Web3 and Decentralised Identity have lots in common - but it's not what you think
If Web3 is about proof of ownership, decentralised ID is about ‘proof of me’
Hi everyone, thanks for coming back to Customer Futures. Each week I unpack the disruptive shifts around digital wallets, identity and Personal AI.
This is a PERSPECTIVE edition, a regular take on the future of digital customer relationships.
If you haven’t yet signed up, why not subscribe:
We shouldn’t look forwards to Empowerment Tech without understanding how we got here.
And so this week I want to look back at Web3, digital wallets and blockchain. And to see how and why they have shaped today’s thinking - and tech - around digital ID.
We’ll look at how Decentralised ID came about and why it shares a bloodline with Web3. We’ll see why that matters, and how people have got some of the big things wrong about when Web3 meets ‘Self Sovereignty’.
Let’s go.
In the physical world, if I give something of value to you, then I no longer have it. And we can account for that transfer of value using some kind of ledger.
With currency, that ledger is run and governed by a centralised trusted authority, like a central bank. But in the digital world, the very properties of digital objects mean that we can make infinite copies of anything.
But when we use that digital object as money, we get the ‘double spend’ problem. When the same digital cash can be spent over and over again. Not ideal.
Then in 2008 an anonymous person or group called Satoshi Nakamoto published the Bitcoin whitepaper. It described a new way to exchange money (value) without needing a middleman or centralised authority to run the trusted ledger.
The breakthrough was an elegant way to solve the double spend problem.
Satoshi (whoever she is) introduced a new type of decentralised ledger, where individuals use digital wallets to read and write to a globally shared, immutable digital record that anyone can audit and trust.
Data could be held and controlled ‘at the edge’ via digital wallets, using mathematically concrete proofs of data ownership (tokens).
It meant no more need for a central authority to control the flow of proofs of data, nor to control the exchange of the data itself.
For the first time ever, anyone could demonstrate ‘proof of ownership’ of their data, anywhere, any time, and to anyone.
What about ID?
What’s this got to do with digital ID and Empowerment Tech?
Since that landmark paper in 2008, the specific asset called Bitcoin has given way to an explosion of use of the underlying technology, blockchain, and other forms of Decentralised Ledger Technology (DLT).
And if you look closely, DLT is really just a set of agreements about crypto. And I don't mean cryptocurrencies... I mean cryptography.
When you zoom out from all the blockchain projects globally for the last 10 years, almost all of them landed on the same three main use cases:
Cross-border money transfers,
Supply chains, and
Digital ID.
When you look closely at 1 and 2, you see they are actually both identity problems. Because all three use cases are trying to solve the same question: Who am I really dealing with in this digital transaction?
This is all to say that if you look past Bitcoin and blockchain, there's something powerful here about using cryptography to solve really hard real-world problems including digital identity.
But there’s a thorny problem staring us in the face.
Identity doesn't have a double spend problem.
I can present my ID over and over and over again, but it doesn't mean I no longer have the original. When it comes to digital ID, on the surface there's no real need for Web3 at all, let alone any type of DLT.
So how are Web3 and Decentralised ID related?
Web3 is about the freedom to make payments. But really, that means any kind of data. And as we’ll see in a moment, that same technical freedom matters a great deal to the sovereignty of individuals. And to the portability of data.
It’s why some of Web3’s core ideas have become central to how we now think about ID systems.
Freedom of data control
The 'digital identity community' are a group of experts on personal data, privacy, security and citizen empowerment. And they’ve been working on ‘ID systems’ for decades. Helping design and build many of the ID tools you use and take for granted every day.
From the social network 'login with' buttons, to the high assurance government and business identity platforms that run at scale all over the world.
But when Web3 came along, some pioneers in the ID community realised that there was an important new angle here.
Of sovereignty. Of choice and control. Of portable data.
While Web3 'tokens' themselves may not be an answer to digital ID, the cryptography inside them could unlock new powerful properties for proving things about people.
They saw that when an identity attribute - in fact any data object - is presented to a 3rd party, it can be instantly verified to check:
where the data came from,
who it was given to,
if it's been tampered with or changed, and
if it's been revoked.
You see, these are very similar to the checks performed by 'on-chain' Web3 wallets. But instead, we could move the data ‘off-chain’ to create a whole new approach to digital ID. To unleash new trusted data ecosystems that could change the way we interact online.
And so Web3 + ID soon became the new nut to crack.
And while Web3 maxis shouted about the importance of anonymity, the ID community introduced more subtle, but critical, requirements around pseudonymity, selective disclosure, identity governance, accessibility and privacy.
While the two groups wanted to use decentralised tech for different reasons and in different ways, Web3 and Decentralised ID shared a bloodline: the freedom of control and use of data by individuals.
Immutable, no?
Yet there was another issue for the identity experts to solve, around compliance and data protection.
Especially when a 'decentralised ledger' used data immutability as part of the answer. Creating a chain of transactions to make it impossible to alter the record of who owns what (or more precisely, which wallet owns what).
This was fine when the immutable record was about an abstract digital object (money or a coin). But absolutely not OK when it's about personal information. And especially in Europe where you have to comply with the 'right to be forgotten'.
Sam Altman’s WorldCoin identity project has been at the pointy end of this issue. Facing difficult questions from a range of national Data Protection Agencies about their use of blockchain and capture of eye biometrics.
But by thinking carefully about personal data, privacy and security, the ID community has taken the best from Web3 - new ways to use cryptography, digital wallets and moving data 'to the edge' - and applied them to new identity systems.
And so the ‘self-sovereign identity’ movement was born in the 2010s, building on ‘decentralised identity’ technology borrowed from Web3.
Today, just like digital money can behave like paper money - privately and portably - we have a way for digital ID to behave like paper and plastic ID.
That’s quite a breakthrough.
The three-card trick here is that Decentralised ID waves away the double spend problem. Because with digital identity, there isn’t one. Instead, with a Web3 approach, decentralised ID gives us a ‘triple spend’ opportunity.
A decentralised digital ID can now be digitally issued once, and then used by the individual many times over and over. All while achieving data portability, privacy and security at scale.
Centralised, shmentralised
But being attached to the Web3 movement has had its drawbacks.
One of the great rallying calls of Web3, especially the Blochain maxis, is that communities can ‘tokenize everything’ and get rid of central authorities and centralised databases.
Unfortunately, decentralised ID has been tarred with this same brush.
Many incorrectly still believe that decentralised ID is about removing the need for central registries of citizens, customers and consumers. But that’s plainly not true.
If anything, today we need trusted sources of data more than ever.
Yes, individuals can carry their digital identity data with them. But that doesn’t mean we need to delete the source record, nor do away with the governance authorities that ensure these systems are safe.
Rather, decentralised ID becomes about freedom and personal control over identity data. About choice and transparency. And about digital trust.
Just look back at that point I made above about Web3:
“Data could be held and controlled ‘at the edge’ via digital wallets, using mathematically concrete proofs of data ownership (tokens). It meant no more need for a central authority to control the flow of proofs of data, nor to control the exchange of the data itself.”
Decentralised ID isn't about removing centralised records of personal data. Rather, it removes the middlemen who currently control the flow of those proofs of data.
Yes, decentralised ID still needs authoritative sources of data. But it doesn’t need to rely on authoritative gateways to move the data around.
Unleashing even more value
We can look at these benefits from different angles.
First, think about a company collecting customer data. If they can receive the right personal information instantly, seamlessly, securely and privately from the customer themselves, and via a digital wallet, then we see some powerful new dynamics.
Because after the data has been used by the business, unless they are required by regulations to hold on to it (e.g. for KYC rules), then the company can indeed delete much of it. Hold less of it.
And the next time the business needs it, they can just ask for it again from the customer directly. And maybe that only takes one tap in an app.
You’ll see that for the business, this approach is cheaper (fewer API calls, less data to clean, secure and insure), more secure (fewer data objects to handle and store), more private ( the customer can share only what’s needed) and brings the customer closer to the business, building trust.
But what’s more, the business can keep a record of exactly what data they asked for, when, and where it came from. What a relief for the compliance team.
The point is that we will still need authoritative data sources. But we can share and store less data elsewhere.
Second, look at this from a Web3 token point of view.
Token holders and crypto coin exchanges can finally get some assurances about who they are dealing with, for example when they send or receive crypto assets. And they can build communities around those who they know are real people.
And before you shout about how Web3 is anonymous, we don’t need full identity. Far from it. We only need the minimum identity data needed for compliance, and to build trust for specific transactions.
With Decentralised ID, two Web3 wallet holders can now prove to each other, privately and securely, only the minimal identity data needed to build peer-to-peer trust. Like sharing which jurisdiction they are in, if they belong to certain online or real-world community, or simply prove that they hold other assets.
All while demonstrating that they are a real human.
So Web3 and Decentralised ID have lots in common. But it’s not about removing central databases, tokens or anonymity.
Rather, it’s a shared bloodline around cryptography. Around data freedom. And no longer needing to rely on a central authority to control the flow of data.
If Web3 is about proof of ownership, then decentralised ID is about proof of me.
And that’s the breakthrough that matters.
And that’s a wrap. Stay tuned for more Customer Futures soon, both here and over at LinkedIn.
And if you’re not yet signed up, why not subscribe: