The Great Application Decoupling
April 17th 2022

The following is my opinion on the composition of future software applications.

The common software application is composed of the following abstract parts.

  1. Data: the content the user creates
  2. Identity: who the user is
  3. Authorization: what the user has access to
  4. User interface: how the user interacts with 1-3

In the world we live in today, practically every application implements all four of these parts in isolation from other applications. Meaning, each application has their own database, their own identity server, their own authorization service, and of course their own user interface. Applications may integrate with each other, but they do so through a narrow & highly regulated interface called an API. API stands for “application programmable interface” and you can think of it as a user interface (4) but for other software rather than humans. Anyways, the point is, each application (for the most part) hosts their own isolated stack of 1-4.

Overall, the isolation strategy is suboptimal for the end user.

Users are disarmed from demanding improvements because switching costs are too high. Said differently, users cannot take their digital footprint with them to competing applications and therefore the applications, not under threat of exit, aren’t incentivized to maximum competition. For example, Twitter users spend years building followers whereafter they can’t reasonably make demands in response to a change in Twitter policies because they don’t own their follower list (BTW Twitter is great ❤️ but serves as an easy example).

Users do not maintain ownership rights over their data, which can be deployed without their consent to external parties. Said differently, applications harvest user behavior and sell that behavioral data to buyers unbeknownst to the user — this is a violation of privacy. For example, Facebook can track users and sell their data to advertisers.

Users are unknowingly subjected to algorithms designed to manipulate their behavior, and this is inherently disempowering to users sense of agency. For example, users may go down a YouTube rabbit hole which dramatically (and therefore dangerously) changes their political opinions.

User privacy is vulnerable to the extent of security measures with the given application. For example, if Coinbase is hacked then now hackers are aware of users crypto funds which can become targets for future hacks.

Personally, I find it quite annoying that we all must maintain hundreds of account login credentials, rather than just one. Our government issued license is interoperable to nearly all parts of society, but digitally, such an identity does not exist.

To summarize...

I’m sure there are more issues than this list. Consider the concept generally — users do not own their digital footprint and therefore corporations posses an imbalance of power.

I introduce what I call The Great Application Decoupling.

Basically, all an “application” will be composed of is the user interface (4) and not data (1), identity (2) and authorization (3). Data, identity and authorization will be the concern of some other entity — be that a dedicated corporate provider (a “custodial” solution) or a trusted person (the “Uncle Jim” model where most everyone “has that one uncle Jim who is good with computers”) or the individual user themselves ("running their own node").

By decoupling data, identity, and authorization away from the applications, the user is empowered over their digital footprint, enabling them to freely control their online selves.

The tech for this is not some super-advanced futuristic technology (you won’t see Elon Musk promoting it), it isn’t composed of the buzzwords like “blockchains” nor “NFTs” (you won’t see Venture Capitalists selling it), and there is no speculative gambling element (you won’t be peer-pressured into FOMO’ing in). I’m sorry to say, but to the common person, this tech may appear quite boring. Here’s what is is...

  1. Identity Hubs — data
  2. Decentralized Identity ("DiD"s') — identity
  3. Verifiable Credentials ("VC"s') — authorization

Personally, I find the technology extremely cool because of how the focus of the tech is not the tech itself but the human condition.

This technology is a set of open standards which any developer can develop with. This is crucial, in that the standards — which are opt-in — create open interoperability between everyone.

There is a ton of thought to give into how this technology will be adopted. I don’t want to go there in this piece, as I will not be able to do the analysis justice. Though, because I cannot resist, I will briefly speculate in hopes of sparking curiosity.

I do see this solution as the most efficient/cheapest/disinflationary relative to all other “crypto” offerings, and therefore over a long enough time period the market will naturally adopt this as the most used technology for what people are calling the “decentralized web.”

People may ask, “well what about blockchains?”

I’m increasingly of the opinion, there is sort of three tiers of technologies for the future of the web.

  1. Bitcoin
  2. Alternative layer-1 blockchains (Solana, Avalanche, etc.)
  3. DiD’s, VC’s and Identity Hubs (the focus of this piece)

Each with increasing levels of trust, because trustlessness comes at a cost. BTC will solidify as the most trustless systems — the “store of value.” Alternative layer-1 protocols will emerge as somewhat trustless and be the plumbing for the global financial markets (trading, exchanges, FX, futures, options, derivatives, etc.). DiD’s, VC’s and Identity Hubs (the focus of this piece) will be used by common applications (think social media, NFT's, gaming, etc), corporations and even governments. None of these claims are exclusively true, in reality the lines are blurred, I’m speculating on overarching trends.

As a small tangent, NFTs and gaming belong in bucket (3) not bucket (2) and I suspect this will surprise many. Bucket (2) is primarily useful for financial infrastructure.

Trust, in more use cases than not, is a feature not a bug. Few. 😉

You must think about the common user, and their level of technical qualifications. I harped on this in my previous piece, but I’ll reiterate — individuals skilled in software can largely be entirely trustless at any of these three tiers. The key feature here is optionality — if you want to minimize trust for yourself (and the people around you), learn how computers work at a technical level 🤷. Otherwise, reach out to “Uncle Jim” or use a corporate offering (which is preferable to the current system).

I digress, enough rambling & speculation. There’s a lot more to write here, so I suspect I will continue to do so in the coming months/years.