The emergence of Web 3.0: Decentralised identity

Tue 26 Jan 2021 ▪ 23h11 ▪ 17 min de lecture - par Sylvain Saurel

Hello everyone and welcome to the first article in a series dedicated to the emergence of Web 3.0.

Today we will begin by studying a subject that makes surprisingly little or no noise despite all its promise: decentralised identity. If it is possible in today’s world to completely manage our money without the involvement of any third party, why not manage our own identity on the internet? Let’s discuss Web 3.0’s current uses, potential disadvantages and the answers which attract individuals to its ecosystem.

Our identity online

We do not always use pseudonyms when using services or interacting with other users online.

Sometimes it is better to hide your identity for practical, as well as security reasons. Nowadays, for ease of use, we have to admit that there are many of us who do not demonstrate good practice in the management of our personal data. That being said, setting up different email addresses and passwords for each and every service can be a daunting, not to mention cumbersome, task.

However, it has been a while since the dissemination of our personal data has boiled down to a single email address with a poorly selected password. Nowadays, there are complete user profiles stored somewhere in the cloud or, more precisely, in one of GAFAM‘s (Google, Apple, Facebook, Amazon, Microsoft) data centres. While it is true that some users fully assume and accept the lack of data privacy in return for user-friendly and largely free services, the problem is that the market lacks genuine alternatives. As per usual, the options are pretty clear: if you want the ergonomics of a supposedly ‘free’ service, you need to sacrifice your confidentiality and security.

Connecting with social networks

Different methods have been developed in order to simplify the registration process when signing up to new online services. Nonetheless, the ones used widely today are these ‘continue with’ options which allow the user to link existing accounts and transfer the necessary information to the new account. I am, of course, mainly talking about GAFAM since, as Europeans, these are the services we use the most. However, in the case of Chinese users, an arguably worse situation exists with the likes of Weibo and WeChat… The concentrated collection of users’ personal data through these services far exceeds what is collected in the West.

Facebook and Google’s magic buttons

identité Google

Just like that, in one click, a new account is created. No effort is needed to remember the password since Facebook will do that for you.

It is a revolutionary experience for the user but also a dangerous one. This harmless little button allows Facebook (or Google) to link the activities of other applications to the user’s profile. In turn they offer their advertisers a more precise list of targets. This is their business model and so it should not come as a shock to anyone.

It is not only Facebook who operates in this way, all of GAFAMs take the same or similar approach with the exception of Apple. 

‘Sign in with Apple’

Apple is watching you

The apple is not as harmless as we think it is

Apple presents itself less aggressively when it comes to the personal data of its customers. Its widely publicised bias now forms part of the brand’s core message. In addition to all of the options which it gives its customers (to have more control over who uses their data and when), Apple has developed proprietary connection systems.

These systems are very different from Facebook’s or Google’s since there are more options available to the user about how they would like to manage their data. For example, the user can easily create a disposable email address (which would look like [email protected]) which would redirect incoming emails to the user’s own inbox. It would mean the user wouldn’t have to disclose their personal email address, limiting potential spam.

However, Apple claiming that it is not and will not use users’ data in the future is a problematic situation. Relying on a third party to guarantee the integrity of your personal data will always cause a potential vulnerability in the management of this data. It is certainly a more comfortable option and Apple is seemingly better than its competitors, but your data remains completely centralised.

Proving your identity on the internet

Today, a variety of methods are used by companies to allow users to prove their identities. Previously, the focus was on the pairing of an email address and password, the methods nowadays are more sophisticated. For example, thanks to the reduction in the cost and automation of sending text messages, it is easy to offer to certify access to an application or website.

What is a decentralised identity?

To determine what a so-called decentralised identity is, as well as its use in the context of Web 3.0, it is important to clarify the details.

Here are two extremely generic solutions where anyone could imagine the range of possibilities for their decentralised identity. To better understand the definition of decentralised identity, the DIF (Decentralised Identity Foundation) offers its own:

 “Decentralised identity can replace identifiers, such as usernames, with IDs that are self-owned, independent, and use blockchain and distributed ledger technology to protect privacy and secure transactions.” – DIF

Hence, the objective of decentralised identities is to allow users to be able to store private information locally, while making it possible to guarantee total confidence in its veracity when disseminated.

A user would be able store their data and then share the necessary information without having to go through a third party. Once the profile is created, it can be accessed only by the user via its private key, but apps will be able to connect to it through its public key. This means when users register with a compatible app, for example, permission will have to be asked in order to gain access only to the type of data needed. This would be similar to what currently exists on smartphones – sliding buttons which control access to photos, microphones or cameras for example. In essence you become your own manager and therefore have full control over the dissemination of your data.

The players within the decentralised identity space

We don’t call decentralised sectors ecosystems for no reason. It is the synergy between different existing players and their services that gives users the chance to experience the best and richest possible functionalities. For this reason, it is important to closely study these various players, which is not an easy task since communication is often limited to a niche group of ‘early adopters’ who will show relative indifference until the technology is widely spread.

Their objective is therefore to offer users a chance to regain control over the dissemination of their data. It will also reduce the daily accumulation of data by the likes of Google and Facebook.

Metamask

metamask

This fox wishes you well

While Metamask is not really part of the ​​decentralised identity sector it has some interesting similarities with the way in which it works. Metamask is not an identity but a wallet that allows you to connect to different applications from the decentralised web.

However, I wanted to analyse this web extension so I can introduce how it is related to other services of Web 3.0. If you are interested in decentralised apps, which include video games or financial services, it’s necessary to connect a wallet like Metamask. Often, the simplest option is to click on the “continue with Metamask” button and let this famous fox do the hard work.

Nevertheless you should be aware that this harmless click has certain repercussions. Firstly, this connection can technically create security flaws, especially if the app’s developers have not been conscientious enough. Secondly, contrary to popular belief and Metamask’s crafted marketing presentations, users of services based on distributed registers are just as prone to hacking and perhaps even more prone, paradoxically, than normal users. With Ethereum transactions being public, it makes it possible to track all those associated with any user and consequently draw up a profile on them through the apps they use. This creates distrust as there is fear of allowing anyone to draw up a digital behavioural map of any user of the service.

Decentralized Identity Foundation

The DIF is a foundation which aims to develop and democratise decentralised identity services. It attempts to achieve this by surrounding itself with actors from all corners of the world in order to develop a synergy between its services. There are many well-known names contributing to the ecosystem, including cryptocurrency projects like uPort, Hyperledger and NEO to name but a few. In addition to the crypto projects there are traditional companies such as Mastercard, Microsoft and IBM who are involved.

The objective is to set up working groups around specific functionalities in the decentralised identity sector. You can find the work of these groups on their respective websites and source codes, which are – as they should be – open source.

DIDs through W3C

The W3C (World Wide Web Consortium) team is also working on decentralised identity. The presentations on its research are regularly updated. They present DIDs (Decentralised IDentifiers) as new types of identifiers which will allow the establishment of true digital and decentralised identities. The difficulty is being able to set up an identity whose ownership can be proven without the use of centralised databases or control bodies (in fact, this is a bit of a Holy Grail).

DIDs par le W3C

The key to your Decentralised Identity looks like this

uPort

uPort is a company that is developing different services around decentralised identities. The promoters of this project wish to provide their users with a new way of connecting to various services on the internet. Their solutions make it possible to master digital life by helping users take back control of their personal information, their security and how it is disseminated to third parties. The way in which it works is quite simple, all you have to do is set up a profile on uPort which can then be used on all compatible applications.

Uport

uPort’s goal is to become a direct alternative to the famous “continue with Facebook” option. Their services are not very interesting on their own, but it is through the adoption of their system with other apps, which are not necessarily decentralised, where a comfortable and secure experience emerges for users. It will be a synergy between different players, who offer simple navigation whilst guaranteeing the control of personal data which will allow new models to emerge.

Brickchain

Brickchain is also a player in the decentralised identity sector, even if it does not use blockchain technology. The open source Brickchain protocol allows its users to keep control of their data, without having to resort to the complicated technology of distributed registers.

At the heart of its system is its mobile app which allows users to access their data on the go. Brickchain’s goal is therefore to establish a layer of interaction where only the owner’s strict and essential consent is the sole way to gain access to their personal data.

Ethereum ERC-725 token standard

If there is one platform widely used to build Web 3.0 innovations, it is Ethereum. Therefore, it is not surprising that we find a standard of tokens dedicated to decentralised identities or at least going in this very direction. Sensibly named “Proxy Account” this token embodies an interface which allows information to be stored not only about a user but much more.

The objective of this standard is to allow a legal entity to exist on the Ethereum network, while giving it the ability to execute smart contracts.

The Ontology network

ontology crypto

Ontology is a public blockchain network project dedicated to free collaboration among various players. The goal is to allow data to be shared securely by focusing on trust between different users.

However, the most interesting feature offered by Ontology is its ONT ID, which provides a framework for users’ identities. It allows each user to create their own identifier as well as allowing them to link the information of their choice. Once implemented, only the owner of this ID can fully control the data stored on it. In order to make it easier to trace where the data is going and who uses it, Ontology provides maximum transparency.

Nevertheless, this facilitates the multi-use of identities. It would be easy for the same user to control different ONT IDs, allowing different sources for their personal information. Ontology’s goal is therefore to build a bridge between service developers and their users without the necessary control bodies like a government, for example.

The future of decentralised identity

As we saw during our overview of this ecosystem, it still remains a niche sector in today’s world. That being said, just like many innovative ecosystems, it is possible that its democratisation will occur suddenly, just like much of the crypto sector in general. 

Decentralised identity is a rather particular sector in that the goal of decentralisation, here digital identity, is not generalised in a centralised manner. Quite a few systems already exist around digital identity, even if the implementation of this sector seems slow.

That is not to say, however, that digital identities have yet to be implemented.

In Estonia, for example, it is already possible to connect to various digital services using a national identity card. In particular, it has enabled companies to delegate the costly operation of user identification to the state through the use of this ID card. Nonetheless, all is not as good as it seems, as the centralised connection of the service could bring serious issues in the event of a digital attack. In fact, in 2017, half of all Estonians were deprived access to services due to the discovery of critical security flaws.

The potential risks are vast as most of the services are in their infancy. It is important to precisely learn about a protocol before pouring sensitive or personal information into it. While decentralisation will not necessarily be able to resolve all of the issues related to the management of personal data, it could, however, give users more choice. The market would be unleashed, taking away our dependence on GAFAM’s monopoly.

It would allow the emergence of new players and more user-just models of monetisation, for example.

More importantly, it would become possible to clarify the very concept of personal data, as well as ascertain its real value. Currently, it is too complex to learn and document how personal data can best manage itself, which has led to a lack of regulation. These are the many challenges that this very young sector must work towards, but I’m sure we’ll hear from this ecosystem much sooner than you think.

To conclude, let me quote PayPal’s CEO, Dan Schulman, who recently explained what the payment giant thinks about blockchain’s potential for identity:

 “Most people think that blockchain is about efficiency, but the system today is pretty efficient. There are middlemen sometimes in between, but the rails of it are pretty efficient. So we think a lot of the neat stuff that can happen on blockchain is around identity, for example.”

That concludes the first article in this series on the discovery of Web 3.0. I hope you enjoyed reading it and above all I hope it has allowed you to discover more about this exciting ecosystem. If you have any questions or comments about this article, please let us know on TheCoinTribune’s social media channels. See you soon for a new article on the Web 3.0 saga!

A
A
Sylvain Saurel

J’ai découvert le Bitcoin en 2014 en tant que développeur. J'ai décidé de m'y investir pleinement début 2017. Depuis, j'essaie de partager avec le plus grand nombre ma vision du Bitcoin et l'importance qu'il aura dans le futur.

DISCLAIMER

The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.