“Wait that’s the guy again - stop him!”, a store employee shouts as you, like most days on your way home from work, attempt to discreetly enter the supermarket to sample a decent amount of free cheese. “This guy comes every day to eat free stuff but never buys anything. He’s not allowed here.”
Now, a supermarket might not actively identify its customers, but the employees cannot help but recognize some customers every now and then - as people sometimes do. So in fact the store uses an identification system whether they want to or not: a pseudonymous, automatic, short-term identification system known as “recognizing that guy”, which sometimes happens to prevent the exploitation of free samples. The system is pseudonymous and automatic because the store employees do not collect any personal details about their customers. It is short-term because employees eventually forget most customers, particularly those who don’t show up every day for free cheese.
When there is nothing else, this is what non-digital society defaults to. But that changes as soon as things move to the internet. There it is easy to waltz back into the store under a new identity and grab anything of value for as long as possible at no cost. The hurdles built into the digital world are much more easily tampered with and the lack of any kind of identity is an important reason why. How is anyone supposed to run a store if those who misbehave return moments later under new identities after they have been kicked out? Complete anonymity causes issues not only for those who give free samples but for anyone who counts on genuine user behavior to make a product useful, which is much of the web.
Thus websites raise login walls, causing a headache for users who must go through yet another login flow and manage yet another set of login details - as if the store would give free samples but only to customers who fill out a form with personal information. A better system has only an unnoticeable exchange of pseudonymous information that doesn’t bother the user for personal details. Like in the non-digital world, customers are welcome to visit the store and have free samples - no questions asked - but those who misbehave can be kicked out, which the store can enforce if the customers try to return.
Social logins - login through one of the social networks - have some potential to get to the point of seamless, under-the-hood pseudonymous identity transfer. Since a site simply plugs in a third-party identification, the user and website both have fewer problems. Social login could be even smoother by exchanging just enough pseudonymous information to ensure sites that they are dealing with a genuine user without bothering the user. But this convenience comes with a dependency since the store relies on someone else’s identity data.
A similar identity system can instead be built openly, without having to rely on a third party. It can be done with public-key cryptography: users who claim they control a private key prove it by signing a message that anyone can verify to be correct with the corresponding public key. Identity rotation, however, becomes trivial since it costs nothing to generate a new identity, which makes the system practically useless for mandatory pseudonymity. When the system is open there must be some cost or work to generate a new identity - preferably unnoticed by the user but sufficient to prevent identity rotation.
A distributed ledger can be useful to solve this problem. Out of all the possible public/private keypairs, only a few have value according to the ledger. If the ledger is sufficiently distributed and decentralized it is different to a social login system because no third party controls it. While it is trivial to generate any identity - you just generate a new key pair - the addresses that own something according to the ledger are scarce. Getting one comes with a cost.
Someone who gives out free samples on the internet, such as free articles, can choose only to do so to those who control one of those addresses. You need to provide a new such address if you want a free sample. The test can be improved by analyzing the transaction data that led to the current holdings of an address. You could check, for instance, if the address has held a certain amount of value for a certain amount of time. In practice, as you visit websites, you identify yourself pseudonymously by signing a message, with some degree of automation to make the process convenient, that proves that you control a public key (known within the Ethereum ecosystem and similar blockchains as wallet login) that owns some currency. Thus you don’t have to log in, in the traditional sense, to like or upvote an article. But if a user misbehaves, the website blacklists the public key. The user can generate a new one, which is free, and get it to have value according to the ledger, but again, that has a cost.
A common objection to using open systems of this kind compared to centralized ones like social logins is that the centralization that it removes was actually a feature rather than a bug: users and companies entrust an intermediary with power, the argument goes, mostly because they want to, not because they must. Malevolent users might figure out a way to game the system, making human intervention necessary until a long-term fix is implemented. We might not need to or want to know the methods of those in control - some degree of opacity will likely make the system harder to exploit - we just trust them to do their job. Although there is truth to this argument, it is a mistake to insist that the one who makes these judgment decisions must also alone control the entire system.
Consider how conflict is resolved via a legal system. There is a judge, but judges are not free to make up laws as they go. Incorrect verdicts can be overruled. It is common in business contracts for the parties to agree on the legal jurisdiction in which conflicts should be resolved, so the parties have some say-so in how third-party judgment should be applied if necessary. A judge provides judgment, yes, but that does not mean that the judge can force any outcome even if it clearly is wrong. Moreover, the involved parties have some control over the process of applying judgment to resolve future conflicts.
Digital transactions or interactions are commonly thought of as being between two parties through a system owned by a third party - the third party also being in control and resolving conflicts. But transactions might just as well be between three parties on a system that nobody solely owns. The third party is chosen by the transacting parties to provide judgment when necessary. Two out of three parties can trigger certain actions to settle conflicts. There is room to provide judgment, but it is done by a party in the system who needs not fully control it.
In the case of identity, like pseudonymously logging in with an address to get a free sample, the process must be highly automated. A third party provides judgment-as-a-service - it (algorithmically) gives verdicts on whether the user behind an address is genuine. They could keep their methods open or secret depending on what they believe the market wants. Their customers are free to switch to another judge without abandoning their current identity database. A third party provides judgment, but there is no third party who can revoke anyone’s access to the system. Importantly, the website decides which judgment provider they wish to use. The result is a system similar to social logins but with healthier power dynamics.