The world wide web was originally designed to be transparent, inclusive, and open to all. However, as technology progressed, the original vision was largely abandoned, leading to an overly centralized online ecosystem.
Web 2.0, the version of the internet that we are currently living and most familiar with, has several drawbacks that we rarely discuss. Most of these problems stem from the fact that most Web 2.0 relies on digital identifiers.
But what are these “digital identifiers,” and why do they matter?
In the simplest terms, digital identifiers are used by third-party service providers to validate a user’s identity. These are primarily managed by big tech companies like Facebook, Google, Amazon, network operators, email service providers, and other online platforms that allow users to access the world wide web.
A common example of digital identifiers is the OAuth2 option, which almost everyone uses. You are asked to register whenever you wish to access a new platform, such as an eCommerce store or a social media app. To make registration easy for users, many platforms employ OAuth2 – the feature that allows users to register through their existing Google or social media accounts directly.
The Data Privacy Woes Surrounding Web2-Based Identifiers
On one end, Web 2.0-based features like OAuth2 have certainly made life easier for the end-users. But, at the same time, our dependency on these centralized platforms has led to significant data privacy issues.
Why so?
The data harvested by these centralized platforms are usually stored in centralized servers, making it a straightforward target for hackers. Since users don’t have any control over their data stored in these servers, data can be readily misused, often without the user’s consent. In recent years, there have been thousands of instances where hackers have leaked tons of personal identifiable information (PII), leading to crimes like identity theft, funds siphoning, targeted ransomware attacks, and much more.
Although several attempts to overcome this problem have been attempted, no solution exists in the Web 2.0 realm to date. That said, the situation is poised for a drastic change. By harnessing the power of blockchain, several promising solutions are offering a new feature called decentralized identifiers (DIDs) designed to restore complete control of data to users while maintaining high-level data privacy and security.
Redefining Data Boundaries With Decentralized Identifiers
New solutions that enable anyone to prove their identity online without relying on centralized organizations are already disrupting the Web2 approach. These efforts have given birth to the idea of ‘decentralized identity’ or DID, a disruptive approach to identity and access management (IAM).
The most valuable objective of decentralized identities is establishing global standards that allow all internet users to effectively control which online applications and services can access their personal information. Moreover, it will also help limit the amount of PII shared with apps and services.
Per the World Wide Web Consortium (W3C), “A Decentralized Identifier (DID) is a new type of identifier that is globally unique, resolvable with high availability, and cryptographically verifiable. DIDs are typically associated with cryptographic material, such as public keys, and service endpoints, for establishing secure communication channels. DIDs are useful for any application that benefits from self-administered, cryptographically verifiable identifiers such as personal identifiers, organizational identifiers, and identifiers for Internet of Things scenarios.”
To clarify, DIDs exchange information on a peer-to-peer (P2P) basis. No centralized intermediaries store personal data or facilitate the exchange of data. Since the exchange happens directly between the sender and the receiver, DIDs are far more secure than existing identifiers.
The best part about DIDs is that there is no limit to the amount. Different identifiers can be deployed for various applications and services, reducing the likelihood of snooping on personal information. On top of it, DID users can control the extent of the data shared or restrict access as and when needed.
Imagine a scenario where a certain application asks to verify age. For Web2-powered identifiers, users must share all relevant and requested information. But with a DID, users simply prove age without even revealing a birth date.
One such blockchain-based platform spearheading the mainstream use of DIDs is KILT Protocol. Developed by BOTLabs GmbH, KILT is a fully decentralized, open-source protocol that allows users to represent and prove their online identities without revealing any personal information they wish to remain private.
The KILT team recently launched its flagship solution called SocialKYC, a decentralized identity verification service that allows users to manage, store, and share specific personal information for accessing online services themselves. While the service currently works with Twitter and email, the KILT team is expanding its use across other prominent social media platforms like Twitch, Discord, Github, TikTok, LinkedIn, and others.
With Web 3.0 just around the corner, DIDs will play a key role in ensuring that users (and entities) are no longer subject to the whims and fancies of centralized intermediaries. DIDs are poised to change the way we have been using the internet so far, finally giving us back complete control over our personal data.