I have long said that urbit's killer app is bringing trust to the network age. But that doesn't mean that everyone, everywhere, can use a 'trust but verify' model of computing for their digital interactions. For those that don't yet have access to verified computation (zk or otherwise), trustless verification via publicly available blockchain technologies is the most readily available infrastructure for solving the double spend problem (which is a viable proxy to the trust problem).
In the legacy State-power world, the double spend problem is largely solved by the State--as some amalgamation of government, managerial bureaucracy, and gov-aligned megacorps--and it is manifest in two formats: Money, and Identity. Duplication of either of these information formats is punished swiftly and without question.
In meatspace, The State uncompromisingly controls the primary instantiations of money and identity, but both have competition from private markets. Instead of central bank currency, private actors issue things like airline miles, company town scrip, or Starbucks points. Instead of government issued ID, private actors issue identifiers such as school IDs, access badges, or event tickets. These resources offer some benefit (such as discounted fares or goods, or specific limited access) over the higher level money/identity, but at the cost of limited breadth of functionality. You could even call them "app specific rollups"
L1 blockchains are the State of the internet. They are the organizations, technical stacks and collectives of users who have used the asymmetric advantage of digital encryption to project power into cyberspace the same way that nation states used the tribal nature of humanity to amass and project power in meatspace. As this new State forms to better enable digital-first/only interaction, it must take on the legitimate functions of legacy institutions (hopefully while returning some power back to the individual, of course). These decentralized organizations are getting pretty good at handling the money function (transaction cost reduction concerns notwithstanding, but the concepts are there). But when it comes to identity, the ngu
of the money side of things seems to blind the first principles thinking that made Bitcoin such a foundational success.
The tools most usable to create the foundation of digital identities, NFTs, have been wound up in 10K PFP projects and million dollar pictures of rocks. It is only Urbit that has done the necessary work to make NFTs into a viable tool for identity, and that is by attaching a Turing complete computer to the digital asset. This difference is critical, because something that has an identity must be able to act. A bank account is not an identity. A rental car is not an identity. If an entity cannot act, it cannot have an identity. There is more to this, i.e. identities are not identifiers, but suffice to say an identity is instantiated as a mechanism in order to interact with a network, and the layer at which that mechanism lives is important.
Urbit's identity layer currently exists in two places. In part, it is available on Ethereum within the Azimuth smart contract (which can be found at azimuth.eth), and that on-chain state plus the state of the naive L2 rollup, is available inside the azimuth.hoon
of each urbit on the network.
So what is the state of identity ownership in the network? If you ask urbit core devs, the 'canonical' state of Azimuth is that which is in each ship's azimuth.hoon
. There are good reasons to say this. For example, the source from which a ship receives the state of Azimuth itself has always been optional (with a sane default set to azimuth.eth for typically available distributions of urbit) and so every ship is free to 'misinterpret' the state of the address space, but that is somewhat akin to a bitcoin node misinterpreting the state of the blockchain--the only person it 'hurts' is the one with a misunderstanding of the truth. When trying to understand ownership of a given urbit identity from within urbit, there is no incentive to cheat or otherwise misunderstand (from your own ship) who owns a given address or what their networking keys are. And, given that Layer 2 identities are still cryptographically owned by their private key holder, it is impossible for someone else to lie to you--if you have your urbit running the default version of azimuth. It just doesn't confer any benefit to try to cheat within the network. As your highschool gym teacher may have said when you fudged your sit-ups, "the only person you are cheating is yourself."
So, in a world where everyone has an urbit, and where everything is running on an urbit with a complete view of L1 and L2 identities, the state of azimuth in your ship can be relied on for all sorts of stuff, because all parties involved have calculated and verified the legitimacy of state transitions. But even those of us who are urbit maximalists must realize that, at present, Urbit is not the meta network. Thus having the identity layer of the system accessible from outside the system is of material benefit to both users and the network as a whole.
It is for this reason that I am a strong proponent of the #l1masterrace. Don't get me wrong, I understand the benefits of the L2 rollup (reduced gas costs, specific onboarding UX affordances, hiding the complexity of Ethereum from normie users, etc), but thinking about the construction of Urbit IDs in the context of traditional web2 onboarding is flawed.
Urbit stands in contrast to web2.
It stands up against a world where you don't own your identity, where you are shit-outta-luck if you want to pick up and leave with your data, and where walled gardens lack even the semblance of a permissionless gate. To shy away from the sovereignty--that is, the pairing of liberty and duty--that Urbit affords to it's users, is to shy away from it's greatest value proposition for early adopters.
The nature of L1 is a feature, not a bug, for the type of person who is most likely to be drawn to the digital sovereignty that Urbit offers. The person seeking to exit the constraints of being a line in someone else's database. A subject of megacorps' social manipulation. A dissident who questions the legitimacy of State power.
If the value of L1 is hard to recognize at first glance, let's look it it through the lens of legacy institutions and identity layers.
Take a look in your wallet, and through your filing cabinet (or wherever you stash random paperwork). What sort of records do you have, and from what issuers? Library cards, state driver's licenses, old school IDs, social security cards, passports, diplomas, professional certifications, industry awards, event badges, etc.
Which of these is most widely recognized? Which could be most closely considered your 'top level' identity? That which would work for verifying who you are and giving you access to the broadest set of goods and services in the broadest set of circumstances?I'd bet it is your passport.
Your passport can be used to verify your age to buy beer or your identity to check in to a plane flight; if you don't have your drivers license or your library card, your passport can be used to look up your existence in those systems; and, very importantly, it can verify your identity across nation-states. Perhaps some of these use cases come with a bit more hassle if you use your passport instead of the expected ID, but it works both within, and outside of, it's core issuing network. The affordances it offers come with tradeoffs that might make it less convenient for daily use: expensive and slow to acquire, bulky to carry vs small card form factor IDs, a pain to replace if lost or stolen. But these tradeoffs become 'worth it' because of what it offers: more global verification of the affordances mapped to the identity it represents.
While it is important to understand that you are not your ID card (nor are you your Urbit ID, as much as some might want to be), looking at the legacy landscape gives helpful questions to ask about the way our digital identities interact with our digital environment.
So what does this matter in the context of Urbit? Urbit is a pairing of sovereign identity across cyberspace and blockchains. Because Urbit comes with a personal server operating system it gives a user control over their identity in ways that are similar to a passport. It brings the mathematical protections available in blockchains into cyberspace, as a check against the power of server operators. In fact, this check exists for both L1 and L2 identities. Math trumps server operators. But what L2 loses is permissionless credibility in the blockchain ecosystem. For L2 points to be validated, they must be validated from within urbit. This means a drastic narrowing of scope for the answers to questions 2, 3, and 4.
By recognizing that Urbit is not (yet) the meta-network, we can better strategize about how to grow and have symbiotic (or vampiric...) relationships with other emerging network states. As Ethereum's code- and user- bases expand the number of ways to utilize an Urbit ID grows as well, as does the number of people who can access those new tools. Anything built on top of the ERC-721 standard becomes interoperable with a Layer 1 identity. But Layer 2 identities do not benefit from the increased functions of additional mechanisms on Ethereum. This means any compounding network effects, say for the way that NFT's control smart contract accounts with devex supported by new open source web3 libraries, will be totally inaccessible to Urbit users who are stuck on Layer 2.
And this isn't just theoretical. We made use of this affordance at Vaporware. In more ways than one.
Using L1 identities meant we could sell software licenses for Tharsis, a p2p real time strategy game, as NFTs. You would mint an NFT to the same wallet that holds your Urbit ID, the software distribution ship would watch the chain for that transaction and you would get whitelisted to download the open source software, and of course then you would play with other NFT holders. You could even use this mechanism to buy the game and send it to your friends.
Beyond basic app sales for existing urbit users, the affordances of Ethereum smart contracts meant that we could do crypto-native onboarding of hosted urbits. We partnered with Red Horizon such that they would boot an urbit ID and while retaining the management proxy, they would transfer the ownership keys to an escrow contract, and then customers could pay the contract to withdrawal an Urbit ID and then sign into that running Urbit by signing a message using their ethereum keys. No +code
required, no email sign up link, just pure crypto onboarding and immediate sovereignty over their identity for the customer.
And of course with MiladyOS we explored the space of software licenses owned by an Urbit ID, instead of an ETH address, using ERC-6551 Token-Bound Accounts (plus a few other little affordances). By building on top of the EIP-6551 standard, we were able to extend both the functionality of Milady Maker tokens to hold additional assets, as well as Urbit IDs to own their own software, where then the ownership relationships that were visible on-chain to all parties enables private off-chain (on-urbit) interactions across a peer-to-peer network.
Of course, being that this is a nascent design space, the theoretical vastly outpaces the current implementations. Once you have a clear understanding between the affordances of L1 vs L2 identity layers, ideas abound:
And the limitations will prove to be increasingly painful for a digital-first identity that is fundamentally linked to a turing complete computer:
So what's the call to action here? I don't necessarily want to say L2 is irredeemable or worthless. Cheap and easy onboarding of new users is table stakes for most software these days; it is the expected user experience. But the limitations of L2 should not be cast off with a "yea but just build X
on urbit instead because reasons" or "L2 just as gud". Because it isn't. Rather, L1 and L2 identities should both be used deliberately and the messaging around them should recognize the fundamental differences enumerated here.
And perhaps the ecosystem should start some serious thought about how individuals can move back to L1 from L2, as newly onboarded users (say, from free Tlon hosting) grow in their affinity for both the software they have, and the relationship they have built with their particular @p
.