Decentralized identification could fix the broken mess of secure data storage, but it’s a long road with many hurdles

Decentralized identification could fix the broken mess of secure data storage, but it’s a long road with many hurdles
The current system for storing data is broken, but can a handful of fast-rising Web3 companies really provide the answer?

GM,

It’s been an eventful few weeks for the concept of decentralized, blockchain-based identification. 

Worldcoin, the project co-founded by Sam Altman, last month announced plans to introduce its own chain. That was quickly followed by MicroStrategy—yes, the firm synonymous with buying loads of Bitcoin—revealing it is working on a similar identity project. More recently, a project called Humanity Protocol raised $30M from investors to fuel its rival project and there is even a potential offering from the team behind memecoin Shiba Inu. (Terminal 3, which sponsors this newsletter, is developing solutions for many of the identity challenges.)

It’s high time we looked into decentralized ID—strap in and let’s get to it.

Best,

Jon and Gary


What’s going on?

Image via Midjourney

Nearly 10 years ago, I was on vacation in the middle of Thailand when I bought a bag of fried banana chips for around $1 from a street vendor. 

To my shock, the package they came in—which is often just recycled paper—contained a printout of a person’s Thai national ID card.

The first thing I did was to (obviously) tweet about it once the personal information was obscured

The guy had obviously needed to prove his ID, potentially for a loan, insurance or more, and then the company that scanned and printed his ID card had not shredded the paper. Horrifyingly, it ended up in my hands.

Decentralized ID doesn’t relate directly to banana chips, but it does solve the general problem of exposing confidential information and documents, which in turn makes them vulnerable to leaking out—both offline and online.

What if this guy was able to simply show proof that he had a valid ID without actually showing the ID itself. That is the concept behind decentralized ID. A trusted platform—be that Worldcoin or Humanity—is given proof of your identity or identification document. That is then stored in a secure way, and then proof of that verification is all that is needed to prove your identification. 


SO WHAT?

1. When 150 million people’s data is exposed

We give out identification data all the time. Whether it is applying for financial products, crossing immigration when traveling, checking in to a hotel, buying liquor or, more often, providing KYC (know your customer) verification online.

We’re not all vulnerable to being featured on a bag of banana chips, but data leaks are increasingly common—with many unreported to the public domain.

Back in 2017, Equifax—a major credit checking firm—suffered a catastrophic hack which exposed the private records of 147.9 million American citizens, along with 15.2 million British citizens and nearly 20,000 Canadian citizens. Hackers gained access to internal systems that contained first and last names, birth dates, addresses and social security numbers, in some cases they acquired driver’s license numbers, credit card details and more.

This personal data was then made available on the dark web, enabling hackers to impersonate more than 150 million people. Many of the hack victims weren’t even direct Equifax customers since the firm would handle credit checking for a range of companies across industries. Some of the stolen information could be changed, but other details could be exploited by malicious actors for years to come.

The US government charged four Chinese military-backed hackers for the Equifax breach [Image via FBI]

The Equifax scandal isn’t the only one, but it is the largest of its kind and it showed just how inadequate modern data storage is, particularly given the vulnerabilities that exist and can be exposed online.

2. A new AI-powered deepfake internet

In the years following Equifax, new restrictions around data management have come into place particularly the European Union’s GDPR (general data protection regulation) which has had a ripple impact on how other countries look at data.

There is, however, a new and growing need for decentralized identity and that is around artificial intelligence (AI). In this case, proof of personhood is focused more around proving that information and content has come from a verified source rather than an AI system. That could be crucial for news, images, videos and other areas where deepfakes are already high enough quality to mislead.

That is what Worldcoin is attempting to solve with its World ID product. You can think of that in a similar way to social log-ins, which use your account with Google, Apple, Facebook and other products to create accounts on games, media sites and more. World ID, though, is linked back to a user’s proof of personhood on Worldcoin. If integrated by third-party services, it could be used to prove that a piece of content, achievement or other internet activity comes from a bonafide human. Crucially, it preserves a person’s privacy.

The Worldcoin user app [Image via Worldcoin]

We are yet to see how other major players will take on the challenge of proving humanity in today’s internet which is increasing susceptibility to artificially-generated information.

3. So how does it work?

We’ve looked in detail at Worldcoin before. It adopted a unique approach by rewarding users for providing data to prove their “personhood,” to use the company’s terminology.

Worldcoin uses futuristic-looking Orbs which scan an individual’s retina to assign them a unique identification. Humanity Protocol takes a reading of a person’s palm instead but it broadly chases the same goal. Both reward users with tokens, which will form the basis of their incentive economies to build out apps and services.

The other main component to get right is data storage.  If decentralized identity platforms do scale to the tens of millions, hundreds of millions or even billions of users, there will potentially be a treasure trove of personal information sitting on-chain for malicious actors to access.

Even with strong encryption, the immutable and transparent nature of the blockchain, coupled with advancements in quantum computing, make on-chain storage a dubious method of securing personal data. Instead, off-chain decentralized storage protocols like IPFS and content-based addressing could allow personal data to be both self-sovereign and more secure.

Early days and limited traction

Worldcoin: 10 million users

Humanity Protocol: 400,000* (waitlisted)

MicroStrategy: Yet to launch

SHIB Identity: Yet to launch

Like many borderless concepts in Web3, decentralized ID has raised concerns with governments. The same way that stablecoins can be a threat to national currency, so a private organization containing biometric details not to mention personal data for large swathes of a country’s population is a concept that should worry governments. Having an entity emerge with such critical information would put governments in the passenger seat not behind the wheel.

Unlike Worldcoin, Humanity Protocol wants to use the palm to identify and verify its users [Via Humanity Protocol]

There’s also uncertainty as to whether these platforms are capable of working together. One of the premises of Web3 is interoperability, in response to the walled gardens that technology companies such as Google and Facebook constructed. Yet it remains unclear how data stored in Worldcoin, for instance, could work with a company that was using a different system to verify and vet users or content. It is early days, no doubt, but this will be crucial to answer.

Governments have, so far, been cautious. Just this month, Hong Kong ordered Worldcoin to halt local operations citing privacy laws. The company was previously suspended for two months in Korea (it has now resumed) while its executives have met officials in Malaysia, Argentina, Kenya and other countries. 

Worldcoin said it will encourage governments to use its service—that seems unthinkable for now. To stand any chance of getting close to the type of adoption they seek, decentralized ID firms will need to triple down on government relations and prove that they can be neutral and reliable platforms. That’s a position that today’s tech giants have failed to reach. So far, many existing players have polarized governments, so we will see how things continue to play out.


News bytes

Ethereum ETFs may soon be approved in the US, despite previous reports to the contrary just two weeks, apparently due to political motivations with the presidential election looming

Elsewhere, the White House wants to revise pieces of the proposed ‘Crypto Bill’ (known as FIT 21) which stands to completely change how digital assets are regulated in the US

Finally, Donald Trump—who has openly courted pro-crypto voters and may be influencing Joe Biden’s approach—is accepting campaign donations via crypto for the first time

MetaMask, Web3’s most popular wallet, is reportedly set to add support for Bitcoin potentially as soon as next month

Decentralized social media project Farcaster raised $150M at a valuation of $1B from investors including Paradigm and a16z—it claims it has seen 350,000 paying users since October


That’s all for this week!

Share your feedback, questions or requests via email to: sowhat@terminal3.io