Identity in Web 3.0: A Case for Tokenizing Personal Information

Ownership of personal information is going to be at the crux of Web 3.0. (Image taken from IBM.)

When we look at emerging areas for Web3, the primary vision has been to enable people to operate in a decentralized, quasi-anonymous manner. The merits to this approach facilitate improved efficiency for trade, more control over social networking at a personal level, and creating unique and ubiquitous virtual spaces to facilitate meetings and social gatherings. At the heart of this push for decentralization is having greater control over an individual’s own digital identity. In a decentralized world, the responsibility for managing personal information rests on the individual, not any central authorities, which sparks the question for many people apathetic on this subject: why should I care about this?

What is Web 3.0?

For those of you who may not know, Web 3.0 or Web3, refers to a new type of internet that not only accurately interprets what you input, but actually understands what you are trying to convey as well as uses public/private keys to keep your personal information searchable or unsearchable based on parameters you specify.

This new internet operates very similarly as it does today to the end-user; however, the backend will operate using decentralized protocols — the founding principles for blockchain and cryptocurrencies like Bitcoin — as well as automate transactions using smart contracts and facilitate peer-to-peer microtransactions. These transactions could be monetary in nature, or even be used for information or social networking as a way of enabling users to control their social networks and who they meet in a decentralized virtual economy.

Some key features for Web 3.0 are: ubiquity, semantics, AI, and 3D graphics — effectively building a centralized internet that functions as a proto-metaverse.

Problems with How Personal Information is Handled Today

The main question for many people unfamiliar with how personal information is stored today is why they should care about where their personal information is kept? With this question in mind, there are a lot of problems with the current framework for the storage of personal information:

1. Every agency or entity you work with has an individual copy of some personally identifiable information stored on their networks, or even worse, on 3rd party platforms. Whenever you enter a doctor’s office, they may ask to see your insurance ID number, your credit card/bank statements, as well as a real ID card or social security number if you are in the United States. The problem is that you, as the customer, lack visibility into how this information is stored or used, and who they may be sharing this information with.
2. Many of these agencies use unsecure methods of data storage for your information. A classic example in healthcare can be seen in the 2019 AMCA data breach which affected 5 million patients in the United States. These patients had their usernames, passwords, payment information, and insurance information exposed online with little recourse other than to better secure their accounts with new passwords and second-factor forms of authentication. Other examples may actually be more insidious such as information given to schools and colleges. In the United States and many developed nations, it is required by law to share with education institutions your immunization records, as well as provide home addresses, emails, phone numbers, etc. which can all be used by hackers for nefarious purposes such as phishing schemes and impersonations. Many of these databases are maintained by a skeleton IT labor force and may sometimes utilize third party platforms for database management. Think of the last time you went to a restaurant and paid by credit card. They could be using a third party to process payments such as Stripe or Square, so your payment information is exposed to multiple parties in those instances.
3. Current internet infrastructure provides very little privacy for social networking. Digital privacy is non-existent given how platforms like Facebook and Google store browser cookies and track user behavior on their platforms in order to provide better recommendations for search results, ads, news, videos, friends, and groups to join. But outside of social networking, even websites and apps sponsored by governments also track sentiment and user actions on platforms in order to better understand usage and monitor a citizen’s activities. Even if you are not a citizen of said country, if you visit their website, they can still track your IP address and the access point you used to enter their website or app. All-in-all, under a Web 2.0 framework, privacy is nonexistent.

Fundamentally, your information is not safe in status quo, and the sad part is that there is very little you can do about it other than vetting the websites asking for this information and possibly adding a secondary factor for authentication whenever you log in from a new device.

How can Blockchain Tokenization help?

Transitioning to a self-sovereign framework for Web 3.0 means that we need to embrace the notion of blockchain tokenization of our digital identities. With the use of blockchain decentralization protocols, we become the originators for all information related to our date of birth, address, email and phone contact info., bank statements, social security numbers, and more; if there are any changes to this information, we can make updates to our individual identity tokens and there will be a transaction history for the update. In this ecosystem we provide people with two key principles which solves for many of the problems that in the status quo:

1. Privacy by default — all digital information related to you and your online groups remains private to third parties and the public unless you decide to release this information and give a part of your token to other stakeholders such as doctors, insurance companies, real estate firms, etc.
2. Individual responsibility and autonomy — in this model, you are responsible for all your personal information and how much you wish to share. It is important to note that many services may require you to provide certain types of information such as your insurance ID for health services, and they may have the right to provide different cost rates for service based on the amount of your personal token you are willing to make public, but the important measure if that you have the right to choose what you want to make public. It is also important to note other caveats such as personally identifiable information about family members may still need to remain private unless they provide explicit permissions, but this can be easily solved with smart contracts.

Tokenization of personal information may seem theoretical on the surface, but as we move into a decentralized era for the internet, building trust into valuable commodities — in this case, personal data — will be the new currency for how we build services for the future.