Was NO2ID a cul-de-sac? Who should be the identity assurers in the internet age? Today it’s code, that code is owned by someone and run by someone. Once we thought banks might run it, they don’t seem interested. The NO2ID campaign polarised the debate. We seem to be in a place that either the state does so on behalf of the public or private companies do so on behalf of their shareholders. Do we need a third way? Co-ops or P2P code?