Jack Dorsey caused a stir in the digital identity sector last month, with a tweet announcing Web5, an ‘extra decentralized’ web platform. Twitter users were left questioning what happened to Web3 (let alone Web4!), until TBD, Dorsey’s company behind the platform, explained Web5 is a combination of Web2 + 3, giving a total of 5.
Dorsey has long criticized Web3 as being heavily controlled by Venture Capitalists and not truly decentralized. TBD explains that Web5 on the other hand, “brings decentralized identity and data storage to your applications,” and, “lets devs focus on creating delightful user experiences, while returning ownership of data and identity to individuals.”
this will likely be our most important contribution to the internet. proud of the team. #web5
— jack (@jack) June 10, 2022
Many industry commentators have raised doubts that Web5 would be any more decentralized than Web3. Is it possible to get rid of platforms by creating another platform? Is it naïve to ignore the challenges of building on blockchain? Is Web5 just a badly disguised marketing ploy?
Despite these legitimate concerns, if there’s one thing I agree with its TBD’s statement that the web is missing a key layer: identity. “We struggle to secure personal data with hundreds of accounts and passwords we can’t remember,” the website says, “On the web today, identity and personal data have become the property of third parties.”
Digital identity online – a broken model
As a society we’ve become digital bankers, customers, citizens, consumers, patients, students, and employees. For many of us today our digital life, IS our real life. Who we are doesn’t change when we go online, but the way we share and validate our identity does.
In a digital world, establishing trust is complicated, as is choosing to keep our personal information private, or maintain control over how data about us is shared. The internet has created immense opportunity for those looking to manipulate our identities for their own gain.
While technology has allowed for significant progress in anchoring our digital to our physical identities, proving who we are online remains challenging. We are known to each online service by a different identifier – a number, a password, a token, a biometric – and control lies firmly with the service provider, rather than us as individuals.
On many occasions, when verifying our identity online we are really verifying our eligibility for a certain product or service. Yet we have to share far more information than is necessary for a transaction. And worse still, we have to do this time and time again, with multiple different providers.
As Tim Berners Lee, reflecting on the development of the world wide web since his invention of it in 1989 noted, “transformation is hampered by different parts of one’s life being managed by different silos, each of which looks after one vertical slice of life, but where the users and teams can’t get the insight from connecting that data.”
Often service providers centralise control of a user’s personal data, making it very difficult to update or correct. Many online companies’ practices also leave much to be desired in the way of transparency and data protection. The way we manage identity online is broken.
The social media identity problem
Nothing has changed the face of the internet quite like the rapid growth of social media. Millions of us around the world turn to Twitter, Facebook, Instagram, and other platforms for a safe place to interact and share our views while retaining a right to privacy.
Unfortunately, the very nature of social networks as anonymous platforms makes proving that a user is a real person, and then holding that person to account for their online actions, extremely challenging.
Elon Musk recently called for Twitter to do more to authenticate users and reduce bots. Musk is certainly not the first to address this, social media services have long grappled to control the number of fake accounts, bots, and pseudonyms on their platforms.
And authenticate all real humans
— Elon Musk (@elonmusk) April 21, 2022
Social media companies have also come under increasing pressure to stamp out the spread of harmful content, misinformation, and illegal activity. Many have called for more stringent age verification to protect minors from grooming, paedophilic activity and shocking content promoting eating disorders and suicide, which unfortunately are prevalent across these channels.
A range of solutions have been put forward to verify those signing up for social networks, including using biometrics or scanning images of identity documents. While these technologies may be effective in theory, in practice they could come at the expense of privacy and security, violating citizen rights, and inappropriately increasing tracking.
Online businesses while wanting to remain compliant, also want to preserve their commercial interests without deterring customers from using their services with overly invasive identity checks.
The growth of self-sovereign identity
From around 2015 onwards, the term ‘self-sovereign identity’ began to be used in response to these concerns. One of the earliest and most influential articles to lay out the principles of this model was ‘The Path to Self-Sovereign Identity’ by Christopher Allen, in which he states, “Self-sovereign identity requires that users be the rulers of their own identity.”
More and more, individuals are becoming very aware of their online identities. Customers today want security, data privacy and control. We are starting to see several real-world use cases emerging and the recognition of SSI at a government level. The latest revision to the eIDAS regulation for example allows for citizens to prove their identities and share documents from a mobile wallet.
As Big Tech firms like Facebook and Google continue to dominate the digital space, self-sovereign identity solutions (SSI), could offer users a way to take control of their data. With an SSI, individuals manage a portable digital identity, and manage how, and where this identity is shared.
It would be possible to prove your eligibility to access an age restricted online space for example, without disclosing any other personal information. Or prove ownership of a digital asset, without disclosing your real-world identity.
Exploring virtual worlds
The pace of change in the online world is immense. A vision for a blockchain-based internet with NFTs, DAOs, DeFi and crypto taking centre stage is rapidly evolving. And as the concept of the Metaverse continues to gather pace, a heightened level of online interaction becomes possible.
No matter which online space an individual is in others need to be able to trust their identity. This doesn’t necessarily mean disclosing their real-world identity, but proving their online persona is connected to a real person. It also means ensuring individuals are only granted access to the right spaces and digital assets are protected from targeting by fraudsters and cybercriminals.
As the powerful possibilities of the virtual world continue to unfold, it’s clear that a tangible link to the real world will be vital to security. For the metaverse to fulfil its immense potential, without threatening the safety and control of its users, it needs to be built with digital identity in mind.
The conversation continues at the Future Identity Festival 2022, taking place on the 14th & 15th November, The Brewery, London. Join 2000 festival-goers as we explore the trends and technologies shaping the future of identity verification, risk and fraud.