TTL 64
Today there are 8.3 billion people on the planet. 6.1 billion are online. Registered domains sit at 392 million — and even with a generous estimate of how many people own more than one, that’s around 3.5% market penetration. Forty years of growth, and we’re at 3.5%.
Walk into any other industry and announce that number. They’ll ask when you’re shutting down.
To understand how we got here, you have to trace three battles. We lost two. The third is happening right now, and I’m encouraging you to fight.
I started building websites in 1994. Those were glorious years: you typed a word, Netscape added .com at the end, and you got there. People learned fast. Web addresses started appearing on business cards, on the sides of vans, on shop windows. Something was beginning.
Then I found myself in Paris in the early 2000s, walking with my newborn daughter. I saw a small van parked in the street. On its side, instead of a web address:
“Tapez peintre en bâtiment dans Google, puis cliquez sur le premier lien.”
Type “building painter” into Google, then click the first link.
I burst out laughing. What idiots, I thought. Don’t they realize that if a competitor takes the top spot tomorrow, they’re advertising for them?
I should have been crying, not laughing. That van was proof that domains had already lost the web. People had stopped typing addresses. They went to Google, typed words, clicked. The .com era was over — killed by companies with every interest in making sure you never arrived anywhere directly, but always went through them first.
The second round was email. And here, domains could have won.
I’ve had the same email address since 1997. In those years I changed platforms, providers, and servers maybe twelve times — at one point I had mail servers in my living room. Nobody who wrote to me ever had to know. The address survives everything that changes behind it. That’s the quiet power of owning a domain.
And yet today roughly half of all email opens happen on iCloud or Gmail — and the real concentration is even higher than the official numbers suggest.
Email looks like an open standard, but, in practice, Google and Apple decide who receives your messages. Period. Both will let you use a custom domain, but they have no strong interest in you doing so. They want you on their domain. That’s how it spreads.
We lost the web. Then we lost email.
Now the third round is starting, and it’s different from the first two.
AI agents are about to be everywhere. As I wrote in my last post, billions of people will have hundreds, maybe thousands of agents over their lifetime — some persistent, some ephemeral, spun up for a trip and discarded after. These agents will send emails, book tables, negotiate calendars, transact on our behalf.
With websites, the identity problem was manageable: there aren’t that many, and when money is involved, you pay attention. With email, once I give you my address, you know it’s me — a human being behind a keyboard. But if 6.1 billion people unleash agents onto the internet and we have no way to identify them, “complicated” is a very weak word for what follows.
When one of my agents emails you on my behalf, you need to verify two things: that it’s my agent and not someone else’s, and that it’s an agent and not me directly — in case it says something out of bounds. I’d love to tell Totoro: go find my friend’s agent, find two slots where we’re both free in Sevilla and two restaurants we’d both like, then report back and we’ll choose. Today, my agent has no way to locate his.
Where does this identity layer live? Do we all want a profile that reads openai.com/yourname? Should we all be named Claude tomorrow?
There are proposals. The Web3 and blockchain world has been promoting decentralized identity for years, and the technology genuinely works. But I have two reservations.
The first: it still has to be proven at scale. It remains a niche market.
The second is the one I feel most strongly about: total decentralization is a dangerous thing, and regular people don’t actually want it. It sounds beautiful in theory. In practice, it’s how people lose access to a Bitcoin wallet because they can’t find their passphrase. It’s how people get kidnapped because someone knows they hold crypto. It’s putting your money under the mattress and hoping nobody ever comes looking. And we’re only talking about money — identity is worse. If I lose my passport, it’s annoying, but I can go to the Italian embassy and prove who I am. If I lose access to a wallet that is my identity, there is no embassy.
The DNS offers exactly the same set of features blockchain has been promoting — minus the total decentralization. I think that’s an advantage, not a flaw. The system is over forty years old, scalable, secure, and fully capable of filling this role. Some adjustments would be needed: a domain that proves your identity should never expire, because your identity doesn’t. But the foundation is already there.
Putting a domain in the hands of every human being has been this industry’s dream since it began. For twenty-five years, there was no reason compelling enough for ordinary people to care. AI agents finally give us that reason. Everyone will need a way to identify the tools acting on their behalf — at least one domain, with subdomains for their agents, sometimes multiple domains to separate contexts.
Someone will own this layer. There is no question about that. The only question is who.
A handful of platforms, so we swap the names and logos but the reality stays the same? Or the people who have been building and operating this infrastructure for decades?
We lost the web. We lost email.
We cannot afford to lose identity.

If someone forwarded this to you, you can subscribe.
I also publish on paolo.blog and monochrome.blog.


Leave a Reply