poztter.org

philosophy · essay 02

Identity chains reinforce identity.

All essays · Trust the data · Identity ownership

No single attestation makes someone trustworthy. But many attestations, from many independent sources, signed into a single record — that's a different thing. POZ is built so the parts reinforce the whole.

how organizations are verified today

Long ago, you trusted an organization because someone you trusted vouched for it — a phone book, a domain name registrar, a bank's letterhead, a friend. Then it became a domain name plus a TLS certificate. On today's internet it's a manually compiled combination of search engine results, review websites, and the user's best judgement: did the address look right, did the social account have the blue check, did the email come from the expected sender.

Every one of those signals can be faked individually. Phishing works because impersonating a single signal is cheap. Impersonating all of them at once, consistently, is hard.

POZ formalizes this

An organization's POZ record can link to its identities everywhere it appears: its primary domain, every other domain it operates, its social handles, its email senders, its phone numbers, its postal address. Each link is a signed attestation from the relevant provider.

When the website, the social account, the phone book, and a dozen review sites all sign attestations pointing to the same POZ record, the user doesn't have to compose those signals manually. The POZ software does it for them. The parts reinforce the whole.

REGISTRAR domain.com SOCIAL NETWORK @handle MAIL host REVIEWS ★ ★ ★ PHONE CARRIER +1 555 0100 ADDRESS 123 Main St. POZ RECORD one organization each arrow is a signed attestation
fig 01 · independent providers each sign an attestation pointing at the same record. To forge the identity, you'd have to forge every chain at once.

individuals too

The same model works for a person. When you find an individual — or an organization — on a social network you trust, on an email host you trust, on a video platform you trust, the handle on any one of those sites can be optional after the first contact. The link from the person's POZ record to those handles is what carries forward.

This matters when something breaks. If a friend's social media handle gets hacked, transferred, or stolen, your trust doesn't have to leave with the handle — your trust was placed in your friend's POZ record, not in the platform that issued the username. The handle is metadata. The record is the person.

why redundancy isn't waste

It might look inefficient to have a single record attested by many different providers. Why not just one? The answer is asymmetric cost. Attestations are cheap to produce, cheap to store, and cheap to verify — but expensive to forge consistently. The whole web has to lie at once, in a coordinated way, for the chain to mislead a careful verifier. Twenty independent providers, twenty independent compromises, twenty signatures. That's a steep wall.

The flip side: when one provider falls — a registrar offboards a domain, a social network deactivates an account — the record itself is untouched. The rest of the chain still verifies. The lost attestation is a single missing link, not a broken identity.

chains are the protocol's job

A user reading a POZ record doesn't need to understand all this. The software handles chain validation. What the user gets is the simple answer to the simple question: is this really them? And the answer comes with a confidence level proportional to how thoroughly the identity has been chained — backed by the providers the user themselves chose to trust.

Continue: Identity is owned by you →