Centralized vs. decentralized digital identity. Why is the latter better?
The path a user takes when signing up to popular social media platforms includes giving out personal information to create a digital identity that allows user to be present within the platform, interact with other users, see personalized content and ads, and create those of their own. The personal information given out in signing up process creates an identity that allows the user to return for the account. The platform also tracks additional data from their movements, strengthening the user’s digital identity. For example, information including name, email address, phone number and gender is collected in the beginning for user to create an account on Instagram. As the user is active on Instagram, it gathers more information; user preferences, behavior patterns, past purchases, search history and even something as simple as what time the app is usually opened in the morning. The user now has a strong digital identity on Instagram, but the entity that governs that identity is not the user, but the platform.
Data breaches are more common than one thinks
This is called centralized user identity, where an entity like Meta or Google, collects personal information. Data collected from the user is stored in complex data centers, that are physically and digitally secured. The user has limited control over their own data. Therefore, trust between the entity, like a technology company or government agency and the user, is necessary. The risk with centralized digital identity, however, are data breaches. The digital age and the use of artificial intelligence increase the risk of an entity’s databases getting compromised. In August 2023, an edtech company Duolingo suffered a data breach with 2.6 million users’ names, email addresses and phone numbers leaking to third-party. Duolingo is only one of many who invest in data security but were not able to avoid breaches. Furthermore, cybersecurity professionals often say that companies’ databases are compromised way more often than the public is let known.
Decentralized digital identity does not have this issue.
Zero points of failure
When user identity is built on blockchain technology, it is bullet-proof for breaches. Decentralized digital identity, also known as DID, is like an unbreakable cage. Inside the cage are the user and their personal information, like name, address, and social security number. However, the only one able to open the cage is the user itself. Blockchain technology consists of nodes, that all hold a copy of the cage. Whenever an interaction needs to be made, for example to verify the user when signing into a bank, the user can open the cage slightly to give out the needed information. The nodes are aware of the action and record it on the blockchain.
How to identify in the web3?
There are different types of decentralized identity solutions. Non-custodial crypto wallets, like the one accessed in Binance, are used to verify transactions with DID. Soul-bound tokens are NFT’s that cannot be sold or transferred from peer to peer. They can be used to create and verify a digital identity as they are unique and individual. Another way to identify is proof of humanity. Companies like Worldcoin have solutions that allow people to create an ID to prove that one is a person. World ID, for example, collects biometric data from user’s iris to create a secure digital identity that can be used across web3.
Transparency of the blockchain ensures that a user has control over their identity data. If a breach attempt would happen, it is recorded and traceable. The decentralization also allows users to choose which information to give out and manage it later – When previously the collecting entity, like Google, had the choice. The decentralization of identity verification is more secure, user-centric and its transparency ensures that one’s personal information is not compromised!