Digital ID architect builds the escape route

Really understand that you are an individual, you have subjective experience, and how you interact online is being intermediated by all these platform players. So keep your eye out for this idea of protocols that preserve your agency. Understand the innovation of Bitcoin. It's not just money. It's about inverting the security model. It's enabling you to generate your own keys. Maybe just play around with that stuff and really understand that you don't have to be at the whim of Twitter or Facebook or Google or whatever. Tim Buma, welcome. Absolutely. Well, thank you for taking the time, Tim. This is exciting for me because I have incrementally, you know, learned more about your work and how far back it goes and how far in you have dived over the last maybe year or so. And so I'm excited to talk about the two worlds you inhabit. federal service in the federal government of Canada, and your Freedom Tech work. And so

what I would like to begin with is let's sort of lay that groundwork. You're currently, if I have this right, a senior policy analyst at the Treasury Board, while at the same time building Nostra Safebox, which is a wallet design, so quote unquote, no one entity can shut it down, governments included. Walk me through how you think about these two roles, how you inhabit these two realms. Are you trying to bridge them or are they fundamentally separate projects in your mind? Fundamentally, they're together. I think the idea is that like at the root of the value of our societies, we value like the freedom of the individual, mobility. And, you know, you know, in Canada, we have the Charter of Rights and Fundamental Freedoms. And so at the end of the day, like our society does believe in freedom of the individual, freedom of thought, freedom of speech and that.

And sometimes that gets attenuated by like these institutional proclivities that kind of want to serve the government of the day. But at the end of the day, I believe that people have those values. And, you know, some of the discussion that we had just prior to recording, there's like Canadians just by virtue of our climate here, we have no choice but to be good and kind to each other. And like I grew up in a rural setting, dairy farm, immigrants and that, where we had to help each other and that. So at the end of the, you know, we have to look out for each other. So there's nothing, nothing, what I would say. No fundamental tension between the two, as I may have portrayed it. No, and it's always, what do they say? There's thesis, antithesis, and then synthesis. A lot of analysis is about trying to understand what's fundamentally different, what's fundamentally the same, and going through that. And it's really about trying to understand things at a very deep level.

So, you know, as I said, like I was at Treasury Board Secretary at Central Agency, kind of the same as the Office of the Management Budget, like issuing policy, doing oversight of like federal departments and agencies. I was there up until about four years, three and a half years ago. And then I moved into what's called an interchange position, which I was lent outside of government, if you will, to a not-for-profit organization called the Digital Governance Council that's been working on standards development. and also setting up conforming assessment programs. So I've been circulating on the outside, so to speak, in the interest of Canada, of course, but kind of outside the bureaucracy to kind of help with institutional nudging just beyond like the blood-brain barrier. I love it. The policy brain barrier. I don't know what that looks like. Well, and on that note, You architected the Pan-Canadian Trust Framework

for Government Identity Systems, which is quite a mouthful. Did I get that right? Yeah, like I did when I was at Treasury Board, starting back in 2004, 2003, at that time I had been like a management consultant and they liked the work that I did that they asked me to join on what was called a non-advertised position. They really appreciated the work that I did. And so I worked on a lot of the fundamental policy work on identity management and a lot of the treasury board policy was of my making. And then just by virtue of being a central agency, you kind of get put into a bit of a leadership position, whether it's wanted or unwanted. So, you know, we worked very closely with the provinces and the territories and developing like what we call the pan-Canadian approach. I think it's really important to understand that Canada is a very decentralized country. Like we might just look like the

Great White North on a map. To the simple American mind. Yeah, but there's like 13 provinces and territories. There's the 14th of federal government's jurisdiction. Then we have about 300 treaties with First Nations. So there's a whole hodgepodge of jurisdictions, if you will. And like the magic of Canada is that we've managed to kind of work all the stuff out peacefully. Like Quebec is pretty, as far as I'm concerned, it's pretty much like its own country in a lot of respects. It took a lot of the powers for itself. It's literally writing its own constitution now. And that's fine. They view themselves as a kind of their own nation. They have a close relationship with the Francophonie, whereas the rest of the commonwealth, they have their own legal system, civil code, like based on the Napoleonic Code and common law and like Ontario and the other provinces and that. So there's a lot of,

a lot of like latitude for different governance structures. So the work that we had done in the federal sphere, we had to take great pains on making sure that we took like almost like an abstract implementation approach saying, you know, these are the principles that everybody adheres to. We're not telling what technology to use. Prescriptive. Yeah. And we know that we're at the time negotiating on behalf of Her Majesty and Right of Canada with Her Majesty and Right of Alberta or BC or whatever. So there's a lot of like, they call it machinery, government machinery to deal with that. A lot of people just think government's a monolithic creature. It's not at all. So I have a lot of – yeah. So I was going to say I would imagine that, you know, as I mentioned, I lived in Canada for 10 years and that certainly holds true in my expectations of how you might describe it in my understanding.

And so I think what's interesting about that, it may not be obvious to many outside of Canada, is that that, as you say, then does create a certain positive tension with regard to any prescriptive top-down sort of strictures. Absolutely Absolutely Like we just finished a study On comparing And analyzing like the European Union The regulations for digital identity In relation to The Canadian approach I can give you the link to that approach I'm pretty quiet about it I was one of the key Authors of that report Even though my name's not on it And we You know One of the points was, is that, okay, maybe we're not having the greatest relations with the Americans right now, but that doesn't mean we're going to run into the arms of the Europeans and run into the arms of the Chinese. We have to figure stuff out for ourselves.

And then, you know, we did some analysis using model law, like with what's called Unsetral. They developed model law for stuff like electronic signatures, electronic trade, identity management. And I was involved with those delegations like years and years ago. And it's really cool when you get like countries like China and Canada and the U.S. and like debating on the floor about what's good. I can only imagine what that might – that's quite a disparate group. Totally. And what you realize is that there's exceptionally competent individuals across the world. And, you know, we just had to come up with a multilateral approach. And so the reason I'm saying that, I saw like these model laws that eventually become legislation eventually being forged in the fire of multilateralism.

And at that time, we worked very closely with the U.S. State Department. We would actually compare our positions and kind of come up with common statements that we would actually present as interventions. and, you know, sometimes didn't agree with Europeans and didn't agree with Chinese. Sometimes they had some really good points that countered the Europeans and that. So all I'm saying, it's a pretty complex tapestry out there. And at the end of the day, you have to figure out what your values are as an individual, what your values are as a society, and really, really draw from that. And now that's the approach I take is that rather than jump on a political this or that position is kind of really understand what's going on. And I've taken that to heart with the work that I've been doing. And not only policy work, but a number of years ago, I said, well, let's kind of get back into the engineering.

Like I'm an engineer by train. So one thing I've learned is sometimes you don't discover stuff until you actually actively experiment. And that's where Nostra has been exceptionally enlightening because it enabled me to kind of revisit first principles and say, hmm, maybe there's a different way of looking at this. And in fact, on that note, so you're building SafeBox on Nostra, Bitcoin, Cashew, and we'll get into that. it is inherently without central authority. And so I think where you were headed, Tim, if I may, is what has working inside the government taught you about why centralized architecture, as accommodating as the process you have described is, why does that create problems that can't be fixed with better policy in your mind? If you'd agree with that. So there's a couple of questions there. So centralized bureaucracy is a fairly recent phenomenon. It's only been around for 200 to 300 years, a bit longer, really the rise of the modern state.

Like really it was Napoleon that really invented our notion of the modern state where he standardized like uniforms, language, gun training and that and was able to mobilize like at scale, if you will, and good or bad. Right, right. Really, the notion of the modern state came out of what Napoleon kind of operationalized. And that worked fine with the industrial era. It worked fine with the paper and telegraph era. And it worked fine with the colonization and that. It was easy to project power. And it worked well with the U.S. like post-WW2 with like it was kinetic projection of power with the Blue Water Navy and that and all that stuff worked well. And in those cases, a lot of times you do need the centralized or a high degree of centralized bureaucracy to make that happen.

You need to standardize like how jets take off from an aircraft carrier. You have to standardize, like, you know, what the naval training is and what it is. But then, you know, with the internet, like, I don't need to go into this, but then you start getting some asymmetric technologies where the projection of power is under, like, a completely different dynamic. And that's kind of where we're in the cybersecurity realm now. So now we start thinking, well, maybe these approaches, they worked for a while and they still work. But in the new environment, maybe we need to explore some different approaches. And I think probably you've seen, we'll probably get into the detail a little bit later. Like I've been exploring like some like key theories like Shannon's information theory. And then I came across Mark Burgess' promise theory.

And then the other kind of reading tarot I went on with Douglas Hoffman with conscious agency or conscious realism. and just kind of looking at all that stuff and just saying, okay, maybe I can actually come up with a new approach here. What I'm finding with a lot of architecture stuff and you read these fancy reports from the big five consultancies and you kind of look at them and you just say, well, there's no there or there. There's nothing behind it. As is often the case, right? They're not being paid to give answers. they're being paid to protract the program. Yeah, yeah. So, you know, I've been in that game. I used to write those kind of reports. Sure, sure. I know exactly what it is. I kind of know what the strategies are. I always look at them as paid discovery in a sales process, but that's another discussion. Well, let me, and I do, absolutely, you touched on it.

I mean, we're going to dive right next into architecture and trust. I think that's crucial. You touched on something I want to draw it a bit. So the interchange program that you referenced does give you perspective from both sides, though you had it before. It certainly puts you in a place to straddle that fence. Similarly, what does each architecture reveal about the limitations of the other? What can government systems do that permissionless protocols can't? We've talked about the opposite. So, you know, you touched on this with a certain necessity of centralization. So what might Freedom Tech and builders in that realm learn from your experience in government systems? Yeah, like I don't see it's a dichotomy between centralization and decentralization. It's actually taking advantage of the technologies and understanding how they would create what I would say new institutional capabilities. It really hit me last year when my wife and I, we went out for a trip out west and we're in BC and we went to this like ghost town called Three Gap Valley.

It was a railway town and like close by was kind of you have the golden spike in the US and we had the last spike in Canada. And you look at this and just say, you realize that it was technology that built the country. Like the reason like Alberta and B.C. are part of part of confederation was because the deal was made that the steel ribbon across the country would tie tie tie the country together. Otherwise, like B.C. would have been part of the Pacific Northwest. Like, and I take you to mean, as I have understood it over the years, back when I was in the data center game, rail lines were crucial because that's where you laid fiber. But I think, to your point, the standardization of railways, that could not have occurred otherwise, if I take your point. Yeah, and other things, too, like standardization of time, like another Canadian innovation that people don't realize is time zones. Like, you got a country that…

Ah, we get to blame you for that. And then time zones. And then the technology that had to come along with as well. And what really hit me in going to this ghost town, the coolest place to hang out was the watch shop. That's where the conductors and all the train officials would go like at least once a week to get their watches synchronized and synchronized and making sure that they were up to snuff. and then you had the telegraph shop where they would get the time signals in so that they synchronize and then you had the mail, the mail depot. Right. And then it's like, oh, this is really cool. Those are the cool, you know, if I was in like 1883, that's probably where I'd be hanging out in those places. The world before NTP. Yeah, yeah, yeah, yeah, yeah. So like all that, all that. So the point was, is that it's not about centralization and decentralization. It's about coordination. Like you have these single track railways.

And so you had to be pretty good with time because you don't have two trains, two trains like hitting each other. And then if you ever have a chance to go see like Rogers Pass, which the pass is the highest point over the Rockies, like the first generation of trains had to do this loop-de-loop because they couldn't do the grade. And then finally they tunneled and they got through. So, okay, what's the point I'm making is that you see this amazing engineering that was happening like 150 years ago, and it actually affected the fabric of the country and the institutions that we have. and so that's a that's same approach that i'm taking as well is that there's there's some new capabilities like um you know stuff that's been around for like 40 50 years like um asymmetric cryptography right geography hash functions etc so we're in this new digital realm and it's really trying to understand that very deeply at a fundamental level and kind of take away all that

hollabaloo of like, you know, the tech bro language, stuff I don't even still understand. And really started to get down the fundamentals and just. The primitives. Absolutely. The primitives and just saying, well, yeah, this in the mix and you can have it, you can build a totally different type of structure like society. I mean, what I take from what you've said, Tim, which really strikes me is, and there are things that we may know, but then when you hear it said a certain way, is that it is easy to point to technology, big tech government and their use of big tech as such a tremendous negative, to put it bluntly. But what I hear you say is that given enough time, so much of our culture, our society is downstream of standards and technology, which applies those standards. clearly we have to steward them in the right way. But I take your point, which is that it is not so

binary. Let's look at what has come and could only come from standardization protocols and the application of them. But let's be patient. Did I get that roughly correct? Yeah. And it's always like, it's like people like to bang on government saying, oh, they're so behind the curve and that. But I've identified there's really sort of to wave functions, if you will. A lot of times governments do the basic research. They invest in, like, totally, like, defense research. Like, you have ARPA or DARPA, what it's called. Yes, DARPA. Yeah, they're both. Canada, we have, like, the National Research Council. And, like, they do basic research, like, pretty wild stuff. And like the idea of like the idea of the smartphone for example like it literally came out of Canada because like a lot of the original research National Research Council they figured you know some of the later the digital protocols like that we doing for like for voice in like the mid to late 90s like you know the folks from what was called research in motion at the time Motion you read my mind which

those who know RIM may not know that that's what it stands for and it goes exactly to your point. Yeah like Michael Lazaridis and Jim Bolesillie but Jim Bolesillie was more the business guy but they they kind of figured out well like there's this unused bandwidth here and nobody's really using it. So let's like try to figure out how we can jack it into doing email. Right, right. Let's do an arbitrage on some underutilized resources. And the other thing people don't realize is that Canada is probably the number one center or Ottawa is one of the neat, for like cryptographic expertise. So for example, like the University of Waterloo, which I'm an alumni of, like mechanical engineering, like my contemporary. I didn't know him at the time, but Alfred Menezes was the one that started studying like all the elliptic curve cryptography and trying to figure that out.

So literally we were contemporaries like at university. I don't want to name drop, but. No, do it. Thank you for ECC. Yeah, yeah, yeah. So and then like companies in town here, like like my I'll say a family member works for one like they're OGs. They know. Yes. We're a little Diffie and Digital Equipment Corp. The list is long. Yeah. Yeah. Yeah. And in the application of that, I mean, let's let's then jump into architecture and trust. And so SafeBox stores e-cash tokens as encrypted events on Nostra relays. That is, I think, technically precise, but abstract, to put it mildly for most people. Help me understand concretely, Tim, what can I do with SafeBox that I can't do with a traditional wallet or government ID? Yeah, so the idea, the big aha moment I had was last September.

some of you might know I was invited to be part of the Sovereign Engineering cohort so I hung out with back June of last year I was part of the second cohort so I get to hang out with folks like Gigi and Pablo and those dudes in Madeira, Portugal which is a nice bonus yeah and like I I totally like when the Eat a Cashew project came online, I think it was summer of 2022, I got completely fascinated with it. You know, it was Callie that was really leading the charge on that. And so, again, like I'm a first principles kind of guy. I went through and like hacked through all the math and made sure I absolutely understood from first principles what was going on with blinded signatures and that. And then, yeah, I started to hack the cache movement because I wanted, I started to, I'm on my third major iteration of my architecture now.

Like the first idea was, you know. If I may, Tim, let me have you start if you would, please. Let's start with the why, how, and what for a non-technical user. So what is the – and you've written – and I ask this question because I've seen your answers in some of the copy you've written, which I think is terrific. I am, you know, a typical individual. I don't care about the details. But what I am looking at, I am facing, I think, in short order, is a choice between a government-issued digital ID and something else. Help us understand why SafeBox matters, how and what is different about it. Yeah, so the government-issued ID is just a very small part of a larger ecosystem. It could be anything issued by anyone, okay? I had a very formative event when I was traveling in Europe after university. I had my wallet ripped off.

and you know i think i was in like finland tampara finland or whatever you know i you know i had a call home and had my parents cancel the credit cards and you know and um that feeling of being ripped off just never never never left me even when we travel to this day with my uh my wife and i we we have this security protocol to make sure our passports are completely on our person and you Our phones are secured and that when we're kind of going into travel mode. And so always in my mind was that I wanted to create a capability that if I absolutely lost everything, I could go to a computer in a police station or a public library. And if I had memorized like an access key or had written down like a recovery phrase or maybe have like an NFC tag that was kind of sewn in the seam of my shirt tail, I could recover.

And so the idea I was really working on was, I think it's called the Kershaw principle, where I wanted to create an architecture where everything relied on the security of that private key and everything else was like superfluous to the security. As with Bitcoin. Yeah, yeah. Well, that's a key thing is like Bitcoin always described its big innovation. One of its key innovations was that it completely inverted the security model that everybody self-generates their own key and like the ledger is totally public. There is no issuer. Yeah. Yeah, or the issuer is part of the consensus algorithm and that. But it's like this publicly available register that's replicated. And if you have access to that, you can find out your balance in that. And then you have all these other cryptographic techniques.

So I went, well. It's self-sovereign. Please continue. Yeah. So I'm saying, well, let's start applying that sort of philosophy to, with some newer protocols like Noster and Cashew and that. So just imagine if you could actually, yeah, you could have it on your phone, like the application that I've built, like I have a web-based application. But it actually works with, I've got it working with GetAlbi as well in that. So the idea is, imagine if I could have a wallet capability that transcends my phone platform. Like the thing that I'm seeing now is, whether it's by design or just by convenience, is that, you know, Google and Apple are going heavy into the digital wallet. So they'll basically take that market over. Like, why are you going to have an extra app when you can just have it in your Google wallet, your Apple wallet?

And governments are perfectly fine because they can lean on them for the app store. You know, the platforms, I don't care what you say, they're compromised. They've got distribution in UX. That's my contention. That's what I assert is the best distribution in UX wins. Yeah. And the citizens are just going to go, yeah, whatever. And that's that. So the thing is, is that, you know, I'm trying to figure out what a new architecture would be where I've kind of separated. You have the key, the private key and a corresponding public key. You have the code, which is open source and it's out there. And if you do it right, you don't put your keys in your code. And then the other piece is the data. and you know my first iteration I was using like a like a Postgres database to store the wallet data and the cash you tokens and that but it really bothered me because like you know it's like authority leans on me I'd have to give all that stuff up and then looking at the Nostra protocol

like NIP-01 specifically, I realized like Fiat Jeff actually sort of unintentionally solved some like really gnarly problems that had been around for like decades. And the two problems that he solved was, number one, every record has its own ID, you know by virtue of like you basically do a hash of the public key that's going to sign it and the data and that so every record has its own like identity in the existence of the universe and then and then he kind of solved the whole semantic issue with the event kinds meaning I can carve out my semantic space and define it however I want. And he solved two issues with one fell swoop, a philosophical issue. So what does that do? So all of a sudden, I have an independence from a database.

So, and the relays, all the relays do is they just accept events and that. And I've already like experimented with where I was having a denial of service attack on one of my servers. So I just basically replicated all the data on the back channel with, I think it's with Stirfry. They have like a protocol that replicates the data. And then I pointed my app to the new relays and everything just kept on working. So if I play that back, Tim, again, for those who may not be so technically inclined, you've identified identity, authentication, I'll gloss over some details, as one key primitive or pillar. The application of the code is a second and the actual data or records is a third. And so you have methodically been going through the process of abstracting those away from something brittle, rigid, centralized. And so what we have is self-sovereign identity or auth or recovery.

We have resilient data storage, again, decentralized, and we have open source code. Is that a fair sort of replay? Yeah, and even like one step further, when I was looking at the Cashew protocol and understanding how blind signatures work and how the redemption, I realized and kind of looking at it through the lens of promise theory, you have this idea of what I call bound promises, like signed events versus bearer promises. and bound promises are associated with an identity, which can be self-generated or whatever. But bearer promises are basically saying, hey, this is good to be redeemed and there's no identity associated with that. And then I realized, oh my goodness, that's basically, those are the primitives that we need. The bound promises to say, hey, I committed to this and you can look me up and blah, blah, blah. You can challenge me or you can ignore my authority or on a mile, but the bearer promises actually allow value to transfer.

So that was the key thing I left out. So thank you for that. Yeah, well, I only figured that out a few weeks ago. So, yeah. I mean, for those of us that are on a Bitcoin standard, as it were, it's always back there, right? But it's good to clarify and point it out. Well, and again, let's further sort of, let's paint this picture in recess. Is that the right term? I forget. Not counter to, but against the backdrop of, say, the Pan-Canadian Trust Framework. And so to compare and contrast, it tries or tried, you can tell me, to create interoperability between government identity systems where Safebox creates interoperability without requiring central authority. And so what's the technical breakthrough that makes that possible? How does crypto cryptography, to be clear, replace institutions here? Yeah. So, like, I've kind of bucketed into two major, like, thrusts, if you will.

One is, like, the shorter term stuff. And then there's the longer term stuff. So, excuse me, please. Okay. So, like, the world is well on the path of apps and wallets and phones. There's incremental improvements. So you can have your driver's license on your phone. You can have your credit card on your phone. You can sign into applications with your phone and that. And it's going to improve government services. Excellent. Great. So it's going to make services less crappy. a little bit better, and that's great. But there's really no fundamental change in the status quo. So just say, okay, incremental improvements, good. Just celebrate the improvements. And that's kind of the mainstream stuff that I've been involved with. It's like, okay, we're going to get these new apps, new capabilities.

You know, no one's going to fall from their perch. Apple are going to be there. governments are pretty happy with what's going on. And so, you know, without getting too much detail, like I'm involved with like a very detailed technical specification and that's the reality. It is, it's like, you know, there's going to be improvements. That's great. Works fine for, you know, works, works, oh, just hang on. Works fine for, works fine for like institutions that you trust in that. Like, despite what's going on, we do trust Canadian institutions, you know, you trust American institutions, you trust European institutions, but there's going to be a time where you're going to need some capabilities that work despite governments, despite banks. Right, yes. You need to have systems that work between friends and enemies.

Yes. A great example is domain name system. Like it's – people say it's centralized. People say it's decentralized. No, it's really delegated. And I've done some work in that space as well. And like to the U.S., to its credit, really kind of nurtured the governance on that for the last three years into ICANN and IANA and that. And you've got a system that, like, if you need to resolve a name from Russia or China, you can do it. They're not your friends or anything like that, but it works. And everybody, when they rotate those certificates, they basically have the guns, everybody's guns to each other's. Right. Done. There's a handshake and there's, pardon me, weaponry. Yeah. And so if we zoom that out, like what's – help us understand and appreciate, you know, not necessarily in the deepest of details, but cryptography fundamentally helps us replace, displace, reduce reliance on institutions in what ways?

Yeah. So, like, you're now – you can rely on axioms as opposed to rules. That can change at a moment's notice. And not so much an issue in our society, but, hey, it happened in Canada when all of a sudden with the trucker protests, people were building money. And all of a sudden, boom, people got shut out of their accounts, bank accounts. So it's like then you realize how fragile your capabilities are. And we also have situations, too, where the banks are saying, oh, you know, you did a transaction on a Bitcoin exchange. We're going to debank you. And it's like you've been a client for 30 years. And then, like, people are being debanked and that. So what happens, and that's a great example, and again, not to hyper-politicize everything, but let's look at the trucker protest V2, you know, if it were to happen. What would be different on Safebox?

or rather utilizing SafeBox and its primitives. Okay. So, and again, not to get too technical, but... Yeah, day in the life would be sort of my, I think, would be useful. Yeah. So you can make a private payment with 100% assurance that it can be tracked. And basically what I've built, the level on top of with Cashew, I can send you a payment. I can send you a blind token, blinded tokens, so they're untraceable and or unlinkable is probably the better word to use. And the other thing that I built is not obvious is that I built a secure document transmission layer based on NIP 17, which is secure messaging. So I adapted that protocol to transmit events that look like they're coming from random public keys.

So there's just no way to trace it. And then they're, instead of like permanent— Hide among the crowd. Yeah, they're ephemeral events. So they only listen—they only exist for about 10 minutes or so. So if I send you a payment, you know, we negotiate beforehand. And I'm going to send you a payment. And then you better start listening on this line. And those tokens are going to show up. And you better get them because if you wait too long, they're just not going to be there. So I basically took the Lightning address protocol and added a few more introspection things to say, hey, oh, Lightning address. Well, let's just check to see if it's a safe box address. Oh, it is. Okay. So instead of going through the Lightning network to send it, I'm just going to emit eCash tokens. I'm going to tell the other party to start listening on these relays for these encrypted messages and then listen for 10 minutes. And once they get them, they'll get those eCash tokens.

They just redeem them and add them to their account. And so what I did, like, maybe it's uncool to call it layer three, but now I have a payment layer that, you know, if it's smart enough that it doesn't even touch Lightning if it knows that the other address is Lightning. And I pulled a quote. I think this is a correct quote, which I thought was very to the point. Bitcoin is the asset. Lightning is the network. Cashi was the credit. Yeah, yeah, yeah. So there are elements of trust involved. So at the Bitcoin, the asset layer, you're trusting the consensus that everybody is agreeing to these rules. Lightning is a little bit different. It's like a penalty protocol. If you go into it, you're trusting channel partners to not screw each other. Yes. And it's motivated to maintain that channel.

And then at the cashew layer, you're trusting these mints for doing redemption, like IOUs. So if you don't like amend, you can clear out your IOUs via Lightning and put them somewhere else. And so what we have, if I understand that, again, if we kind of frame it for those who are really, I love the jobs to be done approach, right? I have a job to be done. You know, what is, who, what am I going to hire to do it? And so unstoppable money, unstoppable communication, and maybe this is an awkward way to wedge it in, but a credit system with managed risk. And so, again, if we sort of look at a trucker protest V2 or that, you know, to happen, we've got the ability to exchange value, to exchange messages and to coordinate and conduct commerce without the ability to be tracked or stopped.

Yeah, yeah. And I kind of boil it down to like there's three capabilities. One is private messages like signals got that cover to a degree Yes then there I like the term of unlinkable payments It has less of a baggage as untraceable, so it doesn't tell me money laundering, like a coin is unlinkable. And then the third part, which I'm working on, is what I'm calling verifiable promises. And that's where, a little bit abstract, but your government issued ID is a verifiable promise. And actually, let me ask you, Tim, to start here. I think though abstract, I think it's important. That's the reason I paused you. What is the real world equivalent? Rather, what are we porting to this network and these layers of networks that we otherwise do in the real world? So a great example, I've done a lot of work in like a digital trade documentation, like global shipping companies. They still do

like bills of lading, warehouse receipts and everything is all still done mostly 90% by paper. This is like paper and fax. Yeah, paper and fax. They're starting to move to electronic trade documents and there's some bespoke blockchain services that are kind of doing the job out in the Far East. There's some very successful platforms. But the idea here is like a verifiable promise could be like a, what's called a title document. You hold it, you have the right to the goods. And if you want to transfer it to someone else, they have the right to the goods. It is a bearer instrument, if we will. Bingo, that's it. So really trying to think that through of these, what I call bound promises, that my bound promises, hey, I'm Tim, and as per the government of Canada, this is my name, this is my passport ID, this is how you track me, this is my fingerprints and blah, blah, blah.

And the government can is promising that the person that's in front of you is actually me. That's a bound promise. But a bare promise might be, well, I have like cash in hand. Or it could be I have a title document to pick up that shipping container just right there. Right. So I'm just thinking about that stuff more abstractly. And I've boiled it down to, like, I like to experiment with some fake advertising messages or whatever. Yes. It really boils down to, I want to have control over my funds and records. My funds could be in Canadian dollars, could be Bitcoin or whatever. But I have funds, and I may want to give you some funds to carry out a transaction. But then I have some records. I might have what I call negotiable records, a title document, but I have other non-negotiable or bound promises that say who I am and blah, blah, blah.

I can present that to you. So I feel like now I have a pretty simple theory for Nostra Safebox where I've kind of landed on the characteristics where I want to build a capability that lives in the network on relays. So if your phone gets taken away from you or part of the internet gets shut down, if things are replicated, you can get back up in business again. But then kind of taking those models of like verifiable credentials and say, well, there's a more general model of what I'm calling verifiable promises. It could be your government issued ID. It could be a bill of lading. It could be all e-cash fits in there as well. like a note that's issued that's cash, you know, same thing. So I feel like I have a simple model where I can kind of weave this all together. So like I have the payment stuff working, but that's not going to be the compelling part of the wallet. It's just like a starting point.

But I think where things are going to get really exciting is when I actually can transfer records. And I have that stuff working, Like the big use case that I'm working on is being able to issue a simple NFC card. And I took a hard look at like how Visa and MasterCard do it with the tokenized payment systems token and basically implemented that and realized at first principles, it's actually more secure than what MasterCard and Visa have. Like, yeah, lots of engineering still to be done. No doubt. I feel like with these nouveau primitives, it's like I'm not sending stuff down, insecure stuff through ostensibly secure pipes where they get dumped out of the computer and get encrypted again. I have 100% certainty when I'm sending stuff from point A to point B. Point B is the only one that can actually get the stuff. And that is, I mean, I think that's really powerful. So I think, you know, one, funds and documents, records, forgive me, forgive me, funds and records.

I think that's a great takeaway. And then if we just look at this perhaps through another lens or we zoom out a bit, you have therefore spent 15 years working on government digital identity, right? I mean, that's, yeah, I mean, that's a lot of time. I don't think most people perhaps appreciate that governments have been working on digital ID for that long. What convinced you that permissionless protocols, that's a tongue twister, you know, weren't just interesting experiments but necessary alternatives? Was there a specific moment of realization? Like I'm an amateur historian by – part of my hobby. like another thing I've written a historical fiction book that was published and I like to zero in like points of history in that and and that project aside about four or five years ago I started to look into this book that really intrigued

my imagination was called Medieval Forgery During the Millennium and like I read this book and realized like Half the shit out there is fake to begin with. Like medieval forgeries. Like the thing is, is that the mindset like in the 13th, near the millennium was not about being truthful. It's like, what is the will of God? And so the monks that were like copying these charters that gave rights and that, they weren't saying, what's a truthful copy? It's like, what's the will of God? Well, I think the will of God is that our abbey should have more rights on getting the grapes in the hills there. So we'll add that in. And thereby the means justify the ends. Yeah. Or the ends justify the means, excuse me. Yeah. And then you realize another term that stopped me dead in my tracks was what was called the cult of the original.

What the heck is that? But like up until about like the 12th century or so, there was no idea of attributing like a work of art to like an individual. Like it just that wasn't the case at all. And it wasn't until the Renaissance. Work stood on its own. Yeah, they just kind of, they were there for the glorify God and that was it. Right, right. It's like, yeah, just do your thing. And then just looking at the long lens of history here, like, you know, there's a big discussion of what's fake, what's authentic, what's fake in good faith and that. And I realized, oh, this is pretty, pretty, pretty gray zone. But what was really interesting, this book came out and there was a big discussion saying the original scholarship that was done in the late 1800s, early 20th century was through the lens of centralized bureaucracy. They kind of assumed that all the stuff was done through a centralized administrative process. And it wasn't.

It wasn't at all. And if you read about like how charters get formulated and how they get witnessed and how they get the royal assent, sometimes it would be years before like you get assent from a king that was not even literate, you know. And then there was different systems of wax seals. In the UK, it was more about witnesses having your name on the document. And I went, oh, this is not as simple, simple cut and dry as what people think it would be. And I realized, like, again, from a central agency point of view, sometimes you just kind of write the rules and then you interpret them. And I've been in situations like that where I wrote the policies and then I had to interpret those things. I was like, oh, this is kind of interesting. Unintended consequences. Well, and I think, you know, that's actually – there's an example of that I wanted to touch on if I follow you, Tim, which is that in the vein of, you know, let us be mindful of what we record, declare or otherwise stipulate.

Canada's Conservative Party is actively campaigning against, quote, mandatory digital IDs. Privacy surveys show that 88 percent of Canadians are worried about their data. I take that to be very bullish. So as someone who's worked on these government systems, what do you think the public misunderstands about them and what do they understand correctly? Yeah. So the Conservative Party came out in favor of a voluntary digital ID system. Keyword being voluntary. Platform. And I think maybe what you're talking about was one of the MPs decided to do a YouTube video reacting to what's happening in the UK with. With a website and all. I've seen the I've seen the site to sign up to sign the declaration or the. So this is always a tricky thing is, you know, they say that there's never a temporary government measure and there's never a voluntary government measure.

Right. Yeah. So I think I think that's what's happening is like, you know, I don't want to comment, but. Well, as I say, I think what I'm curious particularly about is let us assume that this, you know, what is the right word? It's a campaign. Let's assume this campaign is informed by a constituency. And let's assume that, you know, as this particular survey, you know, that I'm referencing shows 88 percent of Canadians are worried. Why are they right to and they understand correctly? And what perhaps do they misunderstand? about digital ID and where the UK, among others, appear to be marching? Well, it's just not going to be mandatory in Canada, period. The other thing, too, is that— And how so? How can you make that statement? I am curious. Oh, again, what I said earlier, it's very decentralized.

It's probably, like, different in the UK, there's really only two levels of government. There's federal and basically the town councils. And basically the town councils pretty much exist at the leisure of the federal government. It's not like that in Canada at all. So it's really like where are they going to do that? Like provincial, like health stuff is all provincial. Banking, in many cases, yes, there's federal regulations, but more concerningly what's calling the shots is like what's called the FATF, the Financial Action Task Force. And, you know, a lot of the work there is actually driven by like very authoritarian governments kind of, so there's, you don't want to be on the gray list there or the blacklist or whatever.

So a lot of identification requirements are actually governed by unelected bureaucrats sitting on committees across the ocean. Yeah. And there's also like bodies like the College of Physicians, like the bar associations, et cetera, that's how you relate as well. So there's a lot of like a lot of bodies that do self-regulate and they've either been kind of delegated or what's the fancy word? I forget the word, but they actually were delegated in legislation to take care of that. So you're not going to see an out-and-out sort of legislation coming out that's going to happen. So Canada's original and ongoing diversity, tricky word these days, and sort of complexity in some ways, I guess, of its structure as provinces, as territories, as First Nations, just precludes any sort of top-down authoritarian dictate.

Yeah. And probably what's going to happen is that there's going to be some standards that they will abide by. The discussion that's happening now is mutual recognition. And one thing, like mutually recognizing that a health card being presented in province A to province B will be honored, for example. and then the second part kind of with its own degree of freedom is technical acceptance like okay you've decided that you're going to accept a health card from province a to province b and that's great ministers sign off on that and that's good so but the technical acceptance might be well one province is using this protocol here and this presentation method and we feel good about that, we'll accept it. And it's a much more involved technical discussion, but it's not as momentum as the mutual recognition. So I think if we, at the governance level, we say, yes,

we will accept, like, if you're Canadian and you end up being hospitalized in, like, you're from Alberta, you get hospitalized in Quebec, you don't have to worry at all about expenses or anything like that, eventually it will all go back to the province of Alberta, whatever. But when you show up in the hospital in Quebec, you're just going to be taken care of, period. Okay. And then the fact is, is that, well, whether it's a paper card, a plastic card, or, you know, a card that's on your phone or whatever, like that's a separate discussion entirely. Well, I think what's powerful about that, or, you know, particularly poignant about that if we contrast this scenario in which, you know, setting aside private versus public insurance and all that good stuff, where it is honored versus digital ID and CBDCs, where there is no option to trust. You will use it if you want services, if you wish to exchange value.

And I think that's worth calling out is, and, you know, Godspeed to Canada. I hope this does play out where this is a opt-in standards-driven program for efficiencies and hopefully other sort of positives as opposed to a draconian top-down there is opt-in or there is be left out. Yeah, yeah, it's very, very, very pragmatic with immediate value. And it's the same thing with the whole CBDC discussion. The Bank of Canada had done quite a bit of work. I know that research team there quite well. And kudos to them. They came out with a report about a year ago just saying that Canadians just don't want it. So they basically stood down their research team. Yeah. Just kind of. Fantastic. Kind of realized it's just not going to happen. And now there's discussions around stable coins. They're not necessarily in the center of that discussion.

That's more of a payment rail. Sure. That's going on. In contrast, like the European Central Bank just seems to be like scared of their shadows and are trying to double down on this thing, how great this stuff is going to be. Absolutely. And it's like, you know, you know, in Canada, we just said, yeah, Canadians just don't want it, period. Yeah. Which I think is classically Canadian. It's so great. Well, and let me ask you this then, Tim. We fast forward five years and, you know, that may sound like a little, but on a technology landscape, it can mean a lot. Where are we with regard to government digital ID, Safebox? You know, what does the winning architecture look like? What are you betting on in terms of within Canada and perhaps elsewhere? What does success look like in five years as you see it? Yeah. And again, I always like to look at the long term and I don't think, you know, or push

it out a decade if that's easier. Well, let me roll back 20 years, first of all, when I started getting the authentication. The only online behavior that was relatively crystallized back then was online banking. Like this was before like Facebook, like before social media, people were doing, like going 2004, early 2000s, like people were starting to do online banking. And so we looked at it and said, well, people are trusting the banks to do their financial transactions and the banks have an interest on ensuring that the authentication actually works before they carry out the transactions. Let's try to leverage that. But we didn't want to trust the banks for the identity part. We said that's just too much, just too much. And so the policy framework that we came up with was the authentication piece versus the identity proofing piece. That was not obvious back then. And so we broke those things separate.

So moving to today, what's happened is like in the intervening period, we got these protocols like OAuth and OAuth 2 and started to get adopted and TLS and that. And then boom, we get our lock on our browser. And that ultimately tells us we can trust to a greater degree what we're interacting with. But then you have the digital platforms like the Googles and the Facebooks and that basically locking up the authentication piece, like sign in with Google, sign in, whatever. Once again, distribution and UX. Yeah, yeah, yeah. And so, like, going forward, like, five, ten years, I was just trying to figure out, it's not about better KYC. It's not about whether you're a human or not. Like, this is what I'm really trying to zero in on. It's about preserving my agency and ensuring my agency that if I decide to do something, I'm the one that generated that intention.

And that intention is actually properly communicated to the other counterparty, if you will, without training in LLM, without being futzed by like cryptographically chain. Some sort of man in the middle or machine in the middle. Yeah. Yeah. So the issue, it's not about identity theft. It's about intention theft. And so that's where I'm putting my energy into. And there's some really great projects that are going on, like the first person network saying, you know, we need to prove that you're a human before you can access anything online. And it's like, well, OK, what body part are you going to measure? Right. Is that really what we need to demonstrate? I think it's an excellent point. Yeah. And who's who gets to measure that body part and provide that single dispensation that I'm human? And it's like, I kind of, I get the good intentions here, but I think there's something deeper here that we have.

It's a blunt instrument. Analyze. Yeah, blunt instrument with the wrong model. And so that's why I started to dig into like conscious agency. Like you're hearing terms about agents, but like the stuff I'm seeing about agents is pretty like they haven't figured out. like some of the more foundational pieces that we need. And this is where I seeing like whether it NOSRA that wins out in the end or not it a simple protocol Everything signed It enables me to define a semantic space So if I have a subjective experience and I want to define my own kinds for whatever in relation to my public key, I can do that. And it gives me, I don't have to, I don't need permission for that single credential. And then the Web of Trust stuff is really interesting as well. and as opposed to authorities. And again, this is where the Mark Burgess theory

is really, really useful. Instead of kind of relying on top-down authorities to do stuff, let's work on this idea of promises. And if agents keep their promises, you actually attribute those to more authority. And so it's just like... Graduated trust, graduated agency based on demonstrated outcomes. Yeah, like I come from a tradition of what I call reverse governance, like the cultural background that I grew up with. It's not about top-down authority. It's about me as an individual member delegating authority to like a council and then to a classist and then to a synod. And if you don't like it, then there's a process to change that stuff. To reclaim it. It's not like the Pope has like the divine authority and everybody has to be in charge. I mean, they're in charge and you have to... And that's powerful. I'm sorry to interrupt. I think, you know, I want to draw this out is the technical ability and the, well, the ability to grant degrees of trust and agency to increase or decrease those, to put them forward and to pull them back as composed or rather as compared to it being binary.

I hand over, I outsource, I give over. I think what I hear you say, Tim, is that there is this, you know, it's the beads on the abacus, if you will. I can move them and adjust based on demonstrated outcomes as opposed to empty promises. Yeah, and if rules need to change or doctrinal positions need to be changed, there's a forum where you can actually bring those forward and hash that out. And then if you're an officer, if you will, you've agreed to abide by those things. But as a member, it doesn't mean you have to abide by them. And you might honor them. So all I'm saying is that, you know, the decentralized governance that I'm quite used to, what's also interesting, the governance that I'm used to is actually crosses national borders between Canada and the U.S. So like nation states are not involved there. Right. Right. Absolutely. Tradition. So, you know, I'm just kind of applying kind of like the cultural background that I come from.

It's like I don't have 100% view of what's good or bad. But I can be part of a larger body that is living to some degree to adapt. And I think kind of what we're seeing now, I'm hearing stuff like the web is dead. Well, dead internet theory. The dead internet theory is because you actually haven't figured out what the body is because you're just dealing with something. Fascinating. And is there, can we then project that forward five or 10 years, Tim? I mean, it may be a tough one, but what is, again, I come back to day in the life, you know, so I'm rooting for you. But more importantly, as I know you'll take this, I'm rooting for these protocols and their application. What does a typical Canadian citizen's life look like in 10 years if we're successful here? Yeah. So there would be no technological distinction between your passport. If I need to present a passport via Nostra Safebox, okay, and I need to show a membership to a skating club, the technology is exactly the same.

where the difference might be is that for presenting my passport, the government of Canada has to have an agreement with other governments to say that these are the issuers that need to be honored. And when you verify it, not only are you verifying that nothing's been tampered with, but you actually trust the issuer in that, And there might be a few additional requirements that we need to capture a biometric digest at that time from your wallet, facial recognition, and map that against to what was issued with that passport. And that might be good enough for a passport, but like for a gym membership or a club membership, it's like all we need to know is that the name is yours and the expiry date and that it was issued by the gym club.

And, you know, look up that the gym club signed it. It's legitimate. Or rolling into a pub. It's that you're of age. I don't need to know your name, your birth date, all these things, just that you have this attribute that can be verified. Yeah, and it's hilarious to see the sort of the gaping holes that are out there. For example, I had to go to a medical specialist for something, and it was, thank you very much. And then they sent me a PDF of the report, and then they said, oh, and we faxed it to your doctor. I mean, yeah, yeah, same here. Just boggles the mind, boggles the mind. But those are the, you know, systems that, you know, there's lots of improvements that could be made. And I was looking at that and saying, just imagine where you could say, like, I could send that record to your DostroSafe box, then you have it online. if you lose your phone, you still have the record.

If you want to send that record off to your doctor or whatever, they can actually check to see the public key. They can check the payload and that. And it's just like... Integrity attribution. Yeah, yeah. So I see an infrastructure like the internet, like the genius of what Vint Cerf invented was the idea of this address space that was hierarchical And it was an internet packet that has its own address and self-address and it can figure out where to get in the network and get from point A to point B and then the abstraction of the gateways and that. So it's like – Without explicit coordination. Yeah. Yeah. Why can't we do that with self-signed records? And then without explicit coordination and then when I receive it, I'll decide how I'm going to trust that record. Yes. If it's a passport record, I'll do extra stuff. If it's a doctor's note, maybe I'll do a bit of a different stuff in that. One of the problems I started to put my finger on with the advanced models of what's called the whole issuer-holder-verifier model with decentralized identity is that, well, you're giving the issuer special privilege and you're giving the verifier special privilege.

And me as the holder, I don't really have anything – I'm subject to those issuers and verifiers. And the vendors are saying, yeah, this is great. Like I'll collude with governments. I'll get contracts with them. I'll be the trusted issuer. I'll be the trusted verifier. And I looked at it and said, okay, there's an incremental improvement there. But at what cost? The status quo has not changed at all. Right, right. And what unintended consequences or risks or threats have you injected into these fundamental human-to-human encounters and exchanges? Yeah. And so the idea is that if you and I and maybe someone else want to create a club and create verifiable promises or records or whatever, I don't want anybody to get in between. Right. And what a radical idea that is these days, right? It has been that way and it should be that way and we need to get back there. Yeah. And a lot of society was organized quite well along those lines for centuries, if not millennia.

And again, like my wife and I have traveled a lot. Like we went to India early in the year, kind of learned about the trading routes and like the Jains who managed routes and that. And realized, you know, this is nothing new. And sometimes just say centralization is a bit of an anomaly and kind of look at what happened in the early 20th century with centralized bureaucracies, right? Yes. You know. Well, I think that is – I mean you're drawing an arc, which I think is really interesting. And I believe perhaps ultimately the takeaway here is easy for folks, you know, myself included, to look at centralization and say bad. But I think what you've reminded us of is that a certain degree of it is necessary, if nothing else, than to land on standards and protocols and handshakes and means of agreeing to do things in ways that are productive and constructive within a society. However, centralizing forces tend to – ever greater centralization emerges from them.

And now what we have with Bitcoin, with Nostra, with Cashew, with these protocols is the ability to get back to basics, to get back to facilitating communication, exchange of value, voluntary interactions, but to take these centralizing parties out of the loop, out of the process. Is that – do you think a fair – Yeah, it's always trade-offs. like um trade-offs all the way down yeah like dns i'm perfectly happy with uh uh uh dns some might argue as a as a um as a centralized namespace but hey i have another project where i actually figured out how to expose like any npub looking like an ordinary dns name and like pulling records and it works i've tested it and it works with the existing infrastructure. So it's like namespace, names. Okay. I figured out how to work it in with the

existing protocol. And, you know, so now it's like, I don't have any motivation to set up like an Ethereum namespace or anything like that. I just know how to bolt it in and play by the rules with the data works perfectly fine and i don't need anything more it's some some of the cypher punks might take objection to that but you know for global adoption like i've created a system where i can publish an npub with the kind zero events and then i'm watching it get resolved across the world and turkey and russia when that like two seconds later it's like okay it works like next. Absolutely. And I think that, you know, that's the message that I want to really leave people with for those who may be looking across to the UK or to other places where things are getting quite totalitarian. I think what I hear and certainly, you know, believe to be true is that

the path is clear, if not simple. There will be a tremendous amount of work. There is a tremendous amount of work ahead. But this option, this freedom tech driven, permissionless option and path is very, very real and very possible. Let's wrap up here. What's required at the institutional level, given your perspective within government and the individual level? What's the message to those two audiences you would want to leave us with? Well, think hard about what I call reinstitutionalization. Some of the institutions that you've grown up with and take for granted may no longer be irrelevant. And so it's not a good or bad thing. It's just the fact is, is that now we have some new organizing, ordering forces at play and we just have to figure out how to incorporate that into the society that we are part of.

And I think people do forget that government is not society and society is not government. Like government exists for the day to do things and it's not the be all and end all. There's societies that exist without government, societies that exist with government, societies that exist at the kind of at the behest of government in that. So I just say is that we just have to figure this out. And also, like when you're doing innovation, I think this is a trap that Europe's falling into is that they've kind of gone on this track of, you know, innovation through regulation. And so they're trying to figure everything beforehand. As soon as you regulate something, that means you're enforcing a status quo. You're enforcing like an existing line of thought. And there might be something, some little gem that comes along that realizes, well, we don't need this, like need this anymore. And that's kind of what I'm doing. And, you know, the being part of the sovereign engineering cohort, like one of the ideas is build the future, like build something new and then kind of figure out, figure out what the policy implications are.

And I made it pretty clear that, you know, I'm going to these like in-person events and meeting with the new crop of cypherpunks and kind of I'm seeing the future. And then I'm trying to figure out how to dial some of that back into the present. And it's not like, yeah, this or that or screw the state or that. Yeah. Packaging, palatability. Right. I mean. Yeah. Yeah. So like my main message is that, you know, we have to re-institutionalize and there may be some capabilities like the Internet that exist despite the state and don't make them automatically illegal. And I think that's what the Europeans are doing is that if you don't follow their thousand-page regulations, you immediately get fined. And it's killing innovation. And I'm seeing a lot of innovative spirit that's out there that is kind of just being like under the radar screen. And really what I want to do is cultivate like a safe space.

Like I've been in meetings with some government official to say, I'm an engineer. I'm not a bad guy. Okay. So I'm literally trying to figure out, you know, the gunpowder is not bad. It just blows things up more efficiently. You know, it's like how you weaponize it. That's a policy question. It's not a technology question. And then there might be something comes along. It's like these self-generated keys, the ability to be addresses and encryption and that. And, you know, I'm showing you, you can do payments that just can't be traced. What are you going to do about that? You know, you know, just, and I've had responses saying, well, you're supporting the terrorists or you're, you know, it's like, come on. Such a lazy, such a lazy perspective and mindset. Yeah. I love the gunpowder analogy. I think that's really powerful. And then, Tim, as we wrap it up for the individual. So as I will often say, I aspire to reach those in the bubble.

You know, they may be looking at what is broken. They may be thinking about what and who they cannot trust. What would you encourage or inspire an individual like that to do with regard to learning and sort of technical literacy and hands-on? What are a couple of things that they can do to get started better understanding what you've laid out today? I guess I've got some website stuff, but it's not really consumable yet. But I think even 101, I mean, what do you think is important for someone to begin to feel a little more comfortable with these concepts and technologies? Yeah, I'd say, first of all, like, draw deep within yourself. Really understand that you are an individual. You have subjective experience. And how you interact online is being intermediated by all these platform players. So keep your eye out for this idea of protocols that preserve your agency.

And like read up, there's a two-minute explainer that Jack Dorsey does on Nostra. It's really great to watch that. We can dig up that link and put that in there. I will do that. Absolutely. It's a great example. Understand like the innovation of Bitcoin. It's not just money. It's about inverting the security model. It's enabling you to generate your own keys. And maybe just play around with that stuff and really understand that you don't have to be at the whim of Twitter or Facebook or Google or whatever. And just be mindful of that. Like the other thing too is like LLMs, I think it's going to be a time where you'll be able to have your own local model. So you can query that stuff by yourself without all your data being siphoned off to train something else. Just be mindful of sort of keeping your own agency.

There's another handle on Nostra that I like following. He's called Ghost, and he has stuff about just maintaining your agency. like, and it's always good to read that stuff to say, oh, I don't think I can do that stuff. But at least I'm aware of how I'm being tracked and deal with my phone and that. And just. I think it's got a very practical, pragmatic take on those things. Yeah, just read them and try to practice some of that stuff or be aware. And then, yeah, like my goal with my project, I want to have something what I call pilot ready by mid-2026. I'm really looking to do something like in the health space, like a doctor accepting a payment and issuing a doctor's note or prescription. And not sending a fax. Not sending a fax. That would be revolutionary.

Yeah. Go ahead, please. Yeah, and I say, like, think about what your existence would be without a phone. What alternative devices would you might want to have? And I'm starting to see stuff about personal digital assistants again, like PDAs. Wow, the 90s are back. the 90s are back and just start just start thinking just being more mindful of your existence like you know i'm trying to do like a like a blackout time that after a certain time that's it yes i'm not online anymore or i try i try not to you know i i turn off all the notifications on my phone my wife doesn't like that because she called actually i put it on just for her and she called me um just like turn all that crap off sorry mrs boma yeah yeah and um uh just kind of do mindful be aware yeah i mean man mindfulness that that that can be awareness mindfulness attention uh

we could all use so much more of that but i think these are these are excellent recommendations tim exciting work rooting for you. Can't wait to see what comes of it. I know you've got an announcement coming up, which I will not tease, but I just did. Rather, I will not spoil and I will look forward to it. So thanks again, Tim. I'll check in with you soon and hope to do a follow-up to see how progress is moving along. Superb. Thank you. Have a great day, Tim. Bye-bye. Bye. Thank you.