Identity Constellations
Why Web4 identity gets stronger with more devices, not weaker
🔐The Traditional Model (Passwords & Accounts)
Problem: Your identity is a username + password stored on someone else's server.
- Each device that logs in is another place your credentials can be stolen
- More devices = more attack surface
- If any one device is compromised, your whole identity is at risk
- The server can be hacked, leaking millions of accounts at once
✨The Web4 Model (Identity Constellations)
Solution: Your identity is rooted in hardware chips in devices YOU control.
- Each device has a cryptographic key that never leaves its secure chip (Secure Enclave, TPM, FIDO2 key)
- Devices “witness” each other - they sign statements saying “I've seen this identity”
- More devices witnessing = harder to fake
- An attacker would need to compromise MULTIPLE independent hardware chips
- No central server to hack
Interactive: See Identity Strength Grow
Solid lines = device attests to root LCT
Dotted lines = devices witness each other
Identity Trust
Higher trust = more confidence this identity is genuine
Attack Difficulty
An attacker must compromise 2 independent hardware chips
Two devices = must hack phone AND laptop
How It Works: The Enrollment Ceremony
First Device (Genesis)
You create your identity on your first device (usually your phone). A cryptographic key is generated inside the Secure Enclave chip - it never leaves the device. This becomes your Root LCT.
Add Second Device
Want to add your laptop? You scan a QR code from your phone to your laptop. Your phone signs a “witness statement” saying “this laptop belongs to the same identity.” The laptop generates its own key in its TPM chip.
Cross-Device Witnessing
Your devices periodically “see” each other. When you use your phone and laptop at the same time, they create mutual witness records. This makes your identity more trustworthy over time.
Recovery Quorum
If you lose your phone, you can recover your identity using your other devices. You need a “quorum” (e.g., 2 out of 3 devices) to prove you're still you. No central authority needed.
Why This Matters
No Password Leaks
Your identity isn't stored on a server that can be hacked. It's rooted in hardware you control.
Targeted Attacks Get Harder
To impersonate you, an attacker would need to physically steal and compromise multiple independent devices. Not impossible, but exponentially harder than guessing a password.
Works Across Web4
Your constellation identity works everywhere in Web4 - no separate accounts, no passwords to remember, no “Sign in with Google/Facebook.”
Trust Through Witnesses
The more devices witnessing your identity, the higher your trust score. Web4 societies can see: “This identity has been witnessed by 5 independent hardware anchors over 2 years.”
Traditional vs Web4 Identity
| Aspect | Traditional (Passwords) | Web4 (Constellations) |
|---|---|---|
| Where stored | Company servers | Hardware chips you control |
| Attack surface | One server leak = millions compromised | Must target each individual |
| More devices | = More risk | = Stronger identity |
| Recovery | “Forgot password” email | Device quorum (2 of 3) |
| Privacy | Company knows your activity | No central tracking |
For the Technically Curious: How the Cryptography Works+
Secure Enclaves (iPhone/Android): These are separate processors inside your phone that handle cryptography. Keys are generated inside and never leave. Even the main processor can't read them.
TPM Chips (Laptops): Trusted Platform Module chips provide hardware-based key storage. The key is bound to the specific hardware configuration.
FIDO2 Keys: Physical security keys (like YubiKey) that generate and store keys internally. They require physical touch to sign, making remote attacks impossible.
Attestation: Each device proves its key came from genuine hardware. Apple/Google/TPM manufacturers sign certificates saying “this key was generated in real hardware.”
Cross-Device Witnessing: When two of your devices are used together, they create signed statements like: “Device A witnessed Device B at timestamp T, both claiming identity I.” This creates a verifiable history.
Ready to Explore Web4?
Identity constellations are just one piece of trust-native architecture.