The recent rise of Web3; the new evolution of the Internet to make it decentralised through Blockchain, is also bringing a lot of talk about decentralised identity schemes and their application in this new and seemingly promising evolution of the networked world.
In summary, the evolution of the Internet can be summarised in these 3 stages:
- Web 1.0; 1990-2005; open protocols (the Internet of directories)
- Web 2.0; 2005-2022; closed platforms (the power or the ” big brother ” of Big-Techs)
- Web3; 2022-on; decentralised Internet (more democratic and private internet)
For its part, the evolution of Identity linked to that of the Internet can be summarised as follows:
- Identity 1.0; centralised identity (username and password)
- Identity 2.0; federated identity (identity-related data as business)
- Identity 3.0; decentralised or self-sovereign identity (giving control of identity back to users through identity wallets)
Username and password (Identity 1.0)
We refer to this model as centralised identity because each digital service provider or platform (ecommerce, banking, telecommunications, streaming services, etc.) stores the information and personal data of all its users centrally. We access these services with our username and password (in most cases), creating as many different identities as the number of Internet sites to which we register.
Storing the identities of thousands or millions of people in databases is a problem from the point of view of digital service platforms, both for them and for their users. These centralised databases are a tempting target for cybercriminals, who illegally try to appropriate the personal information stored in them. The purpose of these acts of cybercrime is to make a financial profit by illegally marketing the stolen information.
Centralised identity puts at risk the privacy of users, the security of companies or service providers, and also has a poor user experience.
Log in with Facebook (Identity 2.0)
The previous model, in addition to being a nuisance for users (we must maintain as many identities as we register on the Internet), poses a privacy problem for users, and a problem for companies or digital service providers in terms of compliance with personal data protection regulations. Thus, the idea of delegating the processing of users’ identities to specialised providers seems to make sense, we refer to it as Federated Identity. Most of us are already registered with Google or Facebook (to give an example), so why not use these identities to access other digital services or platforms?
In the federation model, we create our identity once (e.g., we sign up for Facebook), and use it in our subsequent interactions on the Internet (e.g., to access Spotify). The advantage for users is obvious because of the convenience of the model, the problem is that we are giving too much power to these hyper-providers of identity solutions. In the example of Facebook, it knows exactly where we log on to the Internet, where from and when we log on, as well as keeping a record of our personal information, which it always shares with the third parties we log on to. Can we imagine what Facebook can do with all this information? Undoubtedly, make money, lots of money. In fact, thanks to this, Facebook offers companies and Internet platforms, free of charge, the possibility of using its federated identity solution.
Federated identity improves the user experience, but still puts users’ privacy at risk through uncontrolled monetisation of their personal data.
ID Wallets (Identity 3.0)
Identity wallets (ID Wallets) are the visible and user-friendly part of decentralised identity or self-sovereign identity models. These wallets are applications installed on users’ mobile devices, capable of securely and privately storing all their personal information. In this way, users’ personal data is only guarded by the users themselves. There is no central authority or hyper-identity provider controlling this personal data. This model has the advantage of federated identity; we only create a single identity (in this case in the ID Wallet), and it also solves the problem related to the privacy risk of users’ personal data. In this way, the handling of identity-related information is returned to its rightful owners, the users, preventing unauthorised use of their personal data.
As on the Web3, decentralised identity is based on blockchain technology, which is the technological layer that validates the authenticity of the personal and private information that is shared, thus enabling an ecosystem of trust between the parties involved and returning control of personal data and identity to the users.
Decentralised identity based on blockchain and ID Wallets solves the privacy and power abuse problems of centralised platforms, while preserving the good user experience of federated schemes.
Web3 and Decentralised Identity
Assuming that the future of the Internet lies in redefining its architecture towards a decentralised model is perhaps at this stage (given the complexity of the task) still a bit risky. However, decentralised identity schemes are making good progress and could act as the tip of the iceberg or the spearhead of the Internet’s evolution towards web3. In both cases (web3 and identity), the goal is the same; to foster more transparent, democratic, private and trustworthy information exchange schemes, without handing over our digital sovereignty to large Internet platforms.