Payments, Personas, Provenance
The provenance of people (as well as things) becomes public, unforgeable and immutable.
Dateline: Toronto, 8th November 2023.
Elon Musk says that Twitter — now known as "X formerly Twitter” to everyone else and “TwiX" to me — is going to implement a "small monthly payment” for users. In a conversation with Israeli Prime Minister Benjamin Netanyahu, he said that this strategy represents the only way that he can think of “to combat vast armies of bots”. The strategy may end the bots wars that rage across the Twitterscape but it may also end the social media platform as a place for news, entertainment, learning, revelation and debate as well. Surely there are other options?
Blue Man Coup
The Twitter Blue payment strategy doesn’t seem to have delivered. There are some Twitter Blue subscribers, of course. And they have some interesting characteristics. Researcher Travis Brown, who has been tracking these subscribers, says that around half of all the users subscribed to Twitter Blue have fewer than 1,000 followers. That's approximately 220,132 paying subscribers. Breaking down follower counts even further, there are 2,270 paying Twitter Blue subscribers who have zero followers!
Would making “people” pay for accounts make any difference. No, of course not. The Blue checks that used to be a form of verification became something you paid for and are now often a signal that you’re a troll! Anyway, it is a terrible way to fight spam. That’s probably not Mr. Musk’s real objective thought, it’s probably just to get people’s credit card numbers and get them used to paying for TwiX. Will they though?
Perhaps a better overall strategy might begin by recognising that the issue of payments for using the services and the issue of the services being used by living human beings are actually quite separate issues. Mr. Musk needs to solve not one problem, but two: payments and personhood. Let us look at these independently and see if there are suitable strategies available to deal with each of them.
Let’s look at payments first. As an enthusiastic user of the service from the earliest days, and as someone who was refused a blue tick in the old days and refuses to pay for a blue tick in the end times, I would prefer a shift towards more of a subscription model of the kind that Professor Scott Galloway has been calling for for some time. As a pretty heavy Twitter user, I think this is probably the way to go. If things are tiered properly then most users will pay nothing and users with millions of followers will pay a lot, which seems like a pretty reasonable way of organising such things. That is, Mr. Musk could charge people for access based on the number of followers that they have.
I can imagine this working in a logarithmic progression, so for people with up to 100 followers use of the service is free, up to 1000 followers it is $5 per month, up to to 10,000 followers it is $10 per month, up to 100,000 followers it is $20 per month, up to 1m followers it is $100 per month and over a million followers is $1000 per month or something like that. This would allow for casual engagement as well as “industrial” use by celebrities and brands. It wouldn’t get rid of the bots with zero followers, but that’s the second problem, personhood..
Working out whether a social media profile is a person or a bot is central to X's problems and it continues to deploy new tactics in this battle. In recent times, a number of Twitter Blue-subscribed profiles have been approved despite being non-human entities. So now it is hoping to solve "some of the confusion left by its change in identity verification policies" by pairing up with digital identity company Au10tix* to offer account verification based on government IDs.
I wonder whether social media companies should be taking on this problem themselves though. If X or Instagram or LinkedIn want to know whether I am a real person or not, they do not need to establish it for themselves because there are already lots of people who could testify to my existence. And one rather obvious place to seek relevant testimony would be at my bank. Mike Chambers, who used to run a substantial fraction of the U.K.’s payments infrastructure as the CEO of BACS, recently pointed out that Open Banking offers a potential solution to the general problem of ID verification by taking the customer due diligence performed by banks and making it portable. This is, for example, what Adobe does with the U.K.’s OneID so that Acrobat Sign customers can include a verified signature from a verified identity in their e-signature processes.
Open banking would in many countries enable a step change in providers’ ability to offer genuinely frictionless onboarding. How? Well, when I go to sign up to a social media site, instead of asking me to work out which of nine pictures is a motorcycle (actually, robots can solve these puzzles faster than people can anyway) the site can send me over to my bank, where I can be strongly authenticated using existing infrastructure.
How would that work? Well, when I go to sign up to a social media site, that site can bounce me to my bank (where I can be strongly authenticated using existing infrastructure) and then the bank can send back a cryptographically-unforgeable token that says “yes this person is real and one of my customers”.
In other words, they could grant me the verifiable credential IS-A-PERSON.
Why would they bother to do this? Well, remember when last year X had a data breach that exposed data of 5.4 million accounts? If X used someone else (e.g., the banks) to do the due diligence, then X would not have any personal information to be stolen. X would know (for example) that I am over 18 and that Barclays Bank knows who I am. And that’s that. There would be no point hacking X (or threatening X) because X would be focusing on running the social network.
This isn’t only about social media, it’s about everything. We need to stop requiring personal data to enable transactions and instead require the relevant credentials necessary to enable to the specific interaction. There is a world of difference between me asking for your date of birth and me asking for proof that you are over 21, between me asking for your address and me asking for proof that you are resident in the continental United States, between me asking you to find pictures of tractors in a confusing array of blurred photographs and me asking for proof that you are a person.
That latter example, proof of personhood, is at the heart of the TwiX debacle. Since there is no IS-A-PERSON credential that TwiX can ask for, banks can’t charge them for it. But suppose there was such a credential? Then it would be a win-win for TwiX to pay $2 to get these credentials from a bank rather than spend $5 to get it themselves.