Appearance
Things you can't easily do today
A short list of things most of us have learned to live with. They aren't laws of physics. They're the consequences of building applications without identity at the foundation.
Your stuff, your devices
- Sync files between your own devices without signing up for a service.
- Send a file to someone in the same room without going through the internet.
- Back up your phone to your own computer without iCloud or Google.
- Access your own security camera without the manufacturer's cloud.
Sharing with people
- Share a photo album with family without everyone creating accounts on the same service.
- Send a large video to a friend without uploading it to a company that now licenses it.
- Give someone temporary access to something, and have it actually expire.
- Collaborate on a document with someone at another company without both paying for the same SaaS.
Identity and accounts
- Prove you're over 18 without revealing your birthday, name, and address.
How this works
An issuer you already trust — a government identity service, a school, a notary — signs a small statement against your identity: "this identity is over 18." You present that signature, not your ID. The verifier checks the issuer's signature and learns nothing else about you.
- Sign a contract with someone without paying a third party to witness it.
How this works
Each party signs the same document with their identity key. The signatures are part of the document — anyone can verify that both signed it, when, and that the content hasn't changed since. Witnessing is a property of the math, not a paid service.
Have one identity across all your apps instead of two hundred accounts with two hundred passwords.
Delete your account and actually have your data disappear.
How this works
There is no central account to delete. Your data lives on your devices and on the devices of people you shared it with. "Deletion" means revoking further sharing and asking the peers who have copies to forget it — a signed request they're protocol-bound to honor. You can't physically reach into their devices, but the company that used to hold your data simply isn't in the picture.
When things go wrong
- Keep your messages when a chat app shuts down.
- Access your files when a cloud service has an outage.
- Talk to your team when the internet is down but you're on the same network.
- Recover your digital life after a company bans your account by mistake.
Fraud and phishing
- Receive an email that looks exactly like your bank — and have any reliable way to know if it really is.
How this works
When the bank has a published cryptographic identity, every message they send is signed with their key. Your client verifies the signature before showing you the message. The look-alike's signature doesn't match — it isn't the bank, and you find out automatically, not through your judgment of how legitimate the email looks.
- Click a link to
paypal.comthat's actuallypаypal.com(with a Cyrillic 'а') — your browser can't tell you.
How this works
The URL stops being the trust anchor. The site you reached either has a signature chain that ties it to the real-world PayPal — one your device already trusts — or it doesn't. A pixel-perfect look-alike on a similar domain has no such chain, and the browser knows it before you see anything.
- Get a call from "your bank's fraud department" and verify it without hanging up and calling back.
- Have your identity stolen because a company you barely remember used once stored your details in a database that got breached.
Bots, AI, and trust
- Know whether the account you're talking to is a person or an AI.
How this works
Identities have history — contacts who've vouched for them, a trail of signed interactions over time. Creating an identity is free; creating a reputation that real people endorse is not. AI assistants don't disappear — they exist as someone's AI, signed by an identity that takes responsibility for what it says.
- Distinguish a real customer review from one generated at scale.
- Block a troll permanently — they make a new account in thirty seconds.
How this works
A fresh identity is cheap, but a fresh reputation isn't. You set your own filter: messages only from people within two contact-hops of you, or from identities endorsed by someone you trust, or with at least N signed interactions over six months. The troll makes another account — an empty one that doesn't reach your inbox.
- Verify that a petition has signatures from real people, not a script that generated fifty thousand "supporters."
Kids and family
- Let your child use an app without a company building a profile on them.
How this works
The app runs on the child's device, not on a server collecting events. It sees whatever the user (or their guardian) grants it — typically the child's identity, certain contacts, certain documents. There's no event stream flowing out to be aggregated.
- Approve who your kid can talk to online at the protocol level, not as a parental control bolted on top.
- Share a list of trusted contacts with other parents without a platform deciding for you.
If you noticed how many of these you've just learned to live with, that's the point. None of them are unsolvable problems — they're the predictable result of one architectural choice, repeated across every app: identity is something the service hands you, not something you bring. The Wish stack is a working bet that the other way around is possible. Each item on this list either becomes straightforward, or becomes the only hard problem that's left.