Do we really know who we are online? This question has new answers now that technology is opening up alternative solutions with the development of Web3 and blockchain. Let’s delve into what it is and how digital identity is changing.
What is digital identity and why it matters
People often think of digital identity as their username on social networking sites or their email address. Actually, the concept is much more sofisticated: today, many companies are able to track your preferences (the infamous cookies), your behaviour online and offline; in short, they’re able to recreate your profile and personality, sometimes with remarkable accuracy. It is not certain, however, that your different online presences reflect your true identity, i.e. that certain behaviours are interpreted correctly by the algorithms.
To explain what digital identity is, we also have to address the issue of privacy: legislation in many countries is tightening the limits on the information that organisations can collect on their users. This can penalise the honest marketing strategies of companies, thus excluding improper (and illegal) uses of sensitive data, but is at the same time a problem for their security and that of their customers.
Indeed, limiting the collection of identification data is not really a benefit for the consumer, but an obstacle in the fight against crime. Identity verification procedures such as KYC, for instance, are crucial in combating money laundering and fraudulent activities. However, it is always necessary to ensure that the data collected is carefully guarded and used for the sole purpose of protecting the user.
The development of protective solutions for digital identity, while respecting data sensitivity, is therefore of vital importance, not least for the efficiency it brings. Indeed, at the administrative and governmental level, national digital identity systems can make bureaucracy lighter and more user-friendly.
Let’s look at the bigger picture, though: according to the latest data from the World Bank, some 850 million people do not even have a document or proof of identity. There are various reasons for this and they are mostly related to poverty and marginalisation, but it is clear what technology can do to solve this gap: facilitate accessibility by developing more flexible digital identity solutions.
The problems of digital identity in Web 2.0
Since the advent of Web 2.0 (the phase of the internet that began around 2005), forums, blogs and social media have given everyone a voice. Any user can create and interact with content online, thus building a digital identity.
Usually, however, you have several identities on the Internet, one for each platform, and these are not interoperable: if you want to change your display name or profile picture, for instance, you have to do it ‘manually’ on each individual account.
Moreover, although we have created all these versions of our ‘digital selves’, we are not the real owners. The personal data associated with our account and the content we generate are owned by the platforms we use, often centrally controlled by a company of the ‘Big 5’: Alphabet (Google), Amazon, Apple, Meta (Facebook) or Microsoft. These can arbitrarily censor our activity or render old content unrecoverable, because it is privately administered according to their algorithms.
Centralisation, however, is not the only alternative: more and more projects are building solutions to give people back complete sovereignty over their identity, making even the various ‘digital selves’ interoperable.
Having data sovereignty means that you, and only you, have the right to decide who or what can access your data, what data you want to share with certain apps and how it is used. Think about your Instagram account. Finding out what data is collected, for what purpose and how to opt out of sharing certain data is like trying to find your way out of a maze. It should be simpler than that.
When, on the other hand, you know what a digital identity is and you own it, you can manage it as you like and use it everywhere; this means that your data is truly your property and interoperable. Imagine being able to use the same name on any marketplace, game, application.
In Web 2.0 it is difficult, if not impossible, to move data from one app to another, because the Big Techs have created closed ecosystems. For example, we can publish the same content on all Meta services (Instagram, Facebook, Whatsapp), or use the same account for all Amazon services, but using the same credentials on both is not possible. The two are in competition, so they do not create ‘bridges’ for sharing information.
Why blockchain is the solution
Blockchain offers the perfect technology to solve the problems we have been discussing since the beginning of this article. These are the key tools for understanding what digital identity is in this innovative context:
- Public key cryptography
- Immutability and verifiability
- Composability and programmability
The first obstacle we identified is related to the impossible trade-off between privacy and identity verification. On the other hand, public key cryptography, on which the blockchain is based, makes it possible to encrypt sensitive data (so as to protect it) and at the same time verify transactions and identity. In fact, the blockchain is always pseudonymous: your public identity is your wallet address or the NFT Domain associated with it. Your sensitive data is therefore safe, but it is still possible to verify your identity and the legitimacy of transactions. Developing solutions from this principle may be the answer to the dilemma.
The decentralisation and distribution of the network also allows the blockchain to provide a global, uncensurable system that cannot be easily attacked or destroyed, precisely because it is not based on a central server. This facilitates location-independent accessibility and renders ineffective the limitations that governments and other authorities may attempt to enforce.
The immutability of the data written on blockchain, again thanks to cryptography, also allows it to be trusted and cannot be changed by anyone. A necessary property for the security of your identity and rights.
Linked to this is the possibility of verifying information independently. Blockchains are generally transparent databases, which can be consulted by everyone. This is the case for permissionless, i.e. public systems, but there are also ‘exclusive’ networks, i.e. reserved for a certain type of user (permissioned). In this case, only those who have access can view transactions and data, whereas for public blockchains, everyone can verify the transactions that have taken place. In general, the latter are transitions of information, not just of value as with cryptocurrencies.
Finally, blockchain answers the problem of digital identity interoperability. Its composability is the property that allows codes, software, or applications to be combined with each other to build new solutions and quickly bring innovation. In fact, the algorithms and protocols that manage the functioning of crypto (smart contracts), are called ‘money legos’.
This distinguishes blockchain applications from centralised Web3 applications because they are mostly open-source: any developer can learn a programming language and access the code of existing projects on the market to create better ones, or assemble them like bricks to build something new.
Web3 solutions for digital identity
Web3 is the realisation of all the potential of blockchain, described in the previous paragraph, to create a completely new form of the internet. Let’s dive into what digital identity is in Web3 by looking at the first solutions it has generated and keeping in mind the issues of sovereignty and interoperability.
First of all, in Web3 there are no companies asking for data in exchange for services, but developers creating services for users who pay to use them on blockchain, without ceding control of their data. This means having control over your own money and identity.
However, blockchain was not born interoperable in 2009, but this is a quality that is gradually being achieved by creating cross-chain and multichain infrastructures for all applications.
A first Web3 solution, which makes digital identity interoperable, is that offered by NFT domain registrars such as Unstoppable Domains, ENS and Freename. By associating a single Web3 domain with your wallet, you can manage your identity and crypto on different applications. The first single-sign-on (SSO) service, in particular, was developed by Unstoppable Domains on Ethereum: through your NFT domain you can access more and more Dapps with the same credentials.
There are several other types of blockchain projects in the field of identity. Some start from the concept of decentralised social networks (DeSoc) and focus on social identity, others are simple aggregators of rewards and badges, and still others aim to decentralise identity altogether.
Thus was born Lens for instance, the decentralised social network with NFT handles, or Galxe ID, which offers unique credentials to which all rewards and badges obtained in many Dapps can be attributed.
The challenge again remains to maintain decentralisation of power, usability and interoperability, in a sort of trilemma of scalability 2.0.
On the other hand, as far as solutions at a higher level are concerned, the discussion centres around Decentralised Identifiers (DIDs) in the Ethereum ecosystem. DIDs are personal identifiers that replace social security numbers or biographical data on the blockchain. A common example is the wallet address, but DIDs can come in different forms and take advantage of public key cryptography and decentralised data storage.
For this type of solution, even more complex issues of usability and interoperability come into play, as the needs of each identity in each context must be respected.
Let’s take an example to better grasp the concept: if you wanted to share some details of your identity in one app, and instead hide them in another, could you create several digital ‘faces’ of the same identity?
A first step in this direction is Polygon ID, which through its notorious Zero-Knowledge Proof protocol manages to verify an identity while maintaining its pseudo-anonymity. For instance, a user can prove to a service that they are of age without revealing their actual age, thanks to cryptography.
This could be a concrete step forward for companies with regard to the issue of privacy.
Some projects are already using Polygon ID technology to create applications, but there is still much work to be done. Digital identity is, in some respects, still a challenge, but Web3 is poised to be the solution: soon on the Internet we will be able to be who we want, communicate and represent it in the way we want, with safety and self-sovereignty.