This week’s story: New in Decentralized Identity: on Soulbound tokens and Web5

Weekly stories are first featured in our Newsletter. Subscribe here to receive it directly in your mailbox every Monday.

Our public identity is a set of features, achievements and online history, which are stored across different organizations, be it a passport issuing authority, a hospital or Facebook server. We have a little (=no) say in how this data is being handled, which opens the door to a number of dangers: from sensitive data leaks (like the one following last year’s hack of the Dutch healthcare system) to unauthorized use of the data (still remember Facebook-Cambridge Analytica scandal?).

Another inconvenience of third-party data handling is a lack of autonomous authenticity verification: a diligent employer would have to enquire the candidate’s university to check if they really graduated, and Twitter would have to conduct a manual background check on an influencer’s account to grant it a “verified” badge. Such validation demands time and effort, which makes it exceptional, which in turn leads to fraud. This is particularly visible in the crypto and NFT space, with an impressive number of scammers pretending to be someone else and successfully defrauding thousands of people looking for easy money.

To address these problems, the concept of decentralized Identity (DID) has been in the works for quite some time already. Microsoft’s ION is one of the oldest, and it is about to be implemented in Jack Dorsey’s newly announced vision of Web5, while in the Ethereum world the notion of Soulbond tokens is starting to gain attention.

Microsoft’s ION

Launched in March’21, ION is a self-sovereign DID tool enabling users to be the only ones to own their credentials. It is designed to act as a key unlocking access to users’ applications without them actually entering their emails or whatever other data that may be required. By storing their (encrypted) credentials on Bitcoin network instead of an application’s server, ION users avert the risk of data leaks, mismanagement, and also some more trivial situations of being locked out of one’s own email.

Technically ION is a layer-2 network built on the Bitcoin blockchain. It is fully deterministic, meaning that it does not require any validators or additional consensus.

Soulbond tokens on Ethereum

Last month Ethereum creator Vitalik Buterin published a White paper entitled “Decentralized Society: Finding Web3’s Soul”, in which he, together with two co-authors, outlined the concept of Soulbound tokens (SBT).

This new type of token will act as a non-transferrable badge certifying that its owner has acquired a skill, completed a job, earned a reward… basically any endorsement that can be proved by the endorsing party (a university, a company etc).

Vitalik’s version of a DID also includes a retrieval mechanism for those who got their wallets hacked or forgot the keys. Called “social recovery”, it enables users to appoint several people or organizations as “guardians” with the power to access and change private keys should the wallet get compromised.

Web5 on Bitcoin

Jack Dorsey, ex-Twitter CEO now concentrating on developing Block and its many Bitcoin-related endeavours, has a different vision of a decentralized identity and its role.

This Friday Block’s subsidiary called TBD announced it was building a new decentralized Web dubbed Web5. It is different from the widely used Web3 notion in a sense that web services such as social networks or payment apps are not expected to become decentralized (TBD argues that this format could never become efficient). Instead, it is the users’ identity and all their online data that migrate to the so-called Decentralized Web Node, a data storage and transmission mechanism built on Bitcoin, to help decentralize the most important thing in the web – the user data.

The main idea is for traditional Web2 services to become compatible with Web3 identity management tools, allowing users to control their data. To make this happen, TBD is now busy with creating a self-sovereign identity service and the related software development kit, as well as the Decentralized Web Node that will host user’s information.

As to the decentralized identity itself, TBD will leverage the already existing one – Microsoft’s ION.

DID dangers

Chinese social credit score system is continuing to capture the imagination of many people all over the globe, making them re-read George Orwell and worry that the world might take a dystopian turn. And we believe these worries are well-founded.

With a DID storing our personal data and online activity, society can get easily divided into “good” and “bad” people, with all the perverse consequences such division could entail (if you haven’t yet watched the “Nosedive” episode of the famous Black Mirror series, now is the time).

To mitigate this risk, ION, Soulbound tokens and Web5 foresee mechanisms allowing users to grant/revoke access to their data as they see fit.

Another risk is for users to lose the keys to their DID, and for the moment only the Soulbond tokens have a defined recovery mechanism. However, the problem is real, and Microsoft is working on “evaluating options and designing approaches to recovery”.

DID is a concept with many benefits that can potentially change our relations with society and all the organizations it is made of. However, it should really be taken very seriously, for software bugs in a DID could lead to very unfortunate consequences.