The empty slot, in one table.
Every consumer identity provider in the market today is paid by someone other than the user — by advertisers, by license fees, by token velocity. None of them split the fee back to the user, because none of them were designed to. Here is the row-by-row comparison your privacy reviewer can falsify on their own infrastructure.
| property | sign in with google | sign in with apple | auth0 / clerk / workos | world id | me.ochk.io |
|---|---|---|---|---|---|
pays the user | no | no | no | token grant — not sats | yes — bitcoin |
billable atom a signin within an open session is free. sites pay for sessions and actions, never for clicks. | page-view advertising | apple developer account | monthly active user | verification + token | session + action — not click |
cross-site behavior graph | yes | partial | yes (per tenant) | no | no — sites verify locally |
sybil resistance built in | no | no | add-on (paid) | biometric | attest tier — bonded by bitcoin stake |
works without provider being online | no | no | no | no | yes — offline-verifiable envelopes |
self-custody graduation path | — | — | — | — | first-class · /me/graduate |
unit of account | usd | usd | usd / eur | WLD token | sats — usd parity rail |
open spec verifier teams can run | no | no | no | partial | yes — full |
startup cost for an integrating site | free + ad lock-in | $99/yr apple developer | $240/mo + 7,000 MAU | free + token velocity | pay-per-event, no minimum |
crypto knowledge required of user a first-time user picks OC alongside google/apple, federation guardians provision a custodied wallet behind the scenes, no seed phrase shown. sat-earning starts immediately. they can ignore /me forever, or graduate to self-custody when they want. | none | none | none | install + scan iris | none — federation custody by default |
why the billable atom matters
The billable atom is the unit of value the integrating site is paying for. Per-signin is wrong: a bot pressing the signin button 10,000 times an hour would bill the site 10,000 times. A session — a meaningful authenticated window — is right: the same bot creates one session, bills the site once, earns the user one session payout. The model self-protects because the billable unit aligns with what the site actually values.
Class B events go further. Payment authorization is billed as a percentage of the underlying payment, so a user who routes ten thousand fake $0 payments through OC creates ten thousand envelopes that bill the site zero sats. Attest verifications, stamp signatures, and pledge resolutions each carry their own natural cost or rate limit. The protocol layer prices sybil farming out of profitability before it reaches your fraud rules.
For full mechanics, see /integrate (the integrator surface) and /pricing (the site-pays / user-earns split). For the published rate limits, see /security.
why now
Three concurrent shifts made me.ochk.io possible. Lightning rails are liquid enough to carry consumer cashback in real time. Federation custody (Fedimint and equivalents) is mature enough to make the no-self-custody- on-day-one onboarding bridge defensible. And the consumer privacy backlash against Big Tech identity is loud enough that "we don't maintain a cross-site graph of you" is a feature people will actually choose for, not a footnote.
We are not the first team to think about Bitcoin-anchored identity. We are the first team to ship it as a consumer product that pays users on the integrating site's dime, with a charter that ratifies no token, no custody, no protocol fork — a posture every prior attempt eventually compromised under fundraising pressure.