By KERMAN KOHLI
Compiled by: TechFlow
We are currently in the trough of the cryptocurrency market, which can be said to have been hit hard by the bear market. Everyone is asking where the actual application scenarios and value of these technology products we are developing are. Many people have made seemingly good points, but there is no clear reason to explain why these products have advantages over ordinary Web2 applications. I have been thinking about this question for a while, and based on personal experience and judgment, I am cautiously optimistic about some of the views. This article is not a discussion of ideology, but focuses on practical issues such as technology and standards. Before we dive in, let's take a look at how the existing Internet works.
Web2, Data Producers, and Identity Authentication
When you sign up for a service on the internet, the service provider doesn’t actually know your true identity because all your information can be faked. Your IP address, browser cookies, device fingerprints, etc. are just approximate identifiers that can be faked. Everything can be faked.
This has led to the creation of authentication standards that rely primarily on:
email address;
password;
2FA (two-factor authentication) solution.
Whenever you use some services on the Internet, the service provider needs a persistent and secure identity to bind your data. More importantly, it needs to provide a way for "you" to verify "your own" identity.
Each database creates a different identifier for you. Facebook, Twitter, Instagram create a unique identifier for you in their databases.
When you use OAuth to log into other services, they can reference that identifier, but they will still create a new row in their own database to identify you. The OAuth provider may share certain data points with external developers, but these are usually very limited. It is then up to the specific developer to tie any information generated in their application to the newly created user identifier in their database.
You may have noticed that "you" is represented repeatedly in every service you use. This is not because Web2 is malicious, but it is the only logical thing to do given the limitations of current hardware. However, as the decades of the Internet have passed, this has brought about larger problems:
1. All your identity and reputation data is confined to the specific ecosystem you signed up for. Your Twitter followers remain Twitter's data and you cannot export them.
2. Any information created on the Internet is linked to your identity within the service. Google Reviews can only display information that Google has about you.
3. Every new service you sign up for requires you to re-establish trust and credibility within that ecosystem, despite what you’ve done in the past.
This is our environment today:
Our personal data is the only thing that identifies us;
Yet our information remains fragmented.
We are starting to see this become a bigger and bigger problem as the veracity and credibility of all information on the internet must be increasingly scrutinized. Whenever I read an article with a strong opinion, I usually:
Find out who the author is;
tracking their Twitter and any other sources I could find about them;
Find references to this article on other websites;
Make an overall judgement about the author’s biases and opposing viewpoints.
However, I know I am in the minority here. Most people will accept the information provided without questioning the identity of the producers of that data (data here is defined as any information in the form of articles, tweets, videos, etc.).
The key problem we collectively have is that we have no clear way to definitively identify ourselves online. Every time you visit a website, receive a message from someone, or receive an email, there is a chance you are talking to the wrong person because we identify people by their unique screen names. This has started to create major problems, and we can’t even identify ourselves in online communications.
I might be "XXX.eth" on the chain, "XXX" on Telegram, and "xxx" on another platform. However, if someone sends you a message as "xxx" on Telegram, you might think it's me. Without public key authentication, trust on the Internet is a mess.
The lack of stronger, persistent digital identities over time is a common problem facing humanity.
Cryptography, Crypto Timestamp
Part 1: Cryptography
This may sound strange, but hear me out. They are two different, yet similar-sounding concepts.
Identity cryptography essentially involves multiplying two large prime numbers together to generate a new, larger number. While this sounds simple, the complexity lies in the fact that these prime numbers are essentially impossible to guess, making them virtually impossible to crack. When you use a private key for authentication, your hardware uses unique information to establish its identity. This approach represents a key shift in managing identity: large numbers that are known to the identity owner and are also recognized by a universal standard by the recipient.
In contrast to this approach, traditional web infrastructure requires us to re-establish identity for each new service we use, resulting in a different ID for each database we join.
Part 2: Crypto
So how does blockchain come into play? The second tricky part of this puzzle is, how do you verify when that information was broadcast? If you just sign a message with today’s date, how do you know you have the correct date? Maybe you delegate responsibility for the time to another party, but what if they are compromised? You end up with recursive logic.
Blockchains are innovative in the sense that they are databases of information that record expiration dates. They don't have the concept of time that humans rely on, they rely on block numbers to determine when something happened. I don't think we really realize how groundbreaking this is. You don't send a transaction with a field that says "this is the time this transaction happened." You just submit a transaction to the network, and when a miner mines it, it gets included in a block, and then a timestamp is assigned to it.
Think about it, what system exists where you give it information and it tells you when that information actually happened. We always expect that when we say something or communicate something online, that’s when it “happens.” Not in crypto. When we want to communicate something on-chain, we just say what we want to communicate and the blockchain tells us when it happened.
To recap:
Cryptography creates a shared authentication standard that we can all agree on;
Crypto, powered by blockchain, creates a shared standard of time that we can all agree upon.
Why is identity important?
In all of our frenzy over wealth, we forget that blockchain represents two key fundamental innovations. This also means that we can start changing the world by introducing one innovation and slowly adding the second innovation when it makes sense. You don’t need to apply both at the same time to have an impact.
By 2023, the world will need stronger identity standards as AI emerges. Information is fundamental to our society, but when trust and verification of information go downhill, we end up in some dangerous places.
Sending stablecoins and playing casino games are fun, but cryptocurrency can address greater good and solve bigger problems facing society today. Since cryptocurrency is built on the cornerstone of cryptography, it has a much larger ecosystem than anywhere else in cryptographic standards. You can already see cryptography becoming the gold standard with Apple’s adoption of PassKeys and the rise of one-time passwords to enable 2FA authentication.
In Web2, cryptography is a second-class citizen.
In Web3, cryptography is a first-class citizen.
OK, now that we’re all on the same page, let’s talk about cryptocurrency and identity. I’ve been deeply involved in this issue over the years, and I think I’ve figured out some key links that weren’t obvious before. The biggest use case for cryptocurrency isn’t “decentralized identity” or some high-minded ideal, it’s about:
“Own your own data and profit from it”
“Uploading passports on blockchain for better KYC”
“Tie your Twitter, Facebook, and Ethereum addresses together to create a new identity.”
These concepts are so far from reality, they are just empty narratives without creating products that help real users. This narrative is mainly used to secure huge financing from investors without adding value to the end consumer. In order to clarify these misconceptions, it is important that we use better language to describe what we are talking about. I think people draw the wrong conclusion when they even say something like “on-chain identity” because it means you have to operate on-chain. This is also not true.
The way forward
Permissionless Identity: “Portable, Persistent, Cryptographically Backed Identity”
They are what we know today as public keys. It doesn’t matter whether the data is on-chain or off-chain. The point is that you are identified/authenticated on digital services by your public key. All information is bound to your public key, allowing interoperability.
However, here’s why they have a clear advantage over any other Web2 system we have today:
Build in one environment, use in another. All your activity and data in one ecosystem is accessible in a completely unrelated ecosystem.
Permanence. Once private keys are derived, they are permanent. You cannot delete private keys or data on the chain.
Can be used on-chain or off-chain. Your identity is a combination of all the places you authenticate as a public key, on-chain or off-chain. Innovation is the key, not the blockchain.
Ability to create new identities (or fragments) at the click of a button next to existing identities. Unlike web2, where all identities are ultimately tied to your passport (phone number, internet service provider). Permissionless identities do not require permission to be created or fragmented.
Anyone with an internet connection and access to the right hardware can use it. There is no "issuing" authority that generates identities. As long as you have the right infrastructure to protect your identity, you can create one. And because of its borderless nature, what you can do with this identity is also limitless.
in conclusion
Permissionless identity fundamentally enables a whole new class of applications that are 10x better than what you see on the existing web. A world where one app improves the experience of every other app. You’re seeing the beginnings of a flywheel effect that I see developing like this:
As similar crypto-consumer applications emerge, they will all naturally rely on permissionless identity as a natural authentication standard.
These apps will be able to start sensing the context of your past behavior and actions in other apps.
The ability to “import” environments from the past and elsewhere can create a better user experience.
Users are demanding that more applications support public key-based authentication in order to log in and use applications.
As the number of applications supporting public key authentication increases, the more utility users gain from their permissionless identities.
I bet that the main use case for crypto has already arrived: permissionless identity-based applications. The sooner we realize this, the faster we can move forward to create applications that people actually need.
