Data and Identity in a Decentralized World with Evin McMullen from Serto

Host:  Hey everybody.  Welcome back to the unstoppable podcast.  I'm your host, Diana Chen.  And I'm here today with our guest, Evin McMullen.  She's the co-founder at Serto, and she's also a guest lecture on the side as well.  Serto, the company she's working on right now, it's formerly called uPort and they are bridging the intersection between data and identity.  And I'm super-excited to talk to Evin about all of this, because obviously we're, you know, very focused on digital identity, decentralized identity at unstoppable domains.  And I have learned so much from Evin and can't wait to have her on to share all her knowledge with all of you as well.  So welcome Evin.  Thanks so much for being here.

Evin McMullen:  Thanks so much for having me Diana.  Great to be here.

Host:  Awesome.  So before we dive into CTO and all the cool stuff you're working on right now, I would love to hear a little bit more about your background, how did you get exposed to crypto in the first place and what was it that caught your attention and pulled you down the rabbit hole?

Evin McMullen:  I love this question.  How did I fall down the rabbit hole? So when I was in undergrad in college I had an absolutely incredible young woman as my professor Elizabeth Stark, who is now leading efforts and lightening labs.  But when I was a student she got me really excited about free and open source software, the FOSS and Floss movement and creative commons, the Berkman Klein center at Harvard, as well as, the Yale information society project.  So that sort of dynamics around all of those parties were really focused on freedom of information and what the self-sovereign data future might look like.  And so for me, I was very frustrated at first because there didn't seem to be any technical solutions that could allow for an alternative to the surveillance capitalism that was swiftly snowballing around me at the time as Facebook and Twitter really took off as part of our shared experience in digital culture.  And so when I first encountered the Bitcoin paper, a few years later, I actually believe it was through that same set of conversations and same set of folks, it started to peak my interest.  But again, I was sort of frustrated because it really only decentralized the autonomy of value in a really straightforward way.  And so yet, you know, didn't present the, the rich multi chain ecosystem that we can look forward to nurturing today.  But what really sold me on the promise of decentralization was the, the premise that we as individuals might actively participate in the exchange and use of the data we generate as work product, that's realized as values by, you know, as value by the enterprises around us.  And so having that sovereign rule I saw as a really exciting opportunity not only to better direct how our data gets used, but also to uplift, you know, citizens individuals with greater, you know, consent and participation, but also greater share of value.

Host:  Got you, got you.  So now that you are working on this in a decentralized manner, tell me how you think about identity and data today in the context of, you know, having data and identity be on-chain versus off-chain is—like, what's your view on that?  Is it everything should be on-chain or should—is it, you know, half and half or—just explain how you're thinking about that?

Evin McMullen:  That is a great question.  So I am an off-chain supremacist.  No, just kidding.  But I think that we should look to on-chain transactions as we do, you know, limited resources.  They are a public utility that requires a significant amount of effort and energy and documenting anything immutably in a public context makes a very opinionated decision about that piece of data and perpetuity.  And so I see off-chain data as the great flexible alternative to public immutable on-chain transactions that can complement the blockchain based data ecosystem that we have today with more mutable flexibility that evolves, because that's what we do as human beings.  We evolve and so does our identity and the privileges that we gain as a result of that identity.  And so I see on-chain transactions as an exciting way for us to achieve public consensus in a decentralized way.  However on chain data is not useful for everything.  Personally identifiable data, data that's specific to us individually does not belong in a public immutable form, immediately accessible to all.  If we think about, I was mentioning earlier, the surveillance capitalism landscape in which we live right now, where our data is exchanged without our knowledge or consent, that data gets exposed to a lot of parties.  But putting personal data on chain exposes our data to even more parties, literally the entire universe of potential individuals to access data in that public and on-chain form.  So I see off-chain data is optimal for personal data, data that evolves, data that might be private, that isn't useful to share with everyone, that we don't need to have public consensus about, or that might have additional relevance if it is not public.  So everything from individual academic achievements to STI status, to ethnic, you know, ethnic group and genetic markers are all examples of data that's imminently relevant and valuable to us as individuals, but would not be appropriate to share in a public immutable setting like a blockchain.

Host:  Yeah, I totally agree with you.  I think we were talking last time, and I had to go get a COVID test recently to go into Canada and they made me fill out this super long form that was like your ethnicity, your marital status, all of these things.  And I was like, how is any of this related to me getting a COVID test, like all you need to know should be like my name, maybe my date of birth to verify who I am.  And that's like, in my mind it's like, about all you need to know to like administer a COVID test and tell me whether or not I have COVID, right.  So I guess, like in your ideal model, how would, practically speaking, how would it—how would we port around this data, you know, whether it's like, our health information or our passport and ID, like, our PII, how would we port around all of that?  And then how would we use it in the context of, you know, having to do things like, get a COVID test or whatever you might have to do?

Evin McMullen:  So, Diana what's pretty wild right now is if I were to take some data about you and send it to you and ask you to hold it in a place so that only you owning control, you'd have very limited options.  And so the first order of business, before we start, you know, throwing around any of these data types is to define where, where are we going hold our a personal data, where might we be able to stash it so that it's ready for us to retrieve whenever we need it.  We can selectively share it or disclose it with other parties that need it, but only disclose it under terms that we agree to, and for a duration that's appropriate for our needs.  So we're not, you know, we hand over data, we don't necessarily need to do that in partiality with no limit on its use.  And so the lived experience that I envision of the physical form of that, I think is going to start off with an experience very similar to the WEB3 wallets that we enjoy today for holding our tokens and our collectibles.  So if you can imagine in your MetaMask or your Liquality wallet, one day we might have tokens, collectibles and credentials, and we might be able to manage, in a wallet context, a review of our vital documents.  So imagine a digital version of your driver's license that you could present to an establishment or to a law enforcement officer to share your government identity.  You could also include a university transcript or diploma to share some of your academic identity in that way.  And additionally, you could also have medical data. And actually, if we look at the example beings—examples being set by apple, and the way that they're creating medical records that can be owned and controlled by users, Apple's actually adopting, some well accepted technical standards for secure off-chain signed data already in delivering those health records to users.  So in the same way that we manage the digital assets under our control through a wallet interface, I think we could manage the data and qualifications and achievements that we have as individuals through a similar interface in the same way that we manage the contents of our wallet with our COVID-19 credentials physically in there.  Although minor credit—my card's kind of big, so it doesn't quite fit.

Host:  Yeah, for sure.  And then I'm imagining too that the wallet would have certain features that let you show, you know, a certain category of information like, for instance, if all I'm trying to do is like, go out to the bar and get a drink, and they just need to know that I'm 21, I can just choose to reveal my date of birth and they don't have to also, know where I live and know all this other information about me, right?

Evin McMullen:  Totally.  A classic use case for off-chain private data is the bar bouncer, who right now gets to know your eye color and your home zip code.  But really, all you need to tell them is whether or not you are over the age prescribed for a safe entry to their space.  And so when we think about how these credentials that we might build up and might be able to control ourselves could be presented in the future.  I think it's really exciting to think about how we might not even need to actively participate in clicking a button.  Imagine being able to physically walk into a space where a door opens based on the credentials or qualifications that you have, or being able to go to a show and physically enter, like a concert and physically enter a special area, you know, toward the front, because you have credentials that prove that you've listened to a thousand hours of Blauw [phonetic] and been to 10 of his shows before, and so therefore you're a super fan.  And so being able to imbed role-based access, which is basically what credentials allow us, into the physical environment around us, into the digital environments we enjoy in the metaverse.  And even to basic things like, who has access to what permissions and software at work could all be made so much easier if we start organizing data around the subject instead of around decentralized database.

Host:  Yeah.  Okay.  That's even more fascinating than what I was thinking.  So it's like, we don't even need a bouncer to verify our date of birth, like, no one even needs to know our date of birth, right like, maybe you don't want them to know if you're, you know, 22 or 42 and all you want to is get into the bar.  It just is like a yes or no like, a green light or a red light that either gets you in if you're 20—over 21 or denies you if you're under 21 like, that's literally all that has to happen.  And it can just be something you scan your phone on, or it could be like a security gate or, you know, anything else, right, like we don't even need a bouncer in that case.

Evin McMullen:  And I think what you're noting really highlights the value of all Web3 crypto primitives, which is that when used thoughtfully, they can lower the cost of coordination between parties that don't know and don't necessarily trust each other.  And so whether that's being able to provide special privileges based on your qualifications or whether that's being, you know, ready to transact with another party in a certain way, even without being intimately aware of how they operate, credentials can help us to source out whether or not a counterparty fits the criteria of what we're trying to achieve.  And so when we think about the complex types of problems that we try to solve in WEB3, obviously we think about, you know, problems like allocating treasuries.  So we're using our Ethereum addresses as identifiers for each other, we can tell how much value is in one another's wallets, we can see the public transactions that we're performing, but those identifiers really only tell us about how much wealth we have and what our past transaction history is.  And so if we want to solve more complex coordination problems than treasury allocation, we need identifier that tell, you know, to—that allow us to tell one another more about ourselves than just how many assets we have or what kind of wealth we have.  So those complex coordination problems require more complex kinds of reputation, and that's where off-chain data really comes in handy.

Host:  Got it.  Okay.  So that's off-chain data.  There is also on-chain data.  You, you said previously, you know, there are certain situations that make more sense to keep your data off chain and then other situations that make more sense to keep your data on chain.  So we've talked about the off-chain part.  NowWEB, let's talk about the on-chain part, what kind of data makes sense to keep on chain?

Evin McMullen:  So I think about on-chain data as being optimal when we need to write once, never erase, we need everyone to agree, and we need everyone to, sort of, actively be able to reference that information in perpetuity.  And so obviously financial transactions, where we want to, you know, eliminate a double spend problem, are very, very helpful transactions between parties that otherwise don't have a trusted line of communication.  So enterprise interactions can use the public chain to maintain the state of disparately held databases that are managed by separate parties that don't otherwise interact.  And so it's basically like a giant single state channel between two parties.  And obviously, you know, financial transaction data on-chain can also correlate with various community participation activities.  So for example, if you are a canonical signer for a DAO multi-sig wallet, the transactions that you sign off on have more value and more weight than just financial, because you're acting on behalf of that organization.  So there is some social merit to making those transactions public.  So I think that the nice complement of these sort of public transactions is being able to build, you know, flowing mutable evolving context around those transactions so that you can always, sort of, interrogate them, find further, I don't know, contextual data and reputation in them so that we aren't beholden to single address sends an asset to another address.  And then all of the rest of the trustless data, or rather there's no more trustless data available, or we're not capturing data about that transaction event in any other form.

Host:  Got it.  That makes sense.  Okay.  So tell me about Serto and what you're building there, and how it relates to everything that we started talking about already.  So maybe—why don't you start from the beginning, like, how did you initially get the idea for Serto, what problem were you trying to solve, and then take us through what the journey's been like so far.

Evin McMullen:  So Serto builds upon the shoulders of giants.  Teams like uPort preceded our work in exploring what it means to empower an end user or an enterprise with the ability to create a decentralized identity, a set of keys for which they can sign off-chain transactions and attest to pieces of data.  So uPort's work occurred before the W3C and other standards organizations agreed upon what we enjoy now as the technical standards for decentralized identifiers and verifiable credentials.  So Serto's effort picks up around then, we make it really easy for organizations to get started with a decentralized identifier and to issue, request, disclose, and revoke, and just generally manage credentials that that organization writes about itself and about others, as well as, how to share those and how to, sort of, populate them to give them value in their community exchanges.  So Serto began our work with a rigorous interview and research process, where we really wanted to understand how is it that enterprises are beginning their journey into self-sovereign identity, and where are the gaps between reading about the technical standards and actually using them.  And so we found very limited landscape of tools available for especially business leaders and technical leaders to be able to do things like, issue a credential signed by their organization, proving that a given individual is an employee or proving that their business is part of a consortium with other organizations.  And so we offer a suite of tools starting with an AWS marketplace app that makes it really easy to create that identifier and get started with credentials.  We also have a cross-chain search engine called Serto Search that makes it really easy to find out more information about a credential you might find in the wild or businesses that are set up and ready to interact and decentralize ways, and the decentralized identifiers that those businesses use to represent themselves.  And then lastly, we have Serto schemas which like schema.org is an in browser sandbox to create, review and share different kinds of verifiable credential schemas, which are basically the data taxonomy involved in defining a given credentials.  So we've got credentials for everything from COVID-19 vaccination proofs to VIP access at concerts.  So any kind of privilege or achievement that is personal or specific to a given individual, we can create a schema for using those tools.

Host:  Got you.  Okay.  So let's—there is a lot there, and a lot of it was very technical, so let's break it down and try to talk about it more practically, so people can imagine the real world's scenarios when they might use it.  And just to back all the way up, when you say decentralized identifier, what do you mean?

Evin McMullen:  Yes, that is a super key term.  Let's define it.  So a decentralized identifier or DID is basically just a public key, a string of letters and numbers, and a set of private keys that the owner, you know, holds and uses to sign off-chain messages, so statements that that individual makes.  So for example, I might write a credential that says I spoke with Diana about decentralized identity, signed, Evin, and I can give you that credential and you can show that credential to anyone else, and they can, you know, look at it if they trust me, they'll trust, what's contained they're in.  So the magic of decentralized identifiers is that they are built upon, or sort of extend the capabilities first illustrated by PGP, which is a, basically, a protocol capability to identify counterparties and have a set of keys that allow you to sign off-chain transactions or private transactions.  However, the challenge with PGP is that you couldn't rotate your keys, and so if you lost your keys or they became compromised, you're kind of out of luck.  And so decentralized identifiers came along and offered a new approach to public key cryptography that allowed the identifier to rotate those keys in the event of compromise or handing the identifier over to a new party, whatever that might be.  So another really wonderful trait of decentralized identifiers is that the way they are composed include the ability to turn any blockchain address, most blockchain addresses, so for example, an Ethereum address or a Bitcoin address into a decentralized identifier.  So the namespace of that identifier can be populated by an Ethereum address.  So imagine I use my regular Ethereum address to send transactions to and from Diana, I can create a decentralized identifier using my Ethereum address, kind of like an off-chain backpack for my Ethereum address that can hold off-chain pieces of data written about my Ethereum address.  But I can also use that identifier to sign messages, sign off-chain messages from that same identity.  So decentralized identifiers allow us to enjoy the benefits of off-chain data for our on-chain identifiers.  I know it's a little complicated, but, essentially uniting your on-chain transactions with your off-chain reputation gives a fuller picture of who a given individual is rather than basing their entire entity on their wallet transaction history and contents, which is all we can do if we only look at the Ethereum address as our primary identifier.

Host:  Yeah, for sure.  I think there's definitely a gap right now in the ability to port our data from platform to platform and also across, you know, on-chain and off-chain.  It's almost like we live these double lives now, where we've got our digital selves and then we've got our like, IRL selves.  And there's very—there's, you know, other than Serto that I—there's no way that I've heard of two sort of like, port these two worlds together and collect all of your data in one place.  Okay.  Cool.  So I have got my decentralized identifier and then say, I want to put, you know, my driver's license information, my passport information, my COVID vaccination card all of these things onto—into one place, how would I go about doing that with Serto?

Evin McMullen:  So that is there are a few different ways that you could achieve that goal.  So the first question is going to be who needs to sign those documents for those documents in digital form to be valuable to you?  So you're going to want your driver's license to be signed by the DMV, right, and so the ideal form of that driver's license would be a verifiable credential issued to you by the DMV, signed by the DMV that you can carry around and present.  Alternatively, there might be a third party like digital driver ID co.  And they might be permitted delegate of the state and they can scan your driver's license and sign a credential saying that their company has validated it, and therefore it needs the appropriate success criteria of a digital ID.  That's basically the process that's, that is going to be most helpful in collecting those credentials is making sure they are issued to you by a party that is qualified or trustworthy to be issuing them.  So for example, a COVID-19 credential issued to you by Gucci is not very helpful because Gucci is not an authority on COVID-19 vaccinations.  So this also gets into the importance of having a really secure practice around who's allowed to issue certain credentials and how that process occurs.  And so that's part of why at Serto we're really focused on bringing enterprises on board first, allowing them to define what kinds of credentials they issue, and then practicing what it means to—to give out those credentials and then test their use out in the world.  Because one of the really exciting things about verifiable credentials is that I can give a credential to you, you can present that credential to another party, they can trust it without ever having to speak to me.  And so this is useful in an academic context where you want to show your academic achievements, but you don't necessarily want to make your new employer call the university to check whether you went there.  Or even if we think about LinkedIn, having the ability to interrogate any attestation on LinkedIn to make sure that it's as true as it, you know, as it appears at face value would be really helpful.  Or even if we think about back to the 2017 ICO boom, where just about every token project had Vitalik as an advisor on the bottom and, you know, had some familiar logos having being able to interrogate those relationships further and see what kind of relationship is being attested could be really helpful context.

Host:  Got it, got it.  like, where are you guys in that process right now with, you know, getting enterprises on board, and I imagine a lot of it is, you know, not just enterprises, but like, government authorities, cause that's where a lot of—verifications come from, that we use every day.  So is—I'm just curious because I know, you know, the government is typically the last group of people to jump on board with, you know, an emerging technology.  So how has that process spin for you guys, I'm just wondering?

Evin McMullen:  Very experimental.  We have learned a lot from a variety of both government and private enterprise organizations along the way.  So our team has been actively involved in both the development of legislation, as well as, the experimentation or sandboxing of decentralized identity in the United States, in Western Europe, really, around the world.  And so our current process has really been education first, helping our partners and collaborators both in the public and private sector truly understand the consequences of a more self-sovereign data practice.  And then in terms of, kind of, adoption surfaces, we've seen a lot of enthusiasm and excitement around creating end user wallets that are able to hold, manage and sign verifiable credentials.  So initially that demand was very much on the enterprise side, being able to manage role-based access and to more efficiently conduct business to business communications.  But I think once those enterprises immediate—or started to understand the value of B2B interactions, they turned inward and realized that a lot of these capabilities would be valuable for their workforces as well.  So from COVID-19 credentials to employee credentials, we're seeing a greater focus, certainly this quarter on interest in individual credentials in the workplace, and definitely related to a safe return to work set of goals for a lot of these businesses.

Host:  Yeah, for sure.  So what do you have planned ahead?  What's your roadmap for sort of the annoying question that everybody likes to ask, what's your, what's your roadmap?

Evin McMullen:  It's a wonderful question.  It's a very exciting question because in the coming, probably about, month, the Serto team will be launching our enterprise suite of products in full production.  So up until this point, we have been in alpha and beta testing, preparing no and low code solutions to get folks started with decentralized identifiers and verifiable credentials.  So we are extremely excited to unveil this product suite and to really focus on usability and simplicity of on boarding because, as we know, it doesn't really matter how much your tools scale if the initial experience of them is arduous for especially enterprise users.  So we are also looking forward to dogfooding a bit of our own tech, we're working with the consensus team internally to provide employment credentials to our friends and colleagues, and to start experimenting with those internally.  So I think we've got a lot of fun progress both on partnerships in the public side, as well as, on the internal and more Ethereum ecosystem development side.

Host:  That's super cool.  And I just have to follow up and ask too, like, what will that process look like for the employees, that consensus once you roll out the product to them, like how, yeah, like, just walk me through what that'll look like?

Evin McMullen:  So I think some of that is going to be determined by how our colleagues on the people and talent team choose to move forward with using these credentials.  But the initial distribution, we want to keep as simple as possible with no lift for our colleagues.  And so I think it's probably going to take the form of just sending a credential to their email as a local file.  Just as a very first step, something that requires very little effort on their part, but can be presented in the form of a QR code if and when needed.   And so we're excited about exploring how these credentials might be presented alongside other identifiers or qualifiers to allow for team members to do things like book travel or access exclusive merchandise, or be able to access certain content, special online privileges or even community meet-ups.  And so I'm particularly excited about how verifiable credentials can benefit the community space.  Earlier we were talking about the need for DAO members to cultivate their reputation and build their authority in a way that's also respectful of their data.  And so in the developer relations community, I think off-chain data and tooling will be really valuable, hopefully enabled by Serto to permit these communities to self-organize and to, you know, deliver reputation that can be useful, not only in one DAO, but can allow you to walk up to another DAO and bring your reputation with you without having to, you know, farm in the discord channel for social favor.

Host:  That's the perfect segue into DAO.  I wanted to talk to you about that because I know that's something you think about a lot.  And I did read that the article you sent over, that you had just written about the DAOs and plutocracy, and stuff like that.  So I'm just curious, like, when you think about DAOs, what do you see as some of the major challenges that DAOs face today?

Evin McMullen: So DAOs right now, I think are, and I say this with all love and respect as an enthusiastic member of several DAOs, but Dows are kind of a misnomer.  They're not really decentralized, they're certainly not autonomous and they're not really organized, for the most part.  And so in my experience, DAOs largely amount to token gated discord channels, some which have a shared bank account.  But you know, the—when we use identifiers like Ethereum addresses as the primary method of engaging one another in a DAO that means that the only information we have about one another are our token holdings.  And so when votes are allocated accordance with token holdings and decisions in the DAO are made in accordance with wealth, that feels awful lot like a, you know, like a plutocracy, like the power is delegated in accordance with material holdings.  And if you are trying to solve a really complex coordination problem, like making a product or producing an event, you're probably going to want the individuals calling the shots, there to be subject matter experts in the outcome you're trying to achieve which does not always correlate with the people who have the most money, you know, it's sort of user-centered design, not well centered design in practice.  And so I see a great opportunity with Dows to, to push the bounds of, of what we can do with token gated communities.  And I see some, you know, for example, friends with benefits does a really stellar job of leveraging Web 2.0 tools like Discord to do, you know, all kinds of community organization and management.  So we see some, some more, you know, developed organizations that have more robust forms of reputation, but a lot of that have using Web 2.0 tools and offline tool.  So Google docs lists of people, Discord, et cetera.

Host:  Yeah, for sure.  So in your mind, I guess, like, what are some of the solutions to these problems that you think DAOs can implement?  Maybe you have an answer, maybe you don't have an answer.  I know it's--this is like such a big question.   And if we all, if somebody had an answer, of them, we'd have it figured out, but we're still in such early days and we're still sort of trying to figure it out as we go along.  But in your mind, like what are some ways, in which DAOs could improve the way that they're structured in order to achieve this? Like, like what they're meant to be these decentralized autonomous organizations?

Evin McMullen:  So I think one really easy, you know, first step that we could take, are DAO membership credentials right now.  The only way to signal your participation in a DAO is either a public facing on chain asset, like an NFT or a social signal, like your Twitter bio.  And so being able to delegate or, or hand out proofs of membership that are signed by perhaps the canonical signers of the DAO or some, you know, representatives from the organization would allow for at the very simplest people to move from one DAO to another and show their membership in the first.  And so these kinds of signals are really, really basic tools that we look to in all of the other contexts where we look for reputation.  So whether it's someone's LinkedIn profile their past history on other social media, their past education history, et cetera being able to, to signal your membership in a given tribe would be very helpful for DAOs.  I also think that that embracing verifiable credentials in the sophisticated way that we talked about earlier would be a wonderful addition to contextual reputation for the DAO landscape.  So imagine if in one, do you contributed design work and you provided some social media work and you helped to organize event, you could receive credentials from that, do a testing to your contributions and your excellence in, in membership and good standing.  So then you might go to a different DAO, do present those credentials and say, Hey, I act have already contributed in the following ways. This other Dow thought that my work was really great.  That might be a bit of a proof of work if you will, that you might have a high likelihood of achieving in those in those areas in the new do that you've entered.  So again, DAOs are really, or DAOs purport to lower the switching costs of contributing to one environment and then contributing to another while, also allowing for you know, contributors to have a stake in the outcome, no matter how ephemeral their contribution.  And so we need to have reputation that is as just as flexible and textual as the freedom of contribution that we hope, you know, from other aspects of DAOs

Host:  Yeah, 100%.  I think the point you make about being able to track your, your activity within a DAO over time, I think is really important because that's, sort of, a very key component of DAOs and why people like to join DAOs is because everybody can just contribute in whatever way they want.  But at the same, you know, in the same vein, you want to bring our members into a DAO who will contribute.  And so having that proof of activity from a past DAO, you can say like, oh, I can see that Evin has, you know, contributed this much work in every DAO.  She's been a part of, I know she's going to be an active contributing member.  If I ask her to join this DAO that I'm trying to form.  And so I'm going go for her versus somebody who's like, maybe has membership in like 10 different DAO, but they spend, you know, like less than an hour a week doing work for each of those.  And so then you're like, well, looks like this person is like pretty inactive, just like to like dip their toes in as many things as possible like, not what I'm looking for in this case.

Evin McMullen:  Totally.  Yeah.  Just finding a good—and really that gets at what we were talking about earlier, which is that credentials help us to determine the fitness of one party to meet this—the acceptance criteria of another party,                     whether that's a DAO or a, you know, a techno club checking for the age of their, of their attendees.  And I think this sort of reputation exchange also highlights the kinds of implicit expectations that we have for DAOs.  Of course, we want people to contribute who are, you know, who are going to be members in good standing and who are going to be helpful and useful.  We assume that capability when we build our teams in physical space today but if we overlook the need for these kinds of capabilities and, you know, pretend that everything's already cool with DAOs the way that they are, then we're going to continue to run into challenges, like for example, with trust cues, where DAOs today rely really heavily on Discord.  Many users will become familiar with the leaders of a DAO over Twitter, and then Discord bots, pretending to be those leaders can slide into members DMs and clean out their ledger wallets, or compromise their data in different ways.  And so we need to think holistically about reputation especially in the DAO space where, you know, money is changing hand, reputation's changing hands, and we don't have a common language for how to move our reputation data from one application to another.  And this is true in all of WEB3, the, you know, reputation and application layer data that I generate in Audius doesn't talk to my Geek coin account, doesn't talk to my MetaMask.  And so we create, or we have by centralizing the identity layer for many Web3 apps, instead of using decentralized identifiers and verifiable credentials we create a fractionalized liquidity problem of our own personal data similar to the fractionalized liquidity we experience with tokens and L2.  But there's no Connext or, you know, hot protocol coming to save us.

Host:  Yeah, totally.  I'm so with you on that.  And then another point you brought up earlier too is this like, problem with voting and governance where in some DOAs at least you see that, you know, the people who put in more money into the DOA receive more voting rights.  And so in that sense, it almost just seems like, it's still like money is power, like how—like nothing has changed from our traditional system where it's the more money you have, the more power you have, it doesn't seem very decentralized at all.  What do you see as being a potential solution to that problem?

Evin McMullen:  So, to start off, yeah, it's a—it's challenge.  However, I think there are some teams that without fully adopting off-chain reputation, have started to make wonderful progress toward a more egalitarian or contextual token based voting mechanism.  One team I'll shout out is Popsicle finance, they have token voting, basically, they've weighted their voting system, their governance system based on the duration of your token holdings, as well as, the quantity of token holdings.  So, it incentivizes the hurdle, it incentivizes long term engaged community members.  I know there are also some other teams that provide weighting based on your active participation in previous votes.  And so this incentivizes, you know, making sure that you show up and are actively engaged in all of the voting processes, because there is an additional reward there.  And so, I think those illustrate creative uses of the limited Web3 token wallet ecosystem that we have today.  But they would all be greatly complemented by off chain data to, you know, to even further add, you know, local complexity to—or useful complexity rather, to how much your vote is worth based on your subject matter expertise, or your past contributions more than just hang on to the tokens.  Though, I think that that's a really wonderful step in the right direction. 

Host:  Yeah, yeah.  And another example that just came to mind as you were saying that is Mirror just started doing like, these airdrop tokens to the most active members of the Mirror community.  And that's determined by an algorithm that takes into consideration, you know, how many posts you have on mirror, how active you are, with the weekly voting in the right race like, all of these different factors.  And I think that's a really good way, even though it doesn't really speak to—I mean, it does speak to voting because you can vote people in with your right tokens.  But I think that's a really good way of more like equitable distribution of voting rights within a community.

Evin McMullen:  Totally, cause in, you know, in that capacity those tokens sound like they are—they're proofs of work as much as they are governance tools.  I worry about communities like Mirror sometimes tending toward the Instagram dystopia of like, digital sharecropping content, and needing to perform for social favor as the means to achieving intellectual opportunity of communication.  But that said, I will say that Mirrors really awesome, I love all the content there.  And I think that that dystopia is far off from where we are today.

Host:  Yeah.  What I think—that's a big reason.  I mean, I, I think they've heard that feedback loud and clear, as well.  And I think that's one of the reasons for this new Airdrop token thing is so that you don't have to put yourself through this right race, which some people might see as a popularity contest or Instagram 2.0 situation.  And here you can get Airdrop tokens if you're a valuable member in the community.  And now it's like, if you get airdrop these tokens, all you need is to get somebody else on to the platform is one right token and you could give it to somebody who is like a no name person, but you know this person is super smart, has a lot of good things to say, and—but just would never like, win this popularity contest that is the right race.  And so you can just give them this token they can get on the platform for you know, skipping through all of those steps and still be able to be part of the community.  So, I think that's—that was sort of their response to this criticism that it's become somewhat of a popularity contest.

Evin McMullen:  Totally highlights the importance of the human trust layer here to how you know, we don't have the data vessels to capture all of the qualifiers that would lead to the right outcome.  And so sometimes it's just more useful to circumvent, and to allow human beings to be the transport layer for their own data and their own reputation.

Host:  Yeah, yeah, totally.  All right.  So this last segment, I call this explain your tweet.  This is where I dig through your twitter and I pull out some interesting or cryptic tweets. Your Twitter is a gold mine, I have to say.  You don't tweet super often, but there is so much good stuff there.  I mean, we could have spent all podcasts on these tweets.  But for the sake of time, I've just got—I pulled two or three out here.  The first one is from August 22nd, 2021, you said, Should we start a Web3 PAC, super PAC and run it as a DAO, I bet we could buy a lot of political influence.  This is obviously a little tongue in cheek.  But yeah, I found it to be an interesting tweet, and especially in light of—I mean, I'm guessing you were maybe responding to like, the new bill that was passed and all the drama around that. Was that—is that accurate?

Evin McMullen:  Diana, I think you are the only person who reads my tweets. So thank you.  But that note was partly in response to the tremendous organization and movement I saw on the Web3 community to respond to the recent infrastructure bill.  But beyond that, it also occurred to me recently that the decentralized community does a great job of being decentralized in that we do not have a unified voice.  And the tribal chain aligned, you know, battles between our respective Web3 fiefdoms do us no favors when it comes to communicating with the regulatory, you know, environment powers that be.  It is weird to me that there isn't a crypto PAC, because there is an implied crypto voting bloc.  We all care deeply about many of the same issues.  And the rash decisions, you know, occasionally proposed by especially the US government, should have some mechanism to receive feedback and guidance from the industry that they purport to regulate. In my free time, I have contributed to writing progressive legislation for the state of New Jersey.  I spend a lot of time educating folks on the basics of Web3 from people who work at the Fed to high school students.  And so I was reflecting on the fact that this is a needed force and organized party.  But it also occurred to me that DAOs are such a familiar structure, It would be a really beautiful pairing to have a DAO devoted to political action and education.  I think we could also show many government how it's done if we tried really hard to illustrate new forms of governance.

Host:  If you end up forming this DAO, let me know.  I'm so in. I think there's such a big need for this as has been made extremely clear in the last couple of weeks with all of this infrastructure bill talk.  I think, you know, we've all seen that there's just—the big problem is that there's a lack of education in our decision makers, in our country.  And I think your proposed solution, whether you're being funny or serious is actually a good solution to that problem.  So I am totally there.  I'll work on this with you.  I love that tweet.

Evin McMullen:  Well, if anybody wants to form a crypto PAC DAO get into my DMs.  And Diana, you and I and our new friends will tackle it together.

Host:  Yes, yes.  Let's do it.  I love it.  All right.  This next week I've got is from August 18th 2021, you said "technical quality varies in canvases for art, leather for handbags, wood for furniture.  Technical quality also varies in NFTs. All NFTs are not created equally.  Metadatas, smart contracts, choice of chain and identity data can separate a flimsy NFTs from a technically robust one."  Okay.  So I think this is really important.  I actually just tweeted something about like how NFT, most NFT artwork is not actually on-chain like people think it is, and it can disappear very quickly.  And you just wrote about like even more elements to that.  So, can you dissect that for people listening?

Evin McMullen:  Certainly.  So, in the same way that creating physical art offers an artist the opportunity to make choices about their expression.  So for example, a block of wood turned into a sculpture offers many opportunities to cut and to finish it and to put it on a pedestal, to present it, what light to use.  So similarly, when we create an NFT there are a lot of choices that we can make about how to express that crypto asset.  The underlying blockchain upon which the NFT is built offers us different capabilities.  For example, an NFT mentioned on the NEAR protocol has the ability to retain revenue splits, regardless of which application it's resold on, whereas on the Ethereum blockchain, those revenues splits are largely going to be application specific.  So for example, limited to open sea only, but if sold in a private sale aren't going to carry over.  Additionally, as, you know, as mentioned, there are ways that you can store the metadata of the NFT itself that differ.  So, you know, many people as you know find it frustrating and confusing when they learn that the NFTs digital container is the only bit that's unique and stored on chain by default, and that the URI contained there in can point to a centralized server, can point to decentralized, you know, servers can point kind of, anywhere.  And so depending on the goal of your NFT, the type of storage that you use for its contents can be more or less useful.  So for example, if I store the image, JPEG of an NFT that I want to give you on my own servers, and it starts off as a beautiful photo, let's say it's—it was a Justin Aversano Image, a beautiful photo that, you know, noted NFT photographer Justin Aversano is minted.  So I send it to you, but let's say I'm storing that image on a centralized server that I own and control, I can send you this beautiful photo NFT.  And then after it gets into your wallet, I can say, yeah, Diana doesn't really deserve a Justin photo, I'm going to swap that out for a picture of, I don't know, Clorox wipes, because that's something that we've all thought about for the last year, and so now, you're stuck with this, you know, like, cleaning product image when you thought you were getting a piece of art.  And so having your NFT metadata stored in a manner that relies on another party that's not trustworthy puts it in danger, you don't know what's going to happen to that, like, it could turn into a jar of Clorox wipes.  And so additionally, the way that that metadata is stored and the form of it also gives you the ability to add value or sort of detract context from an NFT.  So as we know, NFT's can only contain a very small amount of data, and so usually that's a link to data stored elsewhere.  However, NFT can also be the subject of a verifiable credential.  So you could write a credential stating that, let's say an NFT was exhibited in the Louvre, signed, the Louvre museum, and suddenly that NFT can carry around with it a proof of exhibition.  Right now, if you and I or you or I were to call up Christie's and try to buy a Basquiat, that Basquiat would come with an exhibition history.  That's pretty standard, provenance history condition report exhibition history.  But for NFTs, we don't even have the data taxonomy to keep track of the exhibition history of these works that can be shown not only in physical space on a screen, they can be worn, they can be displayed in VR, they can just be displayed in AR, they can be part of a composite multimedia expression.  And so just using the data primitives that we have, you know, already, we can create a much more rich set of metadata for an NFT.  And so you can imagine that starting to really dig into all of these capabilities allows for artists and creators to make a great variance of the types of NFTs and the complexity of NFTs that exist.  One other thing I'll call out is Chainlink and 3box recently had Ceramic, their storage protocol recently had a really awesome collaboration where Chainlink's Oracle can help NFT sort of point to different metadata, depending on events.  So, imagine you could have an NFT that evolves visually over time.  Similar to BT, the artist did an NFT a while ago that had different content for every, you know, moment of a 24 hour period of time.  But imagine you could have an NFT that changes after every time you trade it or that grows up and evolves similar to like, Maroon Five sold NFTs that will visually change based on the amount of carbon in the atmosphere.  So having more integrated tooling around NFTs really broadens the scope of quality and capabilities that we can experience with these assets.

Host:  Super cool.  That is super cool.  Yeah, we've got a long ways to go and NFT's too.  I know it seems like we're, you know, we've come a long way in NFTs, and we have like it's completely exploded this year, but there's still a very long ways to go.  And it's—it is like surprising to me sometimes that, you know, I think a lot of people, even people who are aware that the NFT's they're buying could just, you know, be replaced by a Clorox wipe at any moment, it's like they don't really care, like we're—we've always sort of just bought into it, you know, and I mean, myself included, like I have NFTs that I know could disappear and I'm still doing it.  So, yeah, I think that's interesting to me, and we'll just have to see how that develops.

Evin McMullen:  I think as with all things, introducing off-chain data is going to give us more, more options.  And so as soon as we see the NFT market embracing the ability to interact with both on-chain and off-chain ecosystems then, you know, that—that's going to be for me a big signal that the metaverse has arrived.

Host:  For sure.  And then speaking of the metaverse, I've got one more tweet for you.  This is from August 1st 2021.  You said, "to build the metaverse, we need to think in 3D.  Assume a digital overlay of every physical space, plus portals into persistent digital environments all their own.  These environments will respond based on your identity and preferences."  Tell us more about this.

Evin McMullen:  So, sometimes when I'll talk about the metaverse with my friends that are super into Web3, they'll say, well, where is it?  And the comparison that I like to pull out, sorry if you don't watch Netflix, is in Stranger Things.  The concept of the upside down or having a whole world, that per whole persistent environment that is predicated on the physical world that we enjoy, but has different traits and capabilities.  And so I think of the metaverse as the persistent digital environment that we can create through, you know, Web3, through connected technologies that animates the environment around us both in a very tangible sense, opening doors and in an experiential sense, overlaying visuals and giving us, you know, additional context and choices.  And so when we consider how to build Metaverse experiences, we first have to choose are we going to build an experience that plays off the—the physical environment that we're in right now, or do we want to create a net new digital environment, where we can build the container for narrative from the ground up, and we can make the rules of that ecosystem whatever we want, you know, we can make gravity work differently, we can make sound work differently.  And that the limitation of seeing metaverses as just the ladder, just a persistent digital space really skips over the transition period that I think we're in the middle of right now, where we can use digital experiences to augment or enhance our physical world, or we can use them to completely escape our physical world.  But it's that bridge between that sort of augmented reality phase that is going to carry us from looking on a screen to being inside of a screen in a pleasant and enjoyable way.  And so when I look at a lot of sort of  metaverse design discussions, it kind of skips over this transitory period between where we are now and where, you know, everyone's like, sitting in a game chair with a thing strapped on their face.

Host:  Yeah.  I think when people think about like really new things they like to think in like binary like, it's either a metaverse or it's the real world.  But I think like you said, it's—the metaverse is going to augment or build on top of the real world.  And it's not going to replace the real world.  A lot of people ask me this because I love like, going like, doing things outdoors like, going hiking, getting you know outdoors, and I'd like to promote that too like, get off Twitter everybody, like, go spend some time outdoors this weekend, people were like, why do you like—why are you such a proponent of the metaverse, you know, when you like being outdoors so much, and I'm like, I don't see that being contradictory at all.  I think Metaverse is just an added tool that'll give us like more functionalities.  Like, for instance, instead of looking at you on a screen during this podcast, we could have VR goggles on, we could have decided on a predetermined location like, hey, do you want to record this on the beach today, we show up on a beach, we'll be recording this on the beach, you know, as we perceive what is happening.  And I think that's a much more enjoyable experience than, you know, staring at each other on a zoom screen all day and getting zoom fatigue as everybody can relate to after the last year.

Evin McMullen:  Most definitely.  I think the metaverse is really about the process of unleashing the screen.  You know, in the 12th century, people invented picture frames.  And we haven't really evolved far from consuming our primary media through that rectangle.  And so being able to move the capabilities and freedom and ability to, you know, dive into any given experience that we enjoy in our little rectangles today, being able to move that onto any surface and any space whether it's tangible or not, I think we'll, we'll, you know, open up the vault, the realm of possibility for creation but also for experience.  And we can, you know, live like we have a personal JARVIS with us everywhere, not just in the Tony Stark movies.

Host:  I love that.  Okay.  Well thank you so much, Evin for taking the time to come on today.  Before you go just tell people where they can find you if they want to connect with you personally, slide into your DMs about that super PAC, that Web3 PAC, and also where people can go to learn more about Serto?

Evin McMullen:  Thank you so much, Diana, for having me.  This is so much fun.  I encourage anyone who's interested in decentralized identity and Web3 to slide into my DMs on Twitter @provenauthority.  And you can learn more about our work with Serto at serto.id.

Host:  Perfect.  Thanks again so much, Evin.  Thank you everybody for tuning in.  And we'll be back again soon with another episode of the Unstoppable Podcast.