Digi-ID: A brief history
There’s no denying the first time you log in to a website with Digi-ID that this has got to be the future!
The security it provides.
The speed and ease of use.
The privacy, and protection from websites that would want to build advertising profiles from your username or email address.
It’s truly one of those “mind blowing” moments when you see it in action, that’s when you really grasp the possible impact of it!
In fact, if you’ve not yet tried it, head over to https://digibyteforums.io for a demo site and try it for yourself before reading on!
So how did it all start?
Digi-ID is awesome tech, and so I want to briefly give you a bit of insight into the history behind it.
You see, Digi-ID has been around for quite some time. It was in the original Android and iOS wallet that we were using in 2014.
For those who’ve not been around since before the end of 2017 when we released our new Android & iOS apps, this was what it previously looked like:
This is taken on my phone, in early 2019, using an old copy of the app that I managed to find. It’s the same app that we’ve had since 2014.
In fact, this Android and also the older iOS app was what the 0.25% premine went towards the creation of, a 3rd-party was paid to port them to DigiByte.
Even back then, we had Digi-ID implemented in the app. Here’s a screenshot of me going to DigiByteForums.io and it prompting me to sign the request with the old DigiByte app (hence the old icon on the left):
This has been in the app since very early on. In fact because the application was a fork of the original Bitcoin app (As was the older Litecoin app and multiple others), they too had the same code in it.
Where did it come from?
It wasn’t unique to DigiByte, because it was an implementation of BitID, originally a Bitcoin protocol improvement suggestion.
You can read a bit more about BitID in the original proposal: https://github.com/bitid/bitid/blob/master/BIP_draft.md
This was originally made public in April 2014.
So why didn’t it take off?
Also, why don’t we hear more about Bitcoin or other projects using it? Especially if it was in the original Bitcoin wallet for Android, that both DigiByte and the older Litecoin wallets are based off?
Well, we kind of do.
In fact other projects such as Reddcoin / Bitcoin Cash are also looking to launch a similar protocol, also based off BitID. There’s a bunch of other crypto projects that are also working on awesome a bunch of extra features on top of BitID, such as optionally providing your name / email address as Civic are.
In fact we’ve even seen AntumID implement this kind of thing on top of Digi-ID as an additional optional-extra. AntumID is cool because they still also support the straight authentication, as well as identification.
However unfortunately by doing all these additional things, the likes of Civic then override the elegance of Digi-ID: There is no identifying data sent as part of your authentication request.
It’s pure, and elegant in it’s simplicity, which is also why it’s so powerful.
Where other platforms may know your name, email, date of birth, address, or more, Digi-ID and DigiByte intentionally know nothing.
With Digi-ID you authenticate, and that’s all. You don’t get “identified”.
You prove that you are “you” in a pseudo-anonymous manner, and there’s nothing additional sent or needed to be sent.
This is the remarkably distinct difference between authentication vs identification.
This is what the older DigiByte wallet looked like when authenticating you:
(Note that the uniquely generated Digi-ID address was different from my address in the first wallet screenshot)
Now, one of the primary differences between the older version and the new one is the older one wouldn’t prompt you a second time to authenticate. It would keep an internal record of websites you’d been to previously and authenticated with, and would skip prompting you after you’d given it the “OK” the first time around.
The latest DigiByte wallet does not, intentionally so.
It keeps no records. This means there’s no data in the app which could immediately be used against you (Think of it like a browser history), even in the event you gave away your phone and your DigiByte app PIN.
In a world where privacy is regularly breached, this is a sobering contradiction from the usual, and one I feel needs to be highlighted more.
It is for this reason why your DigiByte application asks you for permission to log in to a website every single time, without fail. It has no record you’ve ever been there before, but, it cryptographically generates the same “random” / unique address for each site, each time. This allows you to sign in, as you, while still maintaining your privacy, because you’ve authenticated yourself but not identified yourself.
However, BitID was not the first
SQRL (Secure Quick Reliable Login), pronounced “Squirrel”, was announced by GRC (Gibson Research), several months prior to the proposal and subsequent implementation of BitID in the older Bitcoin and DigiByte mobile wallets.
In fact the author of the draft BIP for BitID even makes reference to SQRL in their proposal.
SQRL, proposed originally in October 2013, functioned basically the same as BitID. However, instead of using your recovery phrase from your cryptocurrency wallet as a seed phrase, SQRL uses an independent set of keys and an independent app.
Aside from this change, and aside from SQRL requiring an independent application that only serves as an “authenticator", it’s effectively the same thing as BitID / Digi-ID.
You can read more about it at the GRC website if you’re curious about the origins: https://www.grc.com/sqrl/sqrl.htm
In fact I would strongly recommend browsing down the page as they go over a lot of the benefits of Digi-ID as well (In the form of SQRL), compared to alternative authentication methods.
However, at it’s roots, SQRL is still just a pretty wrapper for public / private key cryptography. It’s a nice-ish looking front-end for something many people such as Linux server administrators especially have used for decades with the likes of SSH, to log in to servers remotely through a terminal session.
You can read more about SSH authentication here: https://www.dyclassroom.com/reference-server/how-to-setup-ssh-key-based-authentication-on-linux-server
Again, it’s very similar to SQRL, but, this is all automated from the computer you are logging in from, no secondary device such as a cellphone is used.
Another place you may have seen this before will be on your web browser, in fact you’re likely reading this Medium article using HTTPS (SSL):
SSL uses public / private key cryptography, any time you see the padlock in your web browser. Once again, this is just a slightly different implementation and for slightly different purposes. They’re still all built on asymmetric cryptography.
So why use Digi-ID?
Again, although Digi-ID is not a new “idea”, the implementation of Digi-ID in the new wallets is far faster and superior than previous iterations.
With the DigiByte mobile application available for Android / iOS in over 50 languages, Digi-ID support is now truly native, for a global acceptance more-so than anything else has previously ever been.
You see GRC correctly identified on their SQRL website above that there is a “chicken and egg” problem.
What comes first? People installing a single-use Authenticator application when they have no website to login at?
Or, website / service operators spending time implementing an authentication method that nobody has the ability to use?
Digi-ID by DigiByte solves this issue in a number of ways:
1 Users are downloading the DigiByte mobile apps already, for other purposes, namely to act as a DigiByte wallet. Soon they will download it to interact with DigiAssets as well. This gives us an immediate user base that SQRL never had.
2 Digi-ID is also being implemented in additional wallets, such as Coinomi, further adding to the user-base.
3 DigiByte users are reaching out to cryptocurrency exchange owners and operators as a primary use-case for it. DigiByte is on over 90 exchanges now, and many of an Exchanges customers will have access to a Digi-ID wallet through either the DigiByte app or Coinomi for Android, iOS and PC. This provides exchange owners with immediate benefits and a decent user-base to reward them for their time spent implementing Digi-ID.
We believe that the volume of websites implementing it will snowball once we have users already logging in with Digi-ID, and that users will quickly begin to ask other site and service operators to implement Digi-ID into their platforms.
It is for this reason why we believe that Digi-ID will have the greatest chance of succeeding at a secure authentication future, where others have struggled to get off the ground.
If you’d like to try out Digi-ID, head over to https://digibyteforums.io and give it a try! Links are on the website to download the DigiByte app if you don’t already have it yet too.