Analyzing data with Verifiable credentials in Web3

Authentication processes on the Web force us to reveal and deliver a lot of personal data to private organizations, even where we are not the owners of the information. Web3 has advanced in this line, and one of the most anticipated functionalities is the decentralized identity digital, but a fundamental component is missing for these DIDs to be used in all types of applications, and they are Verifiable Credentials (VC).

What are verifiable credentials?

They are a W3C standard that extends DIDs to add information related to a given topic and that the user is the owner of such information, which can be used at its discretion for any circumstance requested in a secure manner.
For example, imagine that you want to take out insurance and the insurance company asks for your work contract to verify that you have a formal job and earn a certain monthly salary, with verifiable credentials and blockchain it would be a very simple process (image below).
1. You have a DID in a particular Blockchain network and ask your employer for a credential with your employment data.
2. The employer (issuer) creates the credential with data such as your salary, position, date of entry, and more, associating it with your DID, signs it, and sends it to you (you already eliminate the need to notarize the information because it is already signed in the blockchain).
3. The insurer (verifier) ​​sends you a request where they want to know if you meet the requirements (for example, they want to know if you earn more than US$ 2,000 per month), for this, they issue cryptographic proof.
4. With the cryptographic proof, you (owner) validate it with your credential and send it to the insured, validating that you earn more than the minimum salary required, without the need to reveal the specific data, only that the conditions are met, achieving credibility for the insurer (who verifies in the blockchain that the data is from a valid company/issuer) and for the person who must not reveal their personal/professional data.

Now comes a fundamental question, is it possible to do analytics with this form of verifiable credentials?

Analytics with Verifiable Credentials

Doing analytics with this data is possible, but with a different focus, since you will not have people’s personal data.

The process you must follow is:

1. Extract data from cryptographic evidence. As in the previous example, you will no longer know the monthly salary of a person, but if an estimated range, you could save that for clustering.
2. Filter still valid credential information (credentials can be revoked by the issuer if misuse is detected).
3. Filter by valid signers (you don’t want a credential from one person, signed by the same person).
4. (optional) Try to associate the DID of each person with a wallet (Blockchain address).

Types of analysis you can do

1. Clustering: With the information, you can cluster people based on some attribute (or several) that they share with each other. With this cluster, you can detect who your users are or what they like, and if they are associated with a wallet, know what DeFi or NFT protocols they use.
2. Fraud: If they are associated with a wallet (each record), you can analyze transactions with graphs, using nodes (other wallets) and edges (each transaction) to interconnect and see the degrees of separation between a wallet marked as fraud with other addresses. , detecting if a wallet has an indirect history or is a participant in fraud in a DeFi protocol.
3. Sanctions: With the credential history, you can check for each person's credential accounts they have and how many have been revoked by the issuer (if trusted) because you could detect some misuse of credentials (even if you don’t know the context) that will give you information on the behavior of the person under certain processes.

Web3 requires doing analytics in the same way that is done in Web 2.0, only with the exception that you will no longer have the information of the users/persons if they do not explicitly deliver it to you, but with the decentralized identity digital and verifiable credentials you can make the process simpler.