Why our real-life identities cannot be used trustlessly
Although the digital frontier of web3 makes grand promises of ‘trustlessness’ and ‘decentralization’, this could be argued to be more of an elusive dream than a real possibility. Many vectors of centralisation exist, and chief among them is the management of our real-life identities. Currently, we cannot use them in crypto networks in a truly trustless manner.
In this article, we will extrapolate upon this claim, as well as highlight some of the potential solutions.
Let us imagine the open metaverse as a theme park; it is intriguing, exciting, and limitless. We access the park’s delights and thrills with tokens, and issue new ones when we create a new ride. The creation and consumption of value are both permissionless, and the rides – if built correctly – cannot be sabotaged by anyone, making our interactions within the theme park non reliant on trust.
Some rides may cost more tokens than we currently have, so we can perform a task we happen to be really good at (e.g. making and selling candy floss), make enough candy floss tokens ($CFT, anyone?), and swap them for ride tokens which we can then use to experience the ride we have been yearning for. You get the metaphor.
Currently, anybody can access any ride and their counterparty, whether they be the ride operators or the ride itself, do not care who or what you are – you could be a person, a trading bot, or even a menacing smart toaster.
The thing is, many rides will soon need to know which riders are human and which are toasters. This could be to optimize UX for specific riders, but will more likely be a regulatory and compliance obligation.
This is not something to be afraid of – linking our off-chain, AFK (away-from-keyboard) identities to our public addresses is not a bad thing and can bring many benefits – what we must be wary of however is how this link is made.
The metaverse and our identity
DeFi users today enjoy using a completely permissionless and pseudonymous parallel financial system, but only after onboarding to crypto. This onboarding process usually entails purchasing crypto on a CEX. To do so, one must pass stringent KYC and AML screens and connect their named bank account. A centralised gateway to a decentralised world.
As Moxie kindly pointed out, true decentralization is currently an aspiration. Much of the middleware and backend we rely on are maintained by central parties. Our reliance on Infura, Alchemy, and AWS are testament to this.
The metaverse is slowly becoming more decentralised however, thanks to projects such as Ocean Protocol and DIA, but the access points remain as centralised as ever, and will likely remain so. The biggest vector of centralisation however will not be from CEXs and other fiat to crypto onramps, but from our digital identities.
Let us first differentiate between two types of digital identity:
- A natively generated on-chain identity
- An off-chain identity
An example of a natively generated on-chain identity could be the public address of our smart toaster – it provides value (by acting as a node in an IoT network or by lending out its clever toaster computing chips for distributed computing) and earns value in return in the form of tokens. These are accrued to its public address: its identity within this network.
The toaster has chips and wires within it – important bits of technology that let it interact with other devices that also have chips and wires within them. When things already have the capacity to interact in a blockchain network thanks to things that it is, a digital identity linked to it is more easily created. Humans on the other hand do not have things within us (chips and wires) that allow us to natively interact in a blockchain network – not yet anyway. This is why first and foremost, we have off-chain identities.
These are usually represented with a government-issued ID, our physical home address, or any kind of biometric information. Since these are not crypto-native, they must be brought on-chain. Here, it is important to focus on how this information is validated, and brought onto a blockchain.
When it comes to bringing this kind of information and identifiers on-chain, it is extremely difficult to do so in a trustless manner. The reason public networks such as Bitcoin are trustless is because anyone can verify anything by looking at the chain where all actions and interactions are public record; ossified and stored forever in blocks.
Off-chain objects or events are much more difficult to audit properly due to our unwavering respect for the laws of physics. For example, to prove trustlessly that one’s eyes are a certain colour, every network participant must have the ability and the freedom to come see you for themselves to verify and collectively agree that your eyes are in fact a dreamy blue.
This is why we rely on trusted central parties, such as governmental institutions, to act as formal sources of truth.
- How do we know this person can drive a car? Because an institution has tested them, deemed them fit to drive, and issued them a license.
- How do we know this license signifies that they can drive? Because we trust that institution.
- Why do we have to trust them? Because the whole world is not going to attend your driving test (Phew!).
Ultimately, these trusted entities are vital – they have enabled human society itself to grow, scale, and interact in greater and greater numbers to achieve greater and greater things.
For these reasons, central bodies will always exist to bridge our off-chain identities with our on-chain ones.
As long as an aspect of the physical world must be verified for use in the open metaverse, a central party must be used. Thus, at the intersection between these two worlds, an assumption of trust will always exist. They may be made trust-minimized, however they will never be truly trustless.
Why is this important?
“He who can destroy a thing, can control a thing”– Paul Atreides
When a central authority validates some form of identity, like a driving license, they are maintaining its integrity as well. If a driving license is revoked for whatever reason, next time I am pulled over and my credentials checked against the list of verified identities, they will be flagged as invalid.
If and when these identities are prerequisites to participate in certain networks, whoever maintains the integrity of your identity has full power over all aspects of your life that are related to these networks. Ultimately, it is a question of convenience, censorship-resistance, and ideology whether we think that central powers should retain the rights to maintain our digital identity.
The way the metaverse itself operates may be decentralized, but is it truly so if the gate is tightly controlled?
Even if we can use zk-proofs to protect our privacy (allowing us to prove something with a cryptographic proof without revealing any personal information), the proof is showing whether something is so, or whether it is not. Therefore, if an official body decides to rescind my license, although it will not give up my home address and my mother’s maiden name when checked, it will still show up as invalid.
In the near future, a verified form of identity issued by a central entity will likely be a prerequisite to interact with many protocols. This will probably lead to a schism wherein we will have a permissioned metaverse and metafi, and defi as we know it today, which will likely be dubbed ‘DarkFi’ or something equally ominous.
To reiterate the importance and implications of this – validation of our identities at the hand of a central power will lead to a digital world with even tighter controls and permissions than the one we know today.
An optimistic look ahead
Although the scenario outlined above can be seen as quite dystopian, it is not all doom and gloom. The reality is that there is more than one way into the theme park. Going through the main door and security is an option. Sure, an easier option that will probably grant us a much improved UX and favorable conditions, such as undercollateralized loans, but an option nonetheless.
A decentralized, pseudonymous identity can be created using our on-chain history. Have you used a certain protocol before? Were you liquidated? Do you have a specific POAP or NFT?.
Natively generated on-chain identifiers can grant us a universal identity which we retain full control of. One can think of this type of identity in contrast to the type verified by a central party as the difference between Bitcoin and a CBDC.
Much is being done, and projects such as BrightID and Union are building solutions that empower us digital netizens to create and own an identity that is not only digital and usable in the open metaverse, but is also more sovereign.
BrightID take an ingenious approach of using other humans at physical meetups to verify and co-validate our existence – this helps differentiate between humans and bots and allows us to create an identity that is not dependent on one party for its integrity, rather on a network.
As more and more aspects of our lives creep on-chain, the issue of decentralized identity management will become increasingly relevant. Public blockchains may be the foundation of a utopia in digital sovereignty, but they might also lead to a digital dystopia where we live and die by the keyboard stroke of an operator in a dark room. It is our responsibility to vote with our actions; to opt into networks that align with our ideals and that help realize the kind of future we want to live in.
About Outlier Ventures
Outlier Ventures has been backing Web 3 founders since 2014 and is the world’s leading Open Metaverse accelerator program, and was one of the first VC firms dedicated to investing in the emerging crypto ecosystem. Their portfolio includes notable projects across DeFi, NFTs and blockchain infrastructure with a focus on emergent Open Metaverse use cases such as NFT-based play-to-earn games, augmented reality and more. Outlier Ventures portfolio can be found here.
Both Base Camp and Ascent are constantly looking for founders accelerating the open Metaverse thesis by launching token networks. We provide a proven framework for growth while weaving together a global network of over 1,000 of the world’s leading Web 3 founders, protocols, and VCs to form an ecosystem of mentorship and investment.