How individuals have their identities represented on the Internet has not always been as it is today, and neither is it definitively set already. This article aims to provide a perspective on the evolution of digital identities by looking at their past, present, and future, with an emphasis on the latest concepts and solutions. 

The early days – Web 1.0 

The first iteration of the Internet is known today as Web1. Although there is no strict time for this era, it can be put roughly between the years 1991 and 2004. Web1 consisted mainly of static pages and there were far more consumers than creators, making the internet primarily read-only. In such an environment, digital identification was quite primitive and usually came in form of simple user accounts. Individuals would provide basic personal info as well as authentication credentials (username/email and password) and in return be granted access to a resource, like forum posts.

Although sufficient for the time being, this approach had multiple weaknesses. One of them was the necessity to create a separate identity in the scope of each service. This made it difficult to maintain consistency of identification data, as any changes needed to be applied by the user in multiple places (provided that the site allowed it in the first place). The ease of authentication between sites was also impacted because users needed to either keep track of multiple passwords or resort to unsafe practices like sharing the same password for multiple accounts. 

Current mainstream – Web 2.0 

As the Internet started getting more interactive, driven by the factors like the development of AJAX and JavaScript frameworks, the current iteration of the web started to establish itself – Web2. One of the major features distinguishing it from the previous iteration is the shift in the role of a user – from a consumer to both consumer and creator. This was highlighted by the creation and rapid adoption of services focused on user-generated content, like YouTube, and social media platforms. Increased engagement of users in building the web called for improved identity mechanisms as well.

As more and more platforms required authentication, maintaining control over multiple identities became increasingly difficult. On top of that, individuals building entire brands around their presence on the web and maintaining a consistent identity over multiple platforms became increasingly beneficial. A solution to the aforementioned problems came in form of social identity connections, allowing sites to authenticate users by using their already existing identities from other, usually well-known and trusted services. 

Web2 weak points

Although convenient, the identity mechanisms of Web2 come with some drawbacks, which are becoming increasingly noticeable as the awareness of Internet users grows. One of the downsides revolves around the topic of ownership. When creating an account representing the digital identity, an individual entrusts their data to the service, which may then process the information, according to specific laws and the terms of service. Though it may not seem like it, the user does not actually own their identity but rather is provided access to it through the site. The service, on the other hand, has full control over the data, which may include rights to CRUD (create, read, update, delete) operations as well as sharing the information with third parties. There is also a persisting issue of the strong binding between identity and service. Even though it is possible to reuse an existing identity across multiple sites in Web2, the initial creation of an identity needs to be intermediated by a specific service. 

The incoming (r)evolution – Web 3.0 

These issues are addressed by the concept of digital identities present in Web3. This proposal for the future iteration of the Internet consists of multiple novel concepts, for example:

• DLT
  
• blockchain
  
• smart contracts

The approach towards identification changes significantly in Web3.

Central authority disappears

One of the most notable alterations is the disappearance of a central authority, responsible for managing identities. The most basic form of identity on a decentralized blockchain network is a public address. It can be easily generated by the user themselves, along with a corresponding private key. Possession of the key is equivalent to owning the identity and allows for interacting with the network. Since it should never be shared with any party, no one but the user has control over their identity. This is a novelty because, as opposed to Web2, it allows for creating a truly sovereign identification with no ties to any service and lets the owner connect it to desired sites. 

Social Web3 projects

Naturally being identified by just a cryptographic address may not be sufficient for many applications. In response to this, today there are multiple social Web3 projects, allowing for enhancing a digital identity by binding additional information to a wallet (storage for private keys). Though this process involves third parties, they are represented by auditable smart contracts on the network, so the user maintains full control and ownership over their identity. An example of such a project is Civic. It allows users to build their identities by uploading information about them, ranging from selfies to document scans, like citizen IDs or passports.

This data is securely stored on the IPFS (InterPlanetary File System, a distributed storage) and a blockchain network. The information is then utilized by dApps (distributed applications, autonomous programs running on a decentralized network), with which the user interacts, for identification purposes. The dApp may specify what type of data needs to be available within the identity and what kind of verification the user needs to go through (like a bot detection routine or an AML check). In this regard, Civic works like an enhanced version of the social sign-in, with the most notable exception being that the users remain in full control and ownership of their data. 

Web3 weak points

One issue with identities and authentication in Web3 is related to the user experience. Most people are familiar with the traditional flow of creating and interacting with an account. In this new Internet iteration, however, things tend to look different. Let’s look at managing an identity through a popular crypto wallet – Metamask. Even though the process of creating a new account is well documented, it looks nothing like what a typical user might be used to. There are no traditional email and password fields to be filled and instead, the user is introduced to initially confusing concepts like recovery phrases. This may not be a problem for a Web3 veteran, but for a traditional Internet user, it may seem complicated.

Web2Auth solution

Fortunately, there are solutions aiming at lowering the entry threshold for the unfamiliar by abstracting many of the technical nuances and replacing them with familiar elements. One such solution is Web3Auth. It implements Shamir’s Secret Sharing algorithm to divide the private key associated with the identity into shards, which are then distributed among the user and the service provider. The user receives the majority of the shards, which are tied to possessed entities (device, private input) and allow for reconstructing the key, while the provider stores the remaining shard. Thanks to such an approach, users can sign in through a process looking just like multi-factor authentication, while still maintaining a sovereign identity. It is also possible to recover the account in case one shard in the user’s possession gets lost, thanks to the piece stored by the service. 

Conclusion

Regardless of whether or not Web3 will replace its predecessor or smoothly merge into it, the possibilities it brings to the topic of digital identities have a serious potential for resolving various issues that today’s Internet is facing. With the amount of work being constantly put into refining existing solutions and creating new ones, Web3 seems to be on track to provide much-needed privacy, ownership, and accessibility to the digital identities of today.