Web 3.0 comes after a long period of declining trust in the current era of the web. Web 2.0 is largely characterised by data and trust being centralised in a number of large organisations, each of which can – and often have – become a point of failure through which personal data can be leaked and privacy can be compromised.
Web 3.0 means to replace those large institutions’ gatekeeping role with technological solutions. Web 3.0 is envisioned as a decentralised system in which digital trust is established through cryptographic methods and consensus mechanisms. A key part of this is an approach to identity in which users manage their own identities and select which portions of their personal data they’ll share and which they’ll withhold. Make no mistake – Identity will be a lynchpin of digital trust on the Web 3.0.
Digital Identity from Web 1.0 to 2.0
Web 1.0 was defined by static content, encyclopaedia-like web pages provided by hosts and organisations through which users had next-to-no interaction. As such, identity, trust and communications security were not really considered major issues.
This gave way to the fundamentally interactive character of Web 2.0. This age of the internet was defined by the rise of social networks, online communities and as a result, user interaction became the driving force. Users could suddenly create accounts, directly interact with websites and post their own content. This thrust identity into a new position of importance both for users and the websites they were interacting with.
Users needed to trust that the websites that they were using were legitimate and not phishing websites. Digital certificates provided a way to assign websites and other digital entities with secure cryptographic identities and the HTTPS protocol was developed to authenticate the identities of websites and encrypt the communications between them and users.
As Web 2.0 became a reality, organisations required users to hand over large amounts of personal data. This has been a defining problem of Web 2.0, that data – particularly user data – is significantly centralised within a number of third-party institutions. Unfortunately, these are often huge points of failure in which the data of countless individuals is commonly compromised. The Equifax breach of 2017 saw hackers use a known exploit on the credit-ratings’ giant to gain access to the sensitive personal data of 140 million people. It’s examples like these that have diminished the trust that internet users invest in handing over personal data to these large institutions.
Web 3.0
That growing sense of distrust has given rise to calls to return the control of personal data and identities to users and attendant technological developments have provided a path forward. In Web 3.0, identities won’t be centralised within organisations but among distributed technologies and digital trust will be established through cryptographic methods and consensus mechanisms.
If you liked this content…
The blockchain, for example, will be a key foundation of that trust. As a distributed ledger technology, it will record each transaction as a block which can then be added to a chain of blocks. This forms an immutable record of those transactions and if anyone were to tamper with that data – all other users would be alerted. The kind of transparency and security that blockchains provide will be a key provider of trust in Web 3.0.
Identity in Web 3.0 will be based on these distributed ledger technologies and offer a strikingly different approach to digital identity – instead of handing over their identities wholesale, users will keep their own identity and offer individual attributes that the services that the user is interacting with requires.
A simple analogy can be found in everyday ‘real-world’ interaction. When we want to buy alcohol, we’re often asked for identification to prove that we are over the legal age. When we hand that over – the vendor can see a range of personal identity attributes that aren’t necessary to the transaction. We currently do the same thing whenever we interact with an online service, exposing superfluous data and risking our personal privacy.
Digital identity under Web 3.0 will allow individual attribute attestation where users will be able to put forward only the individual attributes that interaction with a given service requires.
In Web 3.0 – individual identities will be distributed between different entities and technologies. A user identity will be created and validated by a provider – such as DigiCert – and when that user goes to open an account with Google, those services will then request access to a portion of the data. If that user grants permission, they will share that attribute with the requesting entity. Those will then be recorded within a distributed ledger. When Google needs to check that a given user has provided the correct information, they need only look in the ledger to see that their digital identity has been validated.
The provision of secure, digitally trusted identities will be critical to Web 3.0. Attempts to bring this about are already underway in projects like the European Digital Identity Wallet – an EU-driven scheme – which intends to provide European citizens with digital identities which can be used to interact securely with both government services and private businesses. Solutions like these – which have legal backing and authenticity ensured by state bodies – are crucial to provide trust to this new decentralised model.
