Decentralised Identity: The Way Forward

regularguy.eth

With the rise of the internet, we have all gotten used to managing our digital identities through username and passwords. Think of all the websites which you interact with daily and it becomes obvious that this is not a scalable nor secure model. With so many accounts, it is only natural that people start reusing passwords across different accounts. Password managers are only a band-aid as each website still needs to implement their own identity management. Consequently, all digital organisations inadvertently also become identity management organisations which places a heavy burden on smaller companies.

While we might trust such companies with our personal data, the fact remains that this trust is built upon a constant tension between keeping our data private versus monetising our data. Although public outcry has resulted in the pendulum swinging towards the former, there is very little an individual can do when the momentum changes. At its core, this power asymmetry arises from the fact that prior to Web3, there was no feasible way for consumers to access digital services without having to give up ownership of their own digital data. That is, our personal data is stored on the business’s servers and we depend on the business to operate our digital identity.

Reclaiming Our Identities: Why Decentralised Identity Matters

A Short History of Digital Identity

The internet was built without a native identity layer and hence unlocking its network effects required some form of identity to be built from the ground up. Without an identity layer, the network would have no way to coordinate trusted interactions between users. For example, how will a membership platform determine who has access to their content or how do businesses track the full lifecycle of their client to provide a better service? Given the technical limitations of the web back then, the most practical approach was to get users to prove their identity via accounts secured by a username and password which only they knew.

This approach set the foundation to the web identity model that we know of today. To get here, it went through 2 major phases:

1. Centralised Identity — One password per service where the account is owned by that service. This lead to password proliferation which created a secondary market for password managers such as Lastpass and Dashlane. Security is also compromised as companies are forced to implement identity management solutions which are outside their scope of expertise.
2. Federated Identity — One password with a trusted identity provider which enables access to services which trust the provider (i.e. login via Google, Facebook). Personal data is limited to just the identity provider but the operation of our identity relies on the identity provider and the trust network which it has built. Better security as identity providers have teams built around this core product.

Although the current single-sign on (federated identity) model works, scandals such as Facebook-Cambridge Analytica as well as the WhatsApp encryption controversy, highlights just how little control users actually have over their own data. Crucially, these events reinforce the need for a better web identity model which is not preconditioned upon individuals having to give up power over their own identity just to access digital services, many of which are compulsory to participate in modern society.

Currently, cryptocurrencies solves this by allowing strangers on the web to coordinate via transferring value but this is a one-way street towards hyper-financialisation.

Decentralised Identity: We Are More Than Our Finances

Decentralised Identity: Evolving Infrastructure

Whether decentralised identity is the natural step forward in this technological march relies on how well it can address the aforementioned issues. Critically, users will only adopt it if they have the choice to:

1. Own their personal data — Data is stored on community-owned infrastructure. Users can still rely on federated identity providers as long as they prefer not having to take full responsibility over their own digital identity.
2. Migrate digital identities across services — No lock-ins and having to navigate walled-gardens. Users should be able to choose their preferred identity root as well as not worry about having to lose their identity if they decide to leave a platform.
3. Maintain privacy through selective disclosure — Users should be able to determine the different levels of data definition that is shared. Encryption will enable relationships to form without requiring personal data to be revealed.
4. Consent to representation — Users should have a voice in determining how their digital identity is represented. There is a boundary between what data should remain private as opposed to public.
5. Create relationships directly with other users — As in real life, being able to interact directly with another individual without the need for a middleman.

While the decentralised identity space is rapidly evolving based on these guidelines, there are 2 key ideas which have gained traction:

1. Soulbound Tokens (SBTs) — Non-transferrable NFTs representing all on-chain relationships. By making SBTs non-transferrable and community-recoverable, there is no financial incentive to trade the identity.
2. Verifiable Credentials — Standard format for expressing credentials on the web which can be applied both on/off-chain. Utilises zero-knowledge proofs and public-key cryptography to securely verify claims without compromising privacy.

In both solutions, individuals are able to reclaim ownership of their own digital identity as it is securely stored on a community-run blockchain. This places individuals in a much more favourable position when deciding how their personal information is shared and accessed. Moreover, as individuals are able to attest for each other in this identity paradigm, communities can organically form from the ground-up.

The video below goes into much greater depth which is out of scope of this article:

Redefining Our Approach to Privacy

While debates around privacy flares up every so often, much of society is resigned to the fate of entrusting organisations with their data else risk being socially excluded. Decentralised identity is set to disrupt this core assumption by finally constructing the technical infrastructure enabling individuals to own their own data. This will shift the focus of the conversation away from how companies are meeting personally identifiable information requirements such as GDPR. Instead, the focus will be on the modularity of this new identity infrastructure and how services can continue to be provided based on an individual’s privacy preferences.

Underlying our digital personality is the ability, right and power to choose our relationships and associations and whom to share them with, or not. Decentralised identity is a step towards a community-owned identity infrastructure which is better able to digitally reflect the types of relationships we have in the real world. It is the foundation upon which a more equitable internet will prosper.

Decentralised Identity Shorts:

• Reclaiming Our Identities: Why Decentralised Identity Matters
• Decentralised Identity: We Are More Than Our Finances
• Decentralised Identity: The Way Forward

Thanks for staying till the end. Would love to hear your thought/comments so do drop a comment. I’m active on twitter @AwKaiShin if you would like to receive more digestible tidbits of crypto-related info or visit my personal website if you would like my services :)