.jpg)
In this episode we decode the pulse of Web3, NFTs, and AI every week. In this special AI edition, host Ron Levy dives deep into a high-stakes conversation with Phillip Shoemaker, Executive Director of Identity.com, a decentralized nonprofit solving one of the biggest challenges of our time—Digital Identity. Ever wondered why Steve Jobs called our guest just three days after joining Apple? Or why identity is at the epicenter of innovation in Web3 and AI? This electrifying episode unpacks Shoemaker’s journey from scaling the Apple App Store under Jobs to leading Identity.com’s mission of empowering individuals with secure, decentralized identity solutions. In a world where your personal data is the new currency, this episode is your ultimate blueprint to understanding how decentralized identity is the key to privacy and security in the AI era. Whether you're deep in crypto, Web3, or just waking up to the digital identity revolution, this episode will make you rethink everything you thought you knew about the future of online authentication.
Key Topics Covered:
- Why Digital Identity is Core to Web3 Security:
Phillip Shoemaker breaks down how centralized PII storage (honeypots) leaves users vulnerable and how Decentralized Identity is the key to personal data sovereignty in Web3 ecosystems. - Shoemaker’s Journey from Apple to Identity.com:
Discover how Phillip scaled the App Store from 4 to 300+ reviewers and how a call from Steve Jobs over a controversial app shaped his mission to build secure identity systems. - Real-World Use Cases for Decentralized Identity:
Learn how Identity.com’s tools offer age verification for adult content, alcohol vending, and other sensitive services without leaking personal data. - The Role of Regulation in Digital Identity:
The conversation highlights the urgent need for standardized data privacy laws and the lack of equivalent regulations protecting digital identity vs financial data. - Debunking Fears Around AI Innovations Like DeepSeek:
Phillip explains why concerns about Chinese AI systems like DeepSeek may be overstated and how technological competition ultimately benefits global innovation.
Episode Highlights:
"With great power comes great responsibility. In tech, that means making it safer for users."
— Phillip Shoemaker
"We wanted to end honeypots forever. Your PII shouldn’t live in one massive database."
— Phillip Shoemaker
"You can now prove you're of legal age with a thumbs-up from Identity.com—no data leak needed."
— Phillip Shoemaker
"Your identity is everything. Why do we regulate money more than we regulate identity?"
— Phillip Shoemaker
"We give away our personal data one convenience at a time."
— Ron Levy
People and Resources Mentioned:
- Phillip Shoemaker
- Ron Levy
- Identity.com
- Numenta
- Solana
- DeepSeek (For reference - limited info available)
- FinClusive
- Civic Technologies
- Socure
- Onfido
- TransUnion
About Our Guest:
Phillip Shoemaker is the Executive Director of Identity.com, a 501(c)(4) nonprofit delivering open-source Decentralized Identity solutions powered by blockchain technologies like Solana and Binance Chain. With over two decades in mobile tech, Phillip is renowned for building the Apple App Store under Steve Jobs, scaling it from a four-person team to a global operation. He has testified before governments worldwide on digital standards and now leads Identity.com in its mission to give users full control over their personal data in a Web3-driven world.
LinkedIn Link:
https://www.linkedin.com/in/phillipshoemaker/
Website Link:
https://www.identity.com/
Twitter (X) Link:
https://twitter.com/pbsidentity
Transcription:
Phillip Shoemaker: Hi, this is Philip Shoemaker from identity.com. We're unlocking the future of digital identity by empowering individuals with secure, decentralized solutions that put them back in control of their personal data. You're tuned into the Edge Hub show where we crack the code on Web3 and AI every week. Stay tuned.
Ron Levy: Hey, Web3 curious listeners, get ready for today's episode to find out why Steve Jobs himself called our guest to let him have it a mere three days after he joined Apple. Discover why our guest believes concerns over innovations like DeepSeek are overblown, plus a granular look at why everyone should be paying attention to digital identity as AI has taken hold. All this and more at the Edge of Show on this AI edition. Cue the intro. Welcome to the Edge of Show, featuring a variety of top-notch guests and other hosts. Today is a special AI edition, and I'm Ron Levy, and I'll be your host today. It's another production of the Edge of Company, a quickly growing media ecosystem empowering the pioneers of Web3 tech and culture. Edge of Company is also responsible for other groundbreaking endeavors like the Outer Edge Innovation Festival in both LA and Riyadh. Today's episode features Philip Shoemaker, the Executive Director of Identity.com, a nonprofit revolutionizing digital identity with decentralized verification powered by blockchain technologies like Solana. With over 20 years in mobile tech, Philip is best known for helping build the Apple App Store under Steve Jobs, scaling its review team from four to over 300 people. Now he's on a mission to solve one of society's biggest challenges, secure and private identity in the AI era, by empowering individuals to take control of their personal data. Identity.com, it's a 501c4 nonprofit organization, faced on providing, I apologize, it's focused on providing decentralized open source identity verification solutions, committed to enhancing user control over personal data. It offers secure and user-friendly tools for managing digital identities through technologies like decentralized identifiers, or DIDs, and verifiable credentials. Philip, welcome to the show. We're really excited to have you here.
Phillip Shoemaker: I'm excited to be here. Thanks for having me on, Ron. And I have to tell you, that's one of the best intros I've had. Usually people cut it really short and just say identity.com. They're focused on identity. So I appreciate all the information. It helps.
Ron Levy: Well, I put you in the category of many other guests too, and that is the word esteemed. So we need to honor that and recognize it. So glad to hear you say that. Thank you. You've had an incredible journey from shaping the Apple App Store to leading identity.com and advising blockchain startups. But let's kick things off with this. What does elevating innovation mean to you personally? And how does your work at identity.com embody that philosophy, which you've spoke of before?
Phillip Shoemaker: That's interesting. To me, elevating technology, innovation, etc. is all about putting the user first. For me, that's the number one thing we need to do. Sure, we can mine people's data, we can get access to everything we want, but To me, elevating it means making it behave better, making it work better for the user, for the customer, and the customer that often includes the data that they're putting out there on the internet. And I want to make sure that's secure, I want to make sure that's appropriate, because You know that that old line with great responsibility or great power comes great responsibility. It's a similar thing in the tech world. We have this technology to be able to make things easier, simpler, but also safer for our users and our customers. And we don't often do that. You know, a case in point, is the Juul e-cigarettes from past few years and how they really took off. It was a slick design. It was an amazing industrial design of that product. It delivered the product at a high quality and But the problem was that they didn't put any checks in place to see if the person that was using them was the appropriate age. Now, this isn't a pack of cigarettes, right? That's this non-technology thing. This is a high-tech little device that people had that easily could have verified identity and verified age, did some age gating there. But we didn't do that, right? The company chose not to do that. And to me, that's the kind of thing that we need to elevate those kind of innovations to make them easier and safer for our customers.
Ron Levy: That's why what you're doing is near and dear to my heart, because that was a great analogy you gave to show the importance of it. Those of us in AI, Web3, and all of the new technologies, we can see tomorrow a little more clearly. And if I take a moment, look back at yesterday, what I will say is, you know, Web 2, the internet, the exchanging of information, wasn't really, I guess I'll put this in the opinion column, wasn't designed for exchanging money, exchanging social security numbers, exchanging high valued information like that and funds. And I think the transition going from Web 2 to Web 3, that is one of the motivations to do that transition. And getting personal identity right and having confidence in it. It is just one of the massive puzzle pieces that has to be solved. So I know you're working on that, and I think it's critical. But if we can go back just for a moment, your experience at Apple, I mean, what an honor, building that app store, working under Steve Jobs. Describe to me a little bit how your learnings from that or what you learned there carried forward into what you're doing now.
Phillip Shoemaker: Yeah, you know, before I joined Apple, I was I was a developer of developer relations, director of developer relations at Numenta, they're an AI company. And, and I felt it was still too early for AI. This was This was 2008. And so when the iPhone came out, I just started playing around with it. My background is Palm Computing. I love mobile devices. To me, mobile was always the future. When I joined Palm in 97, to me, it was all about these handheld devices was the future. I went to, I started developing apps for the iPhone because I thought it was a revolutionary device. I wanted to get it out there. And I really love this concept of being able to have an app store. It's something I had conceived of at Palm before we decided to let a third party handle it. But Apple delivered so many things right. that I said I had to be part of this program. Now, I wasn't really looking to join this company. I was looking to develop apps for it. I developed some good apps and some bad apps, some tasteful apps and some tasteless apps. It was just exploring what the store provided. And in those early days, it took about three weeks to get your app reviewed and then approved. And so I wrote email after email after email. And finally, Eddie Q, the head of iTunes called me up and said, we need the chat. I figured it was about my app, but no, it was about asking me if I wanted to to come and interview at the company because they needed someone to run the app store. And I had a lot of unions and advice. So that process took about four months. My final interview was with Steve and his entire executive team, and they just bombarded me with questions. And so it was a wonderful experience, but it was one that I didn't really want to join Apple. I was enjoying this time off and just writing iPhone apps. And so when I did join, I knew it was a once in a lifetime opportunity to help shape this store, to help get things out. And for me, I struggled with the way they responded to me as a developer. And so I wanted to fix that. When I got there, there were four people reviewing apps. There was no director in charge of the store. And that was my bailiwick, right? That's ultimately what I had to take on. And in doing so, I learned a lot about working at Apple. I learned a lot about how to satisfy a lot of developers' needs. And look, number one thing was just listening to them, right? Nobody really would listen to developers when they had issues with the App Store. It's a black box. It still is a black box. It's hard to get your point across and hard to find the one belly button to poke to figure out how can I affect change in the App Store. And for a long time, I was that belly button, right? I was the one, and I tried to make myself out there confidentially as much as possible, talk to developers as often as possible, because we were doing a lot of things right, and we were doing a lot of things wrong. And I wanted to solve those problems. So early on, I just kept a lot of open communications with people, letting everyone know I was in a confidential position, my name couldn't get out there. Nobody could know what I really did. Because bad things can happen once you know who's gating the apps that go into the store, right? Who's stopping the fraud, and who's allowing the good into the store. And so that went on for a while. And I'll tell you, it was an honor working alongside Steve. I didn't work with him closely in the beginning. Other than three weeks on the job, my team approved an app that they shouldn't have. It was called Baby Shaker. And I got one of those calls, I mean, literally on the job for three days, my phone rings, it says it's Office of Steve Jobs. When he ultimately got on the phone, he, he gave me some short advice. And it was you're stupid, and you hire stupid people, and he slammed the phone. Now that was Steve, right? That's the way he acted on occasion. And look, I got it. He was furious because this one app, after record earnings, record announcement, our stock went down. And it was because of this app. It was an app that shouldn't have been approved. Three of my team members reviewed it and thought it was okay. And that allowed me to go in there with a heavier hand than I was originally granted to start mixing things up and ensuring that, that we did things differently in the future. And it was just a massive scale of, of figuring out the process, optimizing the processes, optimizing and, and figuring out the guidelines of what we were ultimately allowed and didn't allow. and hiring a massive number of people. So for me, it was a really interesting learning experience. It had me travel the globe, testifying in front of government authorities throughout the world, because everybody wanted a piece of the action. I flew to Brazil, and they wanted to review every app that we released on the Brazilian App Store. And we were reviewing, at this point, about 10,000 apps per week. And when I told them that, their jaw fell open and they said, yeah, we can't do that. Which is pretty much the response I got from Australia, from Germany, all the countries that wanted to get involved. But it was a really eye-opening experience to see how certain countries, you know, we're from America, right? I'm from the US. You want to release a piece of software, you just put it out there. In Brazil, there's If you want to release a book, a movie, all that, it has to go through a review process by the government. And that was really eye-opening. It's like, that government's doing what my team's doing just for this small segment of the population, right? People using the App Store. Really wild ride. And one that caused me a lot of pain because my name was ultimately outed by David Copperfield, of all people, the magician. And that up ended my life. I got hacked, stalked, SIM swapped, so many death threats, I can't count. And people waiting by my car in the evening, knocking at my door at my house late in the evening as well, just doing anything they could to get their app approved. And it really changed things. And I said at that point, it's like, This whole idea of our identity going out there on the websites and others has to change. And that was kind of what set the seeds in my mind about figuring out a better way of handling KYC and identity online.
Ron Levy: Great transition as we get into identity.com and what you're doing. 2007 was, in history, a year that was as momentous Maybe not number one, but it was up there in the top ten right it changed the world I mean I I remember where I was when I got my first iPhone the first Probably within a week maybe first days it came out, and I think there was two apps That's all there was we didn't really understand what that was and quite honestly I couldn't figure out why they had GPS in the phone that didn't make any sense to me right so it's all come very very clear at this point 18 years later and so so you were part of that change which is monstrous and And I know now you're you're part of the changes that are still to come so let's kind of move forward a little bit on Identity calm so I get the over overarching reason for it. I think we know that but there has been a you know, numerous companies that are trying to lead in that role. And tell me about your concept going into identity and what formed your mission there, and why is it a bit unique compared to others?
Phillip Shoemaker: Yeah, great question. There are unbelievable number of identity companies, even decentralized identity companies out there right now, right? As you point out, Ron, we founded this company at the end of 2018. I had a chance to sit down with the founder of Civic Technologies, Vinnie Lingham. And Vinnie and I started discussing identity, the future of identity, etc. And it was at that point, he's like, well, let's create a foundation. Let's do this. Let's create identity.com as a foundation. And let's put a bunch of money in it and see if you guys can start solving this problem. And the way we were looking, Civic Technologies was solving a similar problem. identical problem, if you will, which is decentralized identity, but they were trying to productize it. And our goal was to be behind the scenes and create a protocol that any number of companies can use, right? Think of it as a network effect. The idea was that I would onboard a variety of KYC providers, the old school Web2 KYC providers, the Onfido, the SoCures, the TransUnion, companies like that. And you onboard them, and you let them do their standard KYC, put them into this network that you can go in, change a smart contract and you use Onfido, change it again, you use a different company. And the idea was that it would easily allow us to have these reusable identities, ones that regardless of who issued the identity in the first place, you could reuse it. So, you know, those days of going to Coinbase or Binance and cracking and authenticating yourself over and over and over again, doing another set of document scans, scanning your passport for that, 18th time, and having that data uploaded to yet another site, I wanted those days to be over. The idea was, let's end honeypots forever. In 2018, we were a bit naive about what the future held, especially with regards to the financial industry and identities. But the idea was, let's get rid of honeypots. That's probably my enemy number one, still is. Because there are so many of these honey pots out there of our personally identifiable information and as soon as you have these giant PII honey pots Hackers flock to them like flies to honey, right?
Ron Levy: That's why they're called that And so I'm gonna take a quick second here just to give you my description as long as you agree with it We can keep moving on but but for our listeners benefit. I If you have one centralized location where all of our data is, all of our private data, all of our identity data in one place, that becomes a honeypot that someone wants to break into and steal. And as we know, there's been some of those that have had millions of people's data taken in that manner. what's being described here is decentralizing it. So having it live, I'm gonna use the term fragmented, that may or may not be what you mean, but fragment the data, put it in different places, so if someone goes through all those troubles to break in, they're getting a piece of information, they're not getting potentially millions of people's data. So if I've described that right, we can keep going, if you wanna adjust it, certainly do.
Phillip Shoemaker: I love it, it's great, great definition. And so yeah, absolutely. The idea is that these honeypots have your information. And look, wherever you look online, there's honeypots of our PII. That includes Google, that includes Meta and Facebook, that includes all of the cryptocurrency exchanges, unless you're using a DEX, all of the centralized ones, all the financials, all the banks, you name it. So many companies are interested in getting our PII. In diving into this in 2018, we're like, we're going to do a variety of things, create a decentralized service, which means I authenticate myself once on my phone and I store it. And when a company wants access to it, I will grant them. I will grant a specific company access to specific information like for example, one of the big things that's coming on in going on in the states right now is states are banning. their constituents access to adult websites, porn sites, right? We see that in Texas, we see that in Florida. I think 16 states have passed these laws now. And so if you go to a website like Pornhub or something like that, you won't be able to access it if you're in those states, unless they're willing to take your ID, right? Now, right now, those big companies like MindGeek that run a lot of these, or Orly, that run a lot of these adult websites, they're ignoring it. They're saying, we're just not going to grant access to our websites anymore in those states. We don't care if you want to show us your ID. We're just not going to take it. We're just not going to make it available. Now, this is a great use case for things like decentralized identity because all you need to prove, if you think about an adult website, is all you need to do is prove that you're of age. Now, you prove to our service that you're of age. And we do that by having a document on your phone, so your driver's license, your passport, whatever it is. It looks at the age, and then it does a comparison of your face to the ID itself to make sure you are the person holding the phone. And at that point, once that verification is made, we tell the website, thumbs up or thumbs down. That's it. We don't give any more information other than that. is because we don't want them, they don't need to know when your birthday it is. They don't need to know your name. They don't need to know any of this information other than identity.com attesting to the fact that you are of legal age to be able to view that material.
Ron Levy: So is it, when it's verifying this, is it through the lens then? It's not all downloaded pictures. The passport or driver's license might be uploaded, I'll say. That's right. But it's confirming it through the lens. Is that correct?
Phillip Shoemaker: That's correct. Every time you want to use it to verify yourself, like if we have another great use case of an alcohol vending machine that nobody has to sit at, you know, there's there's nobody there that's that's monitoring ages. But when you use our device, when you scan, the first thing our phone does, it pops up says, OK, prove that you're the carrier of this ID. And then you do a face scan and it verifies that you are and compares it to the driver's license says, yep, he's over 21. You can grant him access to that beer now. Now, these are really good use cases with zero data leakage, right? They don't need to know your birth date. They don't need to know your name. They definitely don't need to know your driver's license number or your passport number. No data is leaked other than what you want to come out. And that is the age, or sorry, if you're of age or not.
Ron Levy: Do you have protection for fraudulent driver licenses and passports? Is that built in?
Phillip Shoemaker: Yeah, that's built in through our KYC providers. So what we've done is we've created a system where we leverage a group of KYC providers and AML providers to be able to do that assessment as they're scanning the driver's license in. So what happens is when you download our identity.com app, you have the ability to create what we call a verified identity pass, a VIP pass. And when you do that, you scan your driver's license, front and back, or your passport. It sends it off to a backend server, one of these companies like Socurian, Onfido, and those type of companies. In our case, it's a company called Finclusive. And then they do the document scan, they verify that it has all the markers of a standard ID, that it doesn't have, that it's not fraudulent, that it has all the watermarks necessary. It then also compares all the data to backend data systems that we have through TransUnion, through a variety of companies like that, you know, the standard, uh, credit check databases. And so now it verifies that you are who you say you are, that the everything matches up on this ID and ultimately gives you a, uh, uh, it stamps it on the blockchain as a attestation that says, yes, so-and-so verified this, this passport or this driver's license on this date in this time. And that's how we, uh, that's how we do all the background checks on that.
Ron Levy: Really deep. Is that Solana you're putting it on?
Phillip Shoemaker: Well, yes, we started out on Solana and recently we have ported to Binance as well. And we're going to just start populating a bunch of the Ethereum. So that's one of the things that we have going on right now is that we are doing these ports and we're going from chain to chain to chain. We started on Ethereum, to be honest, but it got really exorbitant price-wise. that, uh, to be able to, you know, the, the gas fees for, um, for Ethereum. So we jumped to Solana, but we're back now. Things are better now.
Ron Levy: Well, then they've made some changes that allow that. So that's great. So that, I mean, that's a great sort of snapshot of what you're building and et cetera. We're going to get into more detail on that later, but right now you recently commented on. DeepSeek, right? The Chinese AI company and its potential national security implications. Maybe you can elaborate a little on why you believe the concerns of DeepSeek are overstated and how this innovation can actually benefit the tech industry.
Phillip Shoemaker: DeepSeek is an interesting problem, right? I think we're conflating a few issues with DeepSeek. One is, and that's the clarification I want to make, is that, yes, absolutely, all of these AI systems are potentially dangerous with regards to our PII, with our information, right? They monitor everything we do. And my iPhone right now has Apple Intelligence on it. And I guarantee you, they're watching everything I do in order to make the system better and to learn about me. Those are all pluses for me. But then it depends on where that data is ultimately stored. And this is where we get into the problems with DeepSeq. If DeepSeek is completely open sourced and what people are accessing online is accurate, because if you're accessing a website versus looking at the source code, you can't guarantee that's the same source code that's powering the website. So first of all, I just want to point that out. But even looking at the source code, there was proof that China Mobile was getting access to some of the queries. And as soon as you start having a CCP owned company like China Mobile, access to your PII or to any information you're typing into there, you have to start being a little bit more cautious of what you enter into those systems. For me, when I use any AI system, especially something like DeepSeek, I always ask myself, hey, would I be OK with this information getting out there? Because it will get out there, whatever you ask it, right? It will ultimately get out. Now, when you use DeepSeek, you have to ask yourself, hey, am I OK with the Chinese Communist Party getting access to all of this information I'm typing in here? And it may or may not be the case, because if you look at the source, it doesn't really look like it's happening, except for this China Mobile piece. But again, I can't guarantee that source that's been published is the same thing that's behind this website. So that's the first thing I want to say. But look, for me overall, technology and competition is so good for the world. Right. OpenAI had a lock on this with ChatGPT for a while. Anthropic came along with Claude and a bunch of other companies have. But now we're seeing more of a leaps and bounds of progress like we did with a DeepSeek. DeepSeek was able to stand on the shoulders of giants in the tech space to ultimately create something that rethought the way LLMs worked. And if you look at the way ChatGPT and these other LLMs work is they load up all this information that's ready, available at your fingertips. And DeepSeek did it a little bit different. They had a smaller one up front. And as you asked questions, it would then load and launch other aspects of the memory, if you will, and was able to reduce the footprint significantly, reduce the training time significantly by borrowing content from OpenAI distilling their databases, right? They're distilling their models, which is questionable from an IP infringement side of the world. But look, all of our data was acquired by OpenAI, our data, from online use cases. Now, whether that's IP infringement or not still remains to be seen. But look, I think overall, this is all good for the world because We are continuing to advance these models, make improvements, and we're going to be doing this and we're going to see things that are leaps and bounds of improvements. I like to say that, you know, Steve Jobs had a line, and I'm going to butcher it, but something like, Good artists copy, great artists steal. And that's basically how Apple got their start in the first place. Look at the Mac, look at the work that people like Bill Atkinson did. They invented some really interesting technologies like pull down menus. But the whole idea of these, of these overlapping windows and things like that, and the mouse, etc, was all stolen from Xerox PARC. And Apple and Steve readily admitted that. And, and look what we have now. I mean, this technology is amazing. We're going to see similar things in the AI side of the world for the next 5 years. It's going to be, we're going to have amazing progress. If you look at a company like Numenta, that I used to work at. They're doing AI that's all based on the cortical algorithm of our brains, which have got to be, our brains have to be the most powerful computer ever made. And it uses 1,100th of the processing power and the energy required to, maybe it's 1,000,000th. It's some massive amount of a lesser usage of memory and energy is the human brain. So these kind of models, as we see them come out there, are just going to radically change the world. And I don't think it's a bad thing. I think it's a good thing.
Ron Levy: It was described that what makes AI so unique in history, actually, is that, excuse me, In history, there's never been anything but us that have had the intelligence to question and analyze our own thoughts, right? Nothing in history has been able to do that until we get to AI. And I would say it's not perfected yet, but it is growing like a snowball. So that makes a big difference. And also, some of your comments made me think of General Magic. Do you know what I'm speaking of?
Phillip Shoemaker: Oh, yeah, absolutely.
Ron Levy: Yeah. Yeah. So General Magic, for those of you that don't, was a company that I'll say a predated Apple, I think I'm technically accurate, but certainly actually had images and designs of the iPhone well before Apple even conceived of it. And then Apple ultimately put some money into it. And the story of General Magic is absolutely amazing. And the people that were in it, a company that ultimately I don't think I'm spoiling it. I went defunct. Blew up very big, very fast, and I went defunct. But the people inside of it were absolute geniuses and went on to create many of the biggest companies that exist on the net these days.
Phillip Shoemaker: Absolutely. And they were the team that mostly built the Macs, right, and early Apple II products, et cetera. I mean, phenomenal, phenomenal people. My friend Bill Atkinson was one of those principals, right, at General Magic. Oh, he did not realize that. Yeah, in my book, they're superstars, right? They're the superstar engineers that I fortunately have had the ability to meet and spend a lot of time with. So I love this technology. And for me, we can learn so much from looking at the history of what happened in the past. And General Magic was a company with brilliant technology just a bit ahead of its time, right? And that's, to be honest, I don't want to keep going back to decentralized identity. That's one of the problems here is that decentralized identity is critical for the survival of our privacy and security. But it's just ahead of its time. People don't really care. They like centralized services because they're so easy. I can just use my fingerprint to log in or I can just use a face scan. And so what if Apple holds the keys to my financial kingdom? I'm okay with that because they're not going to do anything bad with it. What could happen?" This is one of those things. I still think decentralized identity is five years out, but what's brilliant about AI right now is AI is also showing us what kind of damage it can wreak in the identity space. There are AIs out there that can duplicate a passport in minutes, and fill it with information that will get through most scans, most KYC scans of most companies, and without any problem being detected. And this is one of the big problems that we have, is that AIs are able to create deep fakes that are so realistic that it's almost impossible to prove that they're not. And so we're getting into an age, a day and age, where I can't trust anything I ingest online.
Ron Levy: We've had the pleasure of interviewing a few companies that have actually developed products for recognizing fakes, and you can literally go there. For instance, if you record your personal voice, it becomes a library that if there's ever a fake of your voice and you play it against it, it will tell whether or not it's AI generator or original. And the same thing for images and the same thing for videos. So these products are out there and they're getting better and better, and they will be part of what is important to have out there. And your comments made me think of a saying that says, we give away our personal data one convenience at a time. That's right. It starts, right? Just a little bit at a time. And someone has it, and they may be good players, but they could get hacked. It's still out there, and it's really something else. getting to education a little bit. What I'm talking about is consumers. So how do you suggest that they can better educate themselves about their digital identities? There's two ways of looking at it. Those of us like you and I, we're in the business and we wanna go deep, but let's keep this at consumer level. How do they get educated without making it a part-time job to figure it out and learn how important it is and what simple things they can do to protect themselves? How do they go about going down that rabbit hole?
Phillip Shoemaker: Yeah, I think one of the things that one of the strikes against us with the identity side of the world is that in the States we flash our ID to anybody that asks for it right you go to a bar, they need to your ID, you go to look getting on a and other things, there's certain use cases. But when you go to places like bars, or you buy alcohol, or you go to a cannabis dispensary, those kind of things, you just flash your ID and they scan it onto their system immediately. And now they have a copy of your ID. Now, we're so used to flashing this ID around, we don't think that there's so much information, there's so much more information on your driver's license than is required to do the job at hand, right? To go into a liquor store, Again, they don't need to know everything about me. My daughter's about to turn 21, and I fear that she's going to be flashing her ID around and go to a club one night where she flashes it around, and the bouncer takes a picture, and now guess what? He's got everything about her. He knows where she lives, all this information. This is so ingrained that we just flash these around all the time, and it's starting to happen online as well. More and more websites are asking for more information about us, right, it might just be username and password might just be a password and an email address. But then they also want your phone number to do some sort of security check as well right to FA. Then they might need an app on your phone to do MFA, and those apps, some of them might capture more information than they need. Sometimes companies come up with their own app, authenticator app on the phone for you to use, and that app has the ability to read a lot of data about you. And it just starts growing bigger and bigger. So one of the first things you have to ask yourself when you join a website and they want you to do something like a document scan or enter your birth date or any of this other information, it's very much like what we did at the App Store, is you have to ask your question, is this really necessary for this website? And if it's not, look, I think you should push back. I think you should start talking to people, start reaching out, saying no to a lot of these things. That means you might not get onto TikTok or you might not get onto their latest social media craze because each of these guys are asking for a little bit more every single time. And we ultimately have to put our foot down and say no more. So the first thing you do is you have to ask yourself, is this truly necessary? I reference the app store. Let me tell you a story about this. We used to have dating apps. Heck, we used to have games that one of the first things they'd ask you before you play a video game is your age. Not sure why, why do they need to know my age? It's not an R-rated game, right? We didn't have those in the app store, so why are you asking for them? Then we started having a few games randomly popping up asking for your social security number. Now, there's only one reason for that, right? And that's for a privacy grab, to steal your identity, to do something naughty. And we would see those randomly as we're reviewing apps. Sometimes they put it right up in the login, right? Enter all this information, your address and your social security number. So of course, we'd reject those guys. But every time this happened, we'd have to ask the question, is this truly needed? Now, one case in point is eHarmony, right? The eHarmony app finally came to the app store, and they needed social security number. And my team, of course, rejected it. They complained. And I got on the phone with the CEO of eHarmony. And they said, look, everybody that joins, we do a background check to make sure they're not a sexual predator. or they don't have it. And as soon as you hear that, you're like, okay, it's okay in this aspect and make sense, right? And then maybe match.com will come around the corner and ask for social security number the next time and you ask them why and they're like, I don't know. And then those guys get rejected, right? And so you'd see this happening and as certain companies would get away with this, but Every time I access a website, I always ask myself, is this truly needed? Now, if it's a financial transaction, it's Chase, it's Kraken, it's Coinbase, look, they have to do this. This is legal requirements to prove that you're not a money launderer, who you say you are, et cetera. That makes sense. But in a lot of cases, that's not okay. So that's the number one tip. Number two, and this is gonna be even more painful, is you gotta take a look at some of these privacy policies in terms of service that people are just having you click through, right? Even Apple, they have an 18 page one that they want you, obviously nobody wants you to look at it, but when you start looking at these things, what they're allowed to do with your personal, with your likeness, with your photos, et cetera, is just atrocious. And I've had this idea for a while that all of these companies at the licensing screen should have a little chat GPT interface that you're like, OK, tell me what I should look out for in this agreement. Do they have the rights to do something with my likeness? publish my pictures, can they publish on my behalf, et cetera. And you can ask some of these questions of it. But look, nobody wants to put that on their website because they want you to click through so they can do whatever they want with your data. That's the second thing you need to look at is look at these terms of service. But that's a heavy lift. It's a heavy lift for me as well. It's just painful. But this is the only way we're going to stop this data overreach that we have in the world.
Ron Levy: My thought is a scoring mechanism because you are right. I mean, you could take three days and read all that legalese, which is probably what it will take. You still won't understand it because if you have three attorneys read it, they're going to have different opinions. It's just not comprehensible, right? Written by them for them. So how do you You know you get the regulators need that in there, but it's kind of useless so let's start using some common sense and Whether or not it becomes sort of rating screens that go deeper and deeper if you choose to go deeper But it gets translated into layman's speech right lemon language Something like that could work because I absolutely agree with what you said there. It's it's It's problematic. Nobody could read those things. And if I were sitting in a court of law and some attorney said, did you read the contract? Well, no, of course I didn't. You couldn't understand that. How am I going to?
Phillip Shoemaker: I was just going to say, and you're right, they don't make it easy to read it also. They put it on a little screen and you don't even have to scroll through it or take time to read it.
Ron Levy: You're not supposed to read it. And the consumers don't want to read it. The system is just broken. It needs to be rethought and relooked at from a practical, common sense point of view. But yet another story, but I just want to hit regulatory as with digital identities in general, maybe, excuse me, pardon me for that. So talk about what regulation exists now that's relevant for developing an identity product. What regulations do you see might be coming? And then also, If regulations came out and they were stringent, you could end up with a winner-takes-all in that field, which I'm never a fan of. So tell me how regulations will interplay on those three levels.
Phillip Shoemaker: Well, look, there's a variety of regulations from a state level in the US, obviously, that are like GDPR, the Data Privacy Acts. And those control what you can and cannot ask for and how you have to be able to delete the data after a certain amount of time, et cetera. And those are all interesting, but it makes doing business in the States really hard because I have to have different data storage standards here in Nevada than I do in California, which is different than as soon as I go international in South Africa or in Europe. So privacy standards, one of the first things we need is we need a national privacy standard, right? Data privacy standard. But we absolutely need something like that. Because as we've seen, if you don't hold companies, you don't hold their feet to the fire, you don't tell them what they should be doing, they tend not to do the right thing. This comment I had about Juul and not doing an identity verification or age detection, look, they didn't have to, so they didn't do it, right? And so we're seeing that. And look, we've seen that in the crypto space. I'm a big believer in self-policing. That's what we did at the app stores. We did the policing rather than having government step in and do the policing for us. I think the crypto industry should be doing that themselves, and the AI industry should be as well, but they're not, for the most part. So we need a national standard for privacy. Now, one of the other things we mentioned was this whole idea of how KYC is done, how they check the data on your identity cards, etc., compare it to backend databases, etc. You know what solved this problem? really quickly, is if we issued a digital identity to everybody on birth. If you do that, that data goes along with you over time. Imagine you get your private key tattooed on your body somewhere. But something like that, right? Some way to track your digital identity over the years. And then verifying that would be as easy as just scanning your face, scanning the document, and it comparing to the government database that stores all of this stuff, ultimately. Now, I prefer the idea of having one honeypot that is controlled by, I wouldn't say the government, but controlled by very good technology, homomorphic encryption, things like that to be able to make it easier to maintain. and having one database than the millions of databases that we have out there right now that are storing our identity. But we need a way, the government needs a way of being able to help track our, sorry, help control the spread of our identity online. And the only way to do that is through a digital identity. And so we need some sort of laws there, you know, right now, I told you this way that KYC has done, and they scan your scan your ID, you know, what's not in those databases is your face, right? They have no idea what you look like. So people have tried taping a different face on top of an ID that tends not to work because it looks different. But if you get a little fancier than that, you can pass a lot of these things as well, which just causes problems, right? And I think we need to solve this, but there's not a lot of regulation out there. The regulation that's out there for storing credit card information, for storing any sort of financial information, things like SOC 2 compliance and PCI DSS, that's rampant for securing your money. There's none of this for securing your personal identity. And this to me is bizarre because money is one thing. My identity is everything. And so for me, I want to secure this more than I care about securing my money. Now, don't get me wrong. I want to secure both. But why do we have all these standards to protect our money and protect the financial industry, but not to protect the constituents of the of the United States. Yeah, absolutely.
Ron Levy: And right. So we're closing out on time a little bit, but I want to get one final question in. And that is identity.com. Is it fully developed and functioning now? Can people go start using it? Or is it still in process of being built?
Phillip Shoemaker: Yeah, we're still in the process of building it. We have two main products right now and we're just looking for adoption. So one of them is the gateway protocol, which is what exists right now on Solana. It exists on Binance. It's soon going to be available on base. And that allows you in an on-chain way to be able to add a pass to your wallet. that says, you know, you're whatever you want it to say. Right. So for example, with a crypto casino we're integrating with, they just want to know is this person over 18, because it's an offshore casino, they only need to be over 18. That's all they need to know is are they over 18. So we'll have an over 18 pass. stored in the wallet. And so every time they access this casino, it just looks at that wallet, boom. It has to refresh annually, which is great. You could set the refresh to 90 days if you're even more paranoid, but have it refresh every year. And you go through another KYC document scan at that time. That's available right now. It's called the Gateway Protocol. It's available at identity.com. We are one of the few identity companies that's permissionless. And we have no minimums. You want to use our technology? Integrate it. That's all you need to do. And then you start getting billed as you use it. We don't have $4,000 minimums and X number of people. I think that is the antithesis of the Web3 model. But look, everybody's doing that. Every decentralized identity company has minimums except for us. And that's one of the key things, key differentiators. Then there's the tool that you store on your phone. That's called the Verifiable Credential Tool, identity.com app. And that's for something that's more for IRL type of events. So you can just go scan at a bar and the bartender gets a picture of you and a thumbs up, thumbs down that says that you're of age or not. But it's also for things like maybe you want to use a website and you just want to scan to prove that you're age gated there and they just want to put a QR code on their website. And that product is available now as well. Just slower adoption, right? Right now, you won't find any public websites that accept it because it's decentralized. And everybody I talk to, they want to mine that data, right? That's part of the reason they want all your information is so they can use it to market to you, to mine it, to sell it.
Ron Levy: And that's the transition going from Web 2 to Web 3 that we're Excited about but it is one of the things that slows it down a little bit. It's just a fact So is there any shout outs you want to give to anybody any other companies or people in the AI? industry and development that That you know would serve our listeners well to look up or follow
Phillip Shoemaker: Look, I think the biggest one, I mentioned him twice, is Numenta. N-U-M-E-N-T-A. They are a company that was founded by the founders of Palm Computing. Jeff Hawkins was always about, he's always trying to figure out how the brain actually works, the cortical algorithm. and his various books written on the subject. But they are doing some amazing thing with things called sparse matrices to be able to do faster calculations for things like LLMs, where you don't need a high-powered NVIDIA chip. You can just run this on an Intel or an ARM processor and speed things up. They're going to come out and nobody thinks about them or talks about them. They're going to come out of nowhere over the course of the next few years as they're nailing down this this cortical algorithms theory.
Ron Levy: M-E-N-T-A, is that accurate?
Phillip Shoemaker: That's correct.
Ron Levy: Fantastic. So as far as following you and what you're up to, obviously they can go to the website for identity, but how about yourself? Are you a regular poster on social? If so, what's your handle? How do people follow you?
Phillip Shoemaker: Yeah, I post a lot on X and make a lot of snide comments. No, mostly I post information about decentralized identity and security and it's at PBS identity.
Ron Levy: Great. I want to thank you, Philip, for taking the time out to do this podcast. You've been an amazing guest and I wish you luck on everything you're doing. And I consider your efforts very valuable as we move forward, you know, with this technology.
Phillip Shoemaker: Thank you. I really appreciate your time.
.webp)
.webp)
.jpg)
.svg)
