A new type of digital identity on Web3 (called Self-Sovereign Identity, or SSI) could be the answer to the data theft happening on Web2.
The nature of online identity is changing. For too long during the era of Web2, users have been forced to access online platforms via passwords – and with their information – controlled and stored by big tech firms – these are the biggest attack vectors for hackers to gain access to corporate systems and steal your data.
Web3, popularly known as the decentralised web, promises to give us ‘self-custody’ of our data and protect our personal information and digital assets from exploitation. Web3 is driven by the open, permissionless blockchain network and underpinned by an ethos of trustlessness and transparency, which resolves many of the fundamental problems in Web2.
We are in a critical moment in the digital age. Despite widespread discontent that our data is less secure than ever, there is a lack of self-custody solutions — except for a few government-based digital IDs, which individuals can only use within their home country, and even then, with a limited number of services accepting these IDs. There are several reasons for this.
Firstly, many digital identity solutions with overly cumbersome onboarding processes could be more user-friendly. Secondly, many Web2 and Web3-based digital identity providers insist on unnecessarily storing our data on central servers.
Finally, we haven’t seen many providers that provide a ubiquitous service that can work globally across both Web2 and Web3 and many different verticals.
Digital identity is set to explode in 2023
During 2022 we witnessed a lot of R&D around creating a digital identity that’s trusted, secure, easily accessible, and gives the user complete ownership of their data. (A concept better known as ‘self-sovereign identity,’ or SSI).
The usage of these types of digital identities will explode in 2023. We’re already seeing government legislation where services can’t be provided unless the customers have a digital identity. Age verification for same-day alcohol delivery is an excellent example of these plans in action.
All-in-one toolkits for personal data management now make it possible to store verifiable credentials, such as graduation certificates, event tickets, or proof of address, in a blockchain-powered account that doesn’t rely on cloud storage.
A privacy-oriented solution to web access uses such toolkits in conjunction with a cryptographic technique called zero-knowledge proof (ZKP) – a method of authentication that protects users’ data while also allowing them to prove something about themselves. In effect, ZKP is a safe way to verify your identity, age, or credentials — without actively disclosing your birth date or other personal identifying information (PII).
Protecting data within an identity ecosystem
For companies that want to provide gated smart contracts or operate other Web3 tools, such as metaverses, which require users to verify their age or jurisdiction, Soulbound Tokens (SBTs) are a promising solution.
SBTs — first proposed in a paper co-written by Ethereum creator Vitalik Buterin — are non-transferrable, publicly verifiable tokens designed to represent elements of an individual’s identity in Web3. SBTs are still emerging but could represent the building block for a future Web3 decentralized society.
As we move into 2023, SSIs will become a more significant part of Web3. I see this as a middle ground to allow for ‘light’ regulation of Web3 products while maintaining the privacy and anonymity of the users.
I was recently speaking with an institutional investor about DeFi projects and wondered why large investors generally stay away from successful DeFi projects such as Compound.
They told me that the biggest regulatory risk is that they don’t know who the counterparty is on any DeFi trade. It’s possible that when they use a lending protocol, the counterparty is someone from a sanctioned jurisdiction, which would mean that the institutional investor is breaking the law.
But, using SSIs and zero-knowledge proof baked into Soulbound Tokens, a DeFi product can effectively ‘self-regulate’ and only allow people who meet specific criteria to interact with the contract. This would open the door for large institutions to invest and launch their DeFi products without worrying about their interactions with sanctioned counterparty risks.
The Optus breach highlights why we need SSI solutions
Data breaches are nothing unusual. The rapid shift to remote working and services during the pandemic has increased cybersecurity concerns, with global businesses suffering 50% more cyberattack attempts per week in 2021 than in 2020.
In September, Australian telecoms giant Optus exposed the identity credentials of almost 10 million customers — 40% of the population.
This shocking outcome highlights why Web3 must rewrite the rules of user identity. However, the only way that self-sovereign solutions will be accepted and used by everyone is if they are straightforward and seamless.
By taking back ownership and control of our data, we can ensure that our information remains secure and accessible as we build the future global infrastructure for Web3. And by leveraging self-custody, we can help create a more decentralized and equitable web where users truly own their data and assets.