The Dilemma of Unconditional Trust: Centralized Factors in Identity Management in Web3
Author: Karim Halabi
Compiled by: Deep Tide TechFlow
Why can our real-world identities be trusted unconditionally? While Web3 promises "trustlessness" and "decentralization," this may be more of a difficult dream to achieve rather than a real possibility. This is because there are many centralized factors, the most significant of which is the management of our identities in real life. Currently, we cannot use them in crypto networks in a truly trustless manner.
This article will elaborate on this viewpoint and highlight some potential solutions.
Let’s imagine the open metaverse as an amusement park. We use tokens to access the fun and thrilling rides in the park and issue new tokens when creating new rides. The creation and consumption of value are permissionless, and the rides—if built properly—will not be destroyed by anyone, allowing our interactions within the amusement park to be independent of trust.
Some rides may cost more than the tokens we currently have, so we can perform tasks we excel at (like making and selling cotton candy), create enough cotton candy tokens ($CFT, which anyone can do), and exchange them for the tokens needed for the rides we desire.
Currently, anyone can access any ride and their counterparties, whether it’s the ride operator or the ride itself, without caring who you are or what you are. You could be a person or a trading bot.
The problem is that many rides will soon need to know which players are human and which are bots. This may be to optimize the user experience for specific players, but more likely it is a regulatory and compliance obligation.
This is not a terrible thing—linking our off-chain identities to our public addresses is not a bad thing and can bring many benefits—however, we must be vigilant about how this connection is established.
The Metaverse and Our Identities
DeFi users today enjoy using a completely permissionless and anonymous parallel financial system, but this requires accepting a cryptocurrency onboarding tutorial. This onboarding process often includes purchasing cryptocurrency on centralized exchanges. For this, one must go through strict KYC and AML screening and connect their designated bank account. A centralized gateway to the decentralized world.
As Moxie pointed out, true decentralization is still a vision. Many of the middleware and backends we rely on are maintained by centralized entities. Our dependence on Infura, Alchemy, and AWS is proof of this.
However, due to projects like Ocean Protocol and DIA, the metaverse is gradually becoming more decentralized, but access points remain as centralized as ever and may continue to do so. However, the biggest centralized factor does not come from CEX and other fiat-to-crypto gateways, but from our digital identities.
First, let’s distinguish between two types of digital identities:
Natively generated on-chain identities;
Off-chain identities.
An example of a natively generated on-chain identity might be our public address—it provides value (by acting as a node in an IoT network or lending its computing chip for distributed computing) and is rewarded in the form of tokens. These tokens accumulate to its public address: its identity in this network.
Inside a machine are chips and wires—important technical components that allow it to interact with other devices that also have chips and wires. When things already have the capability to interact in a blockchain network, it becomes easier to create the associated digital identity. However, humans do not have anything like chips and wires that enable us to natively interact in a blockchain network—at least not yet. This is why we first have off-chain identities.
These are typically represented by government-issued IDs, our physical home addresses, or any type of biometric information. Since these are not crypto-native, they must be brought on-chain. Here, it is important to focus on how to verify this information and bring it to the blockchain.
When it comes to bringing this information and identifiers on-chain, doing so in a trustless manner is very difficult. Public networks (like Bitcoin) are trustless because anyone can verify anything by looking at the chain; all operations and interactions are publicly recorded and permanently stored in blocks.
Off-chain objects or events are harder to audit correctly. For example, to prove trustlessly that a person's eyes are a certain color, every network participant must have the ability and freedom to see you, verify in person, and collectively agree that your eyes are blue.
This is why we rely on trusted central parties, such as government agencies, as the formal source of truth.
How do we know this person can drive? Because an agency has tested them and issued a driver's license.
How do we know this license means they can drive? Because we trust that agency.
Why must we trust them? Because they were involved in the driving test.
Ultimately, these trusted entities are crucial—they enable human society itself to develop, expand, and interact, with an increasing number of entities working towards ever-greater goals.
For these reasons, centralized entities will always exist to link our off-chain identities with our on-chain identities.
As long as some aspect of the physical world must be verified to be used in the open metaverse, it must go through a central party. Therefore, at the intersection of these two realms, the assumption of trust will always exist. They can minimize trust, but they will never be truly trustless.
Why Does This Matter?
"He who can destroy a thing, controls a thing."
------Paul Atreides
When a central entity verifies some form of identity, like a driver's license, they are also maintaining its integrity. If the driver's license is revoked for any reason, the next time I am stopped and my credentials are checked against a verified identity list, they will be marked as invalid.
If these identities are prerequisites for participating in certain networks, then the person maintaining your identity's integrity will have complete control over all aspects of your life related to those networks. Ultimately, this is a question of censorship resistance and ideology, whether we believe central powers should retain the right to maintain our digital identities.
The way the metaverse itself operates may be decentralized, but if the gateways are tightly controlled, is it truly decentralized?
Even if we can use zk proofs to protect our privacy (allowing us to prove certain things without revealing any personal information), if an official entity decides to revoke my driver's license, it will still show as invalid.
In the near future, verified forms of identity issued by central entities may be prerequisites for interacting with many protocols. This could lead to a split where we have a permissioned metaverse and metafinance, alongside what we know today as DeFi, which might be referred to as "DarkFi" or some other similar name.
Reiterating the importance and implications of this—verifying our identities under the control of central powers will lead to a digital world that is even more strictly controlled and permissioned than the world we know today.
An Optimistic Outlook for the Future
While the scenarios outlined above may be quite dystopian, not everything is pessimistic. In fact, there are multiple ways to enter the amusement park. Going through the main gate and security check is one option. Of course, a simpler option might provide us with a better user experience and favorable conditions, such as under-collateralized loans, but it remains an option.
Using our on-chain history can create a decentralized, anonymous identity. Have you used a certain protocol before? Have you been liquidated? Do you have a specific POAP or NFT?
Natively generated on-chain identifiers can provide us with a universal identity that we fully control. People can compare this type of identity with centrally verified types, viewing it as the difference between Bitcoin and CBDC.
Projects like BrightID and Union are building solutions that empower us as digital citizens to create and own identities that are not only digitized and usable in the open metaverse but also more sovereign.
BrightID employs a clever approach, leveraging real-world human verification and collective validation of our existence—this helps distinguish humans from bots and allows us to create an identity whose integrity does not rely on a single party, but rather on a network.
As more aspects of our lives move on-chain, the issue of decentralized identity management will become increasingly important. Public blockchains may serve as the foundation for a digital sovereignty utopia, but they could also lead to a digital dystopia. We have a responsibility to vote with our actions; to choose networks that align with our ideals and help realize the future we want to live in.