's not what we're talking about today I'm
coming back to you what are we talking about so here what's what's the basic solution? So the basic solution is, so let's talk about this idea
of a public key identity.
See if I can make this simple.
So here's a way to envision it.
Suppose that we're in a bazaar.
There are thousands of us running around,
and we don't know who each other are because we're just anonymous faces. We've never seen each other.
But I have to go to a stand and I have to have to make an exchange. I've got to get some gold and and because I'm owed it by my by my employer, I walk up to the to the to the to the banking table and I say, let me have the gold.
Well, how is it that that guy can identify me?
And here's effectively what public-private keys are.
So in this bazaar, it's right by a big cliffside.
And on this cliffside, there are secrets written.
There are puzzles, there are riddles, let's say. So,, the banker knows the,
the riddle that his client is supposed to answer.
So whoever knows the answer to how tall is a duck,
that guy will be allowed to have the gold.
Everybody knows the riddles because they're written up there in common.
So we see them on the cliff side, You know, how tall is a duck?
What color is a shoe?
You know, all of these riddles up there.
So the riddles are public.
We all know them, but I'm the only one that knows the answer to the ones
to the one that belongs to me.
So I walk up to the table an anonymous face out of thousands.
The question is asked, and I give an answer. And only I can give the correct answer because
only I'm the only one that knows the correct answer. And as soon as I do, magically the
riddle changes and the answer changes. And again, I'm the only one that knows the answer to the new riddle. So this is a way where we can point together at something which is public and say, there is the riddle.
And you only get in if you can answer it.
And anyone can do that.
that you know so the banker can do it the baker can do it the riddles are public and so if you
So the banker can do it.
The baker can do it.
The riddles are public.
know that you're supposed to deal with uh with an employee of of uh of the sultan you know then i am
the employee of the sultan and i can prove it to absolutely anybody i don't have to have a prior
arrangement because we know the sultan's riddle. Right. But let's take that apart a little bit more to make it even more clear.
Because now you have this banker in the bazaar.
Is that banker in control of you?
The way Vanderbilt makes you have a key and you have to do all these things.
No, he's not. So that's the thing that the banker never gave me credentials.
The banker doesn't know me. The banker didn't give me a password. The banker didn't give me a riddle.
The Sultan gave me a riddle. And in fact, even the Sultan doesn't know the answer to the riddle.
You know, so I said.
I think the consultant is extraneous
to this well the point is i have an agent well if i don't have an agent if i'm it i just write
my riddle up on the that's right okay that'll work too so i write my riddle up there but the thing is
you have to know that that riddle is associated with somebody so you have to know why is that
riddle relevant?
And that's the reason I introduced the Sultan.
The Sultan will make his list of riddles and we can look at those.
Yeah, but we don't want to bring royalty into this.
Okay.
But you do need a third party to make John's point.
Well, this particular point, but I mean, we could also, I could go to the banker and say, here, I've given you, you know, a pound of gold and I'm now going to write my riddle up there
to get the pound of gold back. And so might send somebody else. You might not recognize me because
I, you know, I might be wearing a wig, but if I come to you and I answer that riddle, well, then you know, it's me.
So I can distribute these riddles to individual people. You know, I can give one to the merchant,
I can give one, you know, to the gatekeeper, I can give one to the guard at the door. So I can
make as many of these riddles as I like. And I know the answers to all of them and I'm the only one that knows the answer and and the the the miraculous thing about these riddles is that is like I say they change
public private keys don't change but the effect of it is that you can see the answer and it doesn't
matter you know I can say 12 foot 7 as the, but next time the answer is going to be different.
And so it doesn't matter if I'm overheard.
Okay. I,
all right. So this is the foundation.
This is just the way to understand public private keys that,
that they are secrets known to whoever generates the public-private key pair.
That's the guy that writes the riddle.
That's the wallet.
That's, well, no.
I mean, I keep, the riddle is public.
The riddle is written on the cliffside.
Okay, we should have done a dry run of this.
I'm sorry.
Robbie, do you understand all this?
Like I will later on.
All right. Well, no, no, no. All right. All right.
I think what I want, what I'm trying to get at is,
is there a trusted intermediary? Is there a boss,
a power that be, or is there a boss a power that be or is there a you know some way that someone else is
controlling your behavior because the answer should be no when we when we put a decentralized
system together that means that you should have control You should tell the banker when you want your money back.
And so does this differ from going through somebody
that you have to ask permission?
So this, the answer is no.
Okay, so I guess I'll stop there.
The answer is no.
The answer is no, you still have to ask permission?
No, there's nobody.
Nobody is involved but you. The key element of public pride, key element, the key element of public private key identity is that whoever is being identified generates the pair.
And so only that agent, only me, I'm the only one that knows the private key.
Now, if I want to be an agent for my boss, then I give my boss my private key and my boss
endorses it. He says, this is my loyal servant. And the loyal servant-
The public key.
The public key. Yeah. Did I say private key? I'm sorry.
Yeah.
I give him the public key. My apology. So I give him the public key. And public key, yeah. Did I say private key? I'm sorry. I give him the public key.
My apology.
So I give him the public key and now he can say or not say according to his choice that
this is my faithful servant and this is his public key and by this you shall know him
if he knows the answer to the riddle.
And so he can withdraw that.
He can say, well, that was true Tuesday, but Wednesday, nope, I fired the guy because
he's not trustworthy.
Okay.
Let's bring this to a nice application that everybody can take home to their mother.
Not sort of the details of how this public private key stuff works.
Okay.
Right. So here's how I envision it working in practice.
So like Len says, we could have multiple identities.
So I might have an identity for all my finance people,
or I might have a separate identity for my bank and one for my retirement accounts.
You can set it up any way you like because you can-
And that would be giving all your financial institutions the same public key?
You could give them the same public key if you wanted them to know you cross
platform, or you can give them separate public keys.
If you wanted to have to establish the, you know,
if you didn't want to establish a single identity.
Okay.
Either way is possible.
And all of those pairs are kept on a device.
So it could be kept on a phone, which is not my favorite way to do it, but that's pretty
secure.
I believe it's secure.
secure. So these cell phones are already set up to keep these public-private key pairs to
generate them and to do the signing that's required to show authenticity. You can do it off of YubiKey.
You can have an application on your laptop or your computer. And I'm sure there are other platforms that will allow you to do it as well.
So coming from a Web3 perspective,
which is that you don't ever want to use the same public-private key pair,
maybe ever, right?
Well, the public key is your identity for as long as you want it to be your identity.
That's why I want to make the difference.
In this case, you're talking about an identity.
In a wallet situation, you're talking about potentially revealing your account with assets in it.
Well, okay.
So there's a problem.'s, there's a problem.
There's a problem here. And that is that the identity is not a really well-defined word here.
So identity really should be thought of not as an individual, but as an identicalness.
not as an individual, but as an identicalness.
So it's, you are the same thing that I saw last time.
So if you have an account number,
then that account number is the same thing.
And so funds go into that account, out of that account,
and it may in turn be owned at a higher level
by a different identity.
But they're still just identities.
They're identities in the same way.
They're just used in different forms.
So you could call it.
My identity could be me, John Conley,
or my identity could be me, an anonymous private key,
or it could be that I have a whole bunch of account numbers
that have their own sort
of existence and do transactions and that are controlled by me. But all of those are public
private key identities. I think I'm going to ask Lund to chime in with his thoughts.
Yeah, just to clarify, I know we've been talking about a lot of different things.
So if we're talking about the blockchain, and let's say you had an account
that you've purchased NFTs, and NFTs were transferred into it, you have other things
that you're, other transactions that you're doing, that that specific account, and the private key
pair, public private key pair for that account is, is kind of an identity on the blockchain.
And it showed, and you can track is kind of an identity on the blockchain.
And you can track, you can obviously see in the blockchain what has transpired for that account.
You might have another account, let's say, for Vanderbilt, in John's example,
which is purely used for identity and not really for any other transactions. So you would most likely want to separate that from your Web3 transaction identity,
if you want to call it that.
So there's multiple uses,
but it could all be on the same geek blockchain
or it could be in different geek blockchains,
in fact, depending on where the transactions are and and uh things are checked okay so so for example i'm sorry
len that was all okay for for example i could use my identity nft to get into the bazaar that John is talking about right so I've
passed into the bazaar and I've said here's my identity I'm just a girl and
and now I'm in the bazaar and I'm anonymous having gotten through the gate
and I can put that put that account away and then
start spending out of my anonymous account right is that what we're talking
about your identity doesn't have to track you right you can really can
reprove your identity of any of your identities at any time should you want
to but but they don't I don't know who you are until I say, who are you?
And you answer the riddle.
And up until then, I don't have any idea who's in front of me.
And if you don't answer the riddle, I don't have any idea who's in front of me.
Right.
So I think that's really the salient feature is that if you use these nfts or these geek ids as an identity
and that's it and you can keep it segregated away in your own in that own particular account then
you can use that for whatever it is and start spending out of your other accounts or doing
activity out of your other accounts.
And there's no way for anybody else, particularly to link that together, to link all that private
information together.
I mean, there might be, depending upon what sort of platform you're using and what kind
of security measures you use.
But no, natively, there's no reason that anything should
be connected there's so nothing that's it so the point is that we break the ability for something
like google assuming you're not using google products to link you from one place to another
well google will still try to do it but, but you don't have to allow it.
I mean, yes or no.
We'll talk about that.
Well, Google is tough, you know,
because Google is always trying,
everyone is trying to put authorization tokens
and tracking tokens in your cookie store.
And to some extent, you you have to to a degree, because if I want to
navigate from one from one page on my banking website to a different page on my banking
website, the HD, there's no statefulness in the, you know,
so that means you don't know who I am when I ask again.
So when I ask for a new page that's privileged,
it has to come back and say, yeah,
give me your cookie to show me that you are the guy that's allowed to go.
You were the guy I talked to yesterday.
And if I do, then it sends me the page that I want.
But that's a good architecture.
Yeah.
I would just summarize what John is saying is that, you know,
there is fingerprinting, like which IP address you come in from and so forth.
There's lots of different techniques that advertisers and Google
and others are trying to connect you,
even though you're going to vastly different media properties or whatever.
So those things exist and they can tie your identity together.
But on the blockchain itself, what John is saying is there is no connection between,
in your example, Stephanie, one account that's used for identity and purely identity,
another account for transactions.
There is nothing that ties those two accounts together.
Right.
Yeah.
That would be how it's summarized.
That's right.
By the way, if anybody listening wants to ask to be a speaker,
by all means, you know, or put your hand up or something.
Let's talk about Google, though, because it's particularly evil.
Let's talk about Google, though, because it's particularly evil.
We hate Google.
Anybody that uses, you know, log in with Google, log in with Facebook.
Oh, my God.
Don't do that.
Stop that right now.
Go to your room.
It's really true.
And it took me five years to stop logging in with Gmail.
But, yes, I've gone.
I'm stunned. I don't know. My whole world has fallen apart.
I didn't know that you did that. When I was a young lad.
Okay. Well, there are many reasons not to do it. But one of them, the purpose for our conversation
here is that it's similar to the vouching that we were just
talking about you give your gmail account to whoever it is you know let's say your gaming site
and then when you want to log in the gaming site says um okay this is this g is this account really
logged in is this really the right guy and? And then Google will vouch for the fact that in fact,
you were logged into your Google account
on that particular browser session.
And so, yes, you don't have to reauthorize
with the public keys that, sorry,
with the passwords you might have gotten
from the gaming side.
So you're kind of leveraging the Google auth token
to be used in other places.
And there's other technology,
but that's enough to think about it.
But the problem is that that gives Google knowledge
of where you are and what you're doing.
And it also gives them control
over if you're allowed to do it.
You know, if they say, oh, this is a Chinese gaming site
and now we're not allowed to go to any Chinese websites
because they're an adversary.
Well, now Google can simply refuse
to ever give you authorization
to log you in with Google on those sites.
So Google is in control if you let them,
you know, have authority over your credentials that way. So that's a super bad idea. Like the
baddest of the bad ideas. Yeah, no, I was reading about this, that there are constant updates on
the sites that Apple allows or will recognize and the sites that Google allows. And
it's all this kind of game that's going on in the background that we don't necessarily know,
and they're controlling what's going on. Yeah. So they, go ahead. I would say that
I agree with everything you said.
And I think the reason that people do it is because of convenience.
They don't want to have to manage, go to a password manager and pull up a password that they can't remember.
So they're forced this extra 20 seconds or whatever it is to log in.
Or maybe it's not so bad because a customer manager can interact directly with the browser.
But in any case, people do this because of convenience.
And I think with GeekID, we can provide the same level of convenience just without the Google overlord having control.
That's right. It all comes from you.
And moreover, so It all comes from you. And moreover, so, okay. Yeah. So it all
comes from you. And you know, the other terrible thing about Google, I think I've told this story
before. My dad, when he sort of lost his, his, his cognizance, lost his Google credentials and his,
and his Microsoft credentials.
And I couldn't recover them because he tried too often and they'd locked him out.
So that means that every single thing that he had used through Google is no longer available to him or to me or to anybody.
And there's no mechanism after a certain point that allows you to do a recovery.
At least I couldn't find one.
So that's, I mean, that made him a non-person.
You know, he had all these things. And then I had to go and physically in person reestablish credentials at every place that
was really important.
and a lot of them weren't important enough.
And a lot of them weren't important enough.
Like I could never,
I made an effort to cancel his,
his internet service could not do it.
You know,
the internet service would not recognize my credentials.
Like I,
I finally just had to cut off,
you know,
the bank said,
don't pay it anymore.
And then I got letters claiming I owed them money.
You know,
but I couldn't
there's no way i could actually back out of that contract because he had no he was not a person
he couldn't cancel not allowed to actually that's a really important point and one that i like the
way you used your words there john um because you can't get canceled, right? If you have an account on the blockchain,
we think about censoring your spending
and all that all the time in blockchain, crypto.
But when you're talking about owning an ID,
an NFT ID that you give someone else a website,
then that's very interesting because now Google can't cancel my membership.
That's right. That's right.
Yeah. Or a state can't say, well, you don't have rights.
Right. So let's talk about the blockchain specifically for a minute,
because so far, really, all of this could be accomplished
without a blockchain.
All I have to do is go to whatever side I want,
establish a public private key pair with them,
and then that's my credential from then on.
The reason that you wanna use a blockchain
is that you're able to have this, you're able to establish identities that can be used
universally. So, you know, for example, Google may endorse that you are something in particular.
that you are something in particular.
You know, you are associated with a Gmail account,
but I can just throw a credential onto the blockchain,
self-signed, you know, say, this is, you know,
Fred Smith, then here's a public key.
And so then I go to my first site and I say,
my user ID is gonna be Fred Smith. There's the public key
on the blockchain. You can see it. You can retrieve it. And then I can use my private key to sign and
impress Fred Smith. And I can do that for all of my accounts. For every place that I want to be
Fred Smith, I can just point to the blockchain. There's the public key. And then I can authorize with the same private key.
And I can do that as many times as I want for any number of sites that I want.
And critically, nobody is the intermediary there.
Google does not know that I've logged into, I don't know, let's say Amazon.
I don't know, let's say Amazon, because Amazon looking at the blockchain and seeing the public key does not create any record.
That's just a look. That's a read. Nothing is recorded.
So that credential is seen, but it's seen by lots of people.
So my logging into Amazon is not visible to anybody but me and Amazon.
And Amazon is not visible to anybody but me and Amazon.
So I can sign on with one password with Google, but without Google.
I don't need Google at all.
They don't have to control me.
They don't have to give me permission.
And so I can control my identity and share it as many times as I like, and I'm totally secret in my activities on the Internet.
I think that gets back to what you're saying from the very beginning, John.
I know maybe we took a little ways to get here.
But Geek ID is, it's pretty simple.
It's really just about proving yourself
with your private key on the blockchain.
And secondly, the blockchain, as you just described,
allows that identity to be shared across vendors or entities, whether it's your school or your bank account
and whatnot, as long as you provide them the public key, then you can prove to them you're
who you are. And therefore, you could share that entity across completely different entities or
vendors. That's right.
And then you get to the second part,
the, you know, the, where it gets supercharged
because those identities,
which mean nothing in themselves
are visible on the blockchain.
You can then create composites.
So my bank could endorse an identity as this is an identity that can spend $100.
Or my school or my insurance company could say, this identity is allowed to get this service plan.
So my identity is there.
And then additional permissions can be added by endorsers through the same mechanism.
So you say, are you allowed an x-ray?
Well, here's my identity.
I'm Fred Smith.
Go to the blockchain.
And it looks like Aetna has said, yeah, this Fred Smith guy, don't really know who he is, but he's entitled to x-rays.
And we'll pay for them.
And that's provable.
So that's ad hoc, can be done in an instant, withdrawn in an instant.
Anyone can do it.
It doesn't even have to be visible who's doing it.
So it creates this flexible, composable, revocable, editable set of complicated IDs, but which are simple
to say.
I think, John, it might make sense in a different space to go into more detail about this second
point because it does open up a lot of really interesting things like, let's say, a doctor
accessing your health record um you know we've
talked about scenarios one-time password i won't go into the details here but there are ways to to
to craft uh access to data that's very secure and uh doesn't require you to get an account in that
organization to to be able to access something so just as as it's easier for maybe the next space
or upcoming space at some point to go into more detail
about this second layer that you're describing.
Well, okay, yeah, fair enough.
But actually, let me just say one last thing about it
before we finish.
The key element of this is that it's not actually another layer and that's that's the
fundamental difference in architecture so i was just reading here about uh zero off i looked at
a site it was uh octa and they described their their off zero system and their two-factor authentication
and their permissioning tables and yada, yada, yada.
Their architecture fundamentally relies
on an application layer.
So they're generating applications,
they're doing processing,
they're moving you through their servers.
And so it's an integrated system
and it can change anytime
you're counting on the security of their software, you've got to pay them. There's lots of things in
there that are vulnerabilities. Geek's identity system is a data layer. That's it. The data there
lays on the blockchain. It can be written in lots of different ways we don't control it you don't
have to pay for it you know minimally i guess just to pay for the the rent of the ledger but um
it's data and then that can be used by any number of applications in any kind of heterogeneous
system there's a language that exists um with the identity nft, but that's it. You ingest the data and then you
use it. The data means something and it's provable. So I think a data layer is simpler than a
complicated. I think that's a great point. And when I said layer, I meant conceptual layer.
I said layer, I meant conceptual layer.
I understand.
It's totally true that I'm glad you clarified that it's a data layer that that means that anyone who understands the schema is able to access the data on the blockchain without a third-party app involved or controlling things.
Which creates durability.
It creates durability and cross-enterprise, cross-platform utility.
You know, natively.
It's not something we're building in.
It's just there because that's the architecture.
Well, that's – I don't know.
Should we – it looks like that's an hour.
Should we wrap it up?
Any questions?
Yeah.
Sorry.
my mic button was not working.
I think like for,
for next time,
maybe not the next week,
like maybe in two weeks we can discuss this more in detail.
Like maybe discuss some,
some use cases as well
where a gig idea would be beneficial.
And then, I mean, yeah, we've been talking for,
I mean, John and Lon have been talking for an hour.
I think we could maybe pull this forward
towards next week.
Let's see if we can have a guest speaker next week as well.
That'd be great.
Yeah, if not, maybe we can work out some use cases
or some other topics to talk about as well,
about Geek, of course.
Okay.
Okay.
Well, sorry I talked a lot.
I guess I'd say I'm a little frustrated
because it's so freaking simple.
It works better and it's simple.
And every time I look at alternative solutions, it's just building more fragile towers that will in two years be something different because somebody will find a way to break them.
okay well I think that's an issue with the mic, but it's okay.
John Lund, thanks for joining as well for the space this evening.
UTC time, then, that is.
Ibtokad, thanks for joining.
Nuh, thanks for joining as well.
Same for Emi.
Always great to see familiar faces.
You know where you can find us if you have questions we're on telegram discord uh x um so hope to see you guys uh next week
as well thanks very much everybody thank you robbie okay take care bye everyone Bye everyone.
