Identity is among the many subjects addressed by Web3 and blockchain tech, yet it has become one of the industry's most important and relevant topics. As we are witnessing the evolution of the Internet, privacy and full ownership over user data are increasing in significance.
In fact, based on the results of a 2021 Cisco survey, 86% of consumers care about privacy and want more control over their personal information, with 79% willing to spend time and money to protect their data in the digital realm.1
And there's a valid reason for consumers' concerns. In Web 2.0, users are the ones that power social media platforms, yet tech giants like Meta, Google, and Twitter own and sell their personal data for profit. Most importantly, storing consumers' personal information on centralized servers and cloud networks creates a single point of failure, leading to numerous high-profile data breaches in recent years.
According to the Identity Theft Resource Center's study, the total number of data breaches grew 68% from 2020 to 2021, setting a new all-time high.2 Out of all the incidents, 83% involved sensitive personal data. Moreover, IBM's Cost of Data Breach Report 2022 revealed that 45% of breaches occurred in the cloud.3 At the same time, compromised credentials caused 19% of the security incidents as the most common attack vector.
Fortunately, Web3 and blockchain are here to the rescue. In this article, we will explore the following:
- Digital identity and the problems of centralization
- How Web3 identity can tackle these challenges through the blockchain and decentralization
- Potential applications and use-cases of Web3 identities
Let's get started!
Digital Identity and its Kryptonite: Centralization
Simply put, digital or virtual identity refers to the collection of information about an individual, organization, device, or application that exists online. This unique ID can be created from a wide range of data points, such as:
- IP address and location
- User credentials (e.g., username, password)
- Online activity, app usage data, and purchase history
- Financial credentials (e.g., credit card number)
- Personal identifiers, such as one's name and date of birth
- Biometric data (e.g., fingerprint, facial data)
- Physical, government-issued documents
Virtual identity has quickly evolved from a concept to reality due to the last few years' digital transformation, as well as the birth and rising popularity of social networks. As we use Face ID to unlock our phones, upload a resume on LinkedIn to apply for a job, shop online, and create user accounts on several platforms, digital identification has become a major part of our everyday lives.
However, the main caveat with conventional digital identity solutions is that they are centralized. In addition to the security issues and incidents we explored earlier, consumers have limited control over how their information is used online.
While data regulations like the GDPR and CCPA provide some improvements in this field, they only address issues on the surface, not the underlying problem: the custody of service providers over our data. If tech giants – or any other third-party entities – are completely prevented from controlling users' information, there's no need to fine them for millions as they don't have the chance to mishandle their records.
Moreover, while identity fraud accounted for a 5.1% share of all fraudulent activity in 2022, the siloed nature of conventional identification systems makes it risky to access data from a platform from an external web service.4 Furthermore, despite the fact that there are universal login solutions, they are operated by centralized companies. Based on IBM's findings, this is a major issue, as 19% of breaches occurred due to a compromise at a business partner.
As the metaverse is growing steadily and people are becoming more aware of it, a decentralized digital identity solution is becoming more in demand than ever. And Web3 technology may be the final piece we need to create it.
Web3 Identity in a Nutshell
Web3 identity is decentralized, operates on a blockchain, and offers full control to the user over the data he shares with services and how providers can use it. At the same time, it enables others to verify documents, credentials, and other records without relying on third parties or compromising privacy.
In general, Web3 identity has three core components:
- A public, permissionless blockchain where the decentralized identity and all related documents can be stored and audited.
- Globally unique decentralized identifiers (DIDs) can be created by the user without any limitations or reliance on organizations and can be verified via public-key cryptography. DIDs can be as simple as an Ethereum account. They do not include any data that can be used to confirm a person's identity. Yet, they are associated with a specific entity (e.g., a person, company, or government).
- Verifiable credentials (VCs) or attestations are issued by government bodies, financial institutions, web service providers, and other entities. They represent the tamper-proof and secure versions of physical and digital credentials. Attestations are tied to DIDs and are used to prove one's claim or qualifications (e.g., he has the necessary work experience or graduated from university). Most importantly, VCs can be independently audited by others without sacrificing holders' security or privacy.
Binding Your Web3 Identity to 'Your Soul'
The real-world applications of Web3 identity are limitless. And we already have a framework for that in the form of soulbound tokens (SBTs), a concept coined by Ethereum's Vitalik Buterin, economist E. Glen Weyl, and lawyer Puja Ohlhaver in May 2022.5
In short, SBTs represent a user's digital identity in the form of tokens that are unique, permanently bound to a wallet or account, can't be transferred, and have no financial value. The concept of soulbound tokens follows the same architecture as we have already explored above:
- They operate on a blockchain.
- They use one or multiple wallets called Souls as DIDs, which users can freely create and are permanently tied to SBTs. Both the wallets that hold and issue soulbound tokens are called Souls.
- SBTs are attestations or verifiable credentials issued by issuer Souls (institutions) to recipient Souls (users). Since they are unique and non-fungible, soulbound tokens are, in fact, NFTs with the major difference that they are non-transferable, tied permanently to a Soul, and have no financial value other than for its holder itself.
Users can create as many Souls as they like and even for different purposes. For example, you can have one for employment, one for healthcare, and another for borrowing. Regarding the latter, here is an example use-case of soulbound tokens:
- You are looking to borrow funds, but an overcollateralized loan doesn't work for you, as you need more capital than the digital assets you can use as collateral. For that reason, you create a Soul and connect it to a decentralized lending dApp to prove that you are credit-worthy.
- The lending platform's algorithm uses public blockchain data to analyze your borrowing history and provide you a credit score in the form of an SBT, which can be updated in real-time based on your future activity.
- The dApp uses your SBT to determine whether you are eligible for the loan and issues the borrowed funds to your wallet upon a successful process.
As you can see, the whole process is decentralized, transparent, and trustless. You don't have to rely on anyone (or anyone's goodwill) or reveal your identity throughout the process.
And the best? The use-cases of SBTs and Web3 identity don't stop at lending and borrowing, as they can also be utilized to:
- Vote in DAOs based on one's activity and community interactions instead of token holdings
- Log into all your online accounts by simply connecting a single DID to the platforms without verifying your identity or submitting documents manually each time
- From the perspective of service providers, Web3 identity can be leveraged to crack down on fake profiles and bot manipulation, as well as protect against Sybil attacks
- Employers can instantly verify the credentials, work history, and education of job applications
- Blockchain networks' low cost of maintenance and Web3 identity's safeguards against fake profiles and manipulations could also make the latter viable for referendums and elections
- Digital identity that can represent users' metaverse citizenship, which could also be utilized to carry one's reputation from the Web3 space in general to games and virtual worlds
- A new, improved version of airdrops called souldrops allowing Web3 projects to reward those who have attended specific events, performed different actions, and have the SBTs that prove their completion
- Web3 identity can also help minimize the impact of fraudsters impersonating famous people or reputable projects
Powering the Evolution of the Internet
Identity is a crucial part of our lives in both the real and digital realms. Without one, we can't access public services, financial solutions, and applications that help us maintain our preferred lifestyles.
However, conventional ways of identification have too many caveats and vulnerabilities for bad actors to exploit. Instead of fixing problems on the surface, it's crucial to address the underlying issues of centralization, lack of user control and privacy, as well as the need for trust to identify ourselves.
Fortunately, we can tackle these challenges by leveraging blockchain and Web3 tech to create more efficient identity solutions than the ones we currently use.
With a decentralized architecture, a trustless process, as well as transparent and cryptographically-secure verification, Web3 identity empowers users to exercise complete control over their data. Eventually, it will form the foundation of an evolved, more democratic, and user-centric internet.