An Examination of Identity Usecases in Web3
Is identity another narrative driving buzzword or the next great frontier in Web3? In this article we will be examining some of the usecases for Identity in DeFi and Beyond.
Identity, as our very being, is at the foundation of everything we do in our lives. Every transaction and interaction begins with identity. But what is identity? Is it a driver’s license or an ENS domain? Is it a birth certificate or a social media page? Or perhaps it is a subjective sense of self-perception? The truth is it is none of these things. Although all of these things are derived from identity.
Identity is the aggregation of all the bits of physical data about a person that make them uniquely identifiable. Face, hair, eyes, voice, fingerprint, movement habits, etc. It is from this unique aggregation of physical data that we are able to derive forms of identification such as passports and licenses, and other personable associations such as ENS domains and online profiles.
Now that we understand what identity is; how does it fit into the world of Web3 and DeFi, where users participate with simple, generated, public-private key pair wallets?
Restricted Smart Contracts
As a developer, my personal favorite usecase for identity in our industry is, what I am calling for lack of a better name, (Identity) Restricted Smart Contracts. By this expression I mean a smart contract with certain functions that can only be called by specific, unique individuals. Or even multiple people who share a specific, unique, identity-based trait or datatype associated with their identity, such as age or location.
This proposition is one of immense value, and honestly, is the basis for the majority of other identity-based usecases we will be discussing. It is difficult to see a future where smart contracts are the dominant form of digital agreement without it.
Governments may deploy contracts that can only be interacted with by citizens of their jurisdiction. Parents may deploy contracts only their children can withdraw from, perhaps after a certain age or some merit-based conditions have been met. Companies may only want a certain rank of employee authorising transactions. Maybe I would just like to deploy a contract that only I can use, but not have to preserve a particular private key to do so. And so on.
Fairdrops and Rewards
The notion of “Fairdrops” is relatively new and somewhat self-explanatory. We’ve all seen it, time and time again: participants gaming airdrops and similar systems by using multiple wallets to claim a bigger share for themselves, to the detriment of other potential participants. The Arbitrum airdrop was notorious for participants “farming” eligible wallets to gain as many free tokens as possible. The Chainlink staking pool was proudly filled up by whales splitting their stacks into multiple wallets. Popular NFT collections have gone as far as limiting whitelist sign ups per IP address — a futile effort when so many free VPNs are widely available.
Some people may disagree with the morality of such situations, citing similar arguments to those surrounding MEV. I am neither passionately for nor against. I simply see the potential value for systems that cannot be gamed by whales or the more determined that implement a robust and deduplicated, sybil resistant identity solution. Would your average, non-technical community member rather participate in a system where they have an equal chance of equal portioned rewards as everyone else? Or would they rather participate in one where they don’t?
Proof of Humanity and the Verifiable Web (AI protection)
As the capabilities of AI continue to progress at the rates they are doing so, a digital identity that provides Proof of Humanity for the Verifiable Web becomes an increasing necessity. Generative AI, deepfakes and vocal replication technology are going to make it easier than ever to impersonate others and create entirely new personas. Couple this prospect with advanced LLMs that generate realistic personalities that interact with each other. Without the proper guardrails Proof of Humanity will provide to the Verifiable Web, it will be impossible to distinguish between fact and fiction.
The Verifiable Web, by the way, will be the side of the Web3 internet anchored by on-chain recorded consensus in an abundance of unverifiable content produced by AI.
The bot problem on Web2 social media platforms has been a hot topic in recent years. Proof of Humanity will solve that. There will likely be tiered accounts on social media in the future — those that are verified human beings, and those that are not.
How can we know that the entity we are interacting with on the internet is a live human being? If Dead Internet Theory is just a theory for now (it’s not), it won’t be long before it is a reality. The majority of my followers on X are bots. I can intuitively spot them… for now.
Also eventually AI will become so advanced that biometric DNA verification will be required for participating in the Verifiable/Verified Web.
Metaverse
The Metaverse was a popular buzzword towards the end of the last bullrun, but that doesn’t mean its prevalence has completely subsided. The application of identity in virtual and augmented environments ties in largely with what has already been discussed in regards to Proof of Humanity and Identity Restricted Contracts. We will need Proof of Humanity because we will see AI walking around and participating in the Metaverse, and we will need identity based restricted sections for professional environments and NSFW content.
Gaming
Gaming in Web3 and even Web2 can benefit from sybil resistant, Proof of Humanity/identity for the same reasons as the Metaverse. I used to play Team Fortress 2 until bots made the game unplayable — players would enter the game and get killed instantly. The right identity solution would fix that and other broken online multiplayer games where resource farming is dominated by bots. Even if a centralized entity like Blizzard would rather keep the revenue from bot accounts than implement a system that enabled fairer gameplay, players would eventually migrate to the on-chain alternatives that do.
Auctions
On-chain Auctions will benefit from sybil resistant identity much the same as Fairdrops. When participants in auctions are unable to pose as multiple users, they will not be able to manipulate prices by bidding against themselves to artificially increase the value of items. The application of identity in this context will lead to truer values.
Voting
Voting is a huge usecase both in Web3 ecosystems and traditional systems that will benefit from integrating the correct blockchain identity protocols. It’s no secret that in DAOs it is often the participants with the most money (explicitly, as opposed to behind the scenes in traditional systems) dictating the results of votes. This is because many DAOs implement proportional voting to the amount of tokens held by a user. At least they roughly do; in many cases incentivising whales to split their stacks between multiple wallets to gain multiple votes — not too dissimilar from what we have seen with Airdrops. Deduplicated, sybil resistant identity will ensure a single individual cannot cast multiple votes.
It’s not hard to see how this can benefit traditional voting systems. Without getting into the semantics of how political candidates represent the same interests regardless of their team color, the agreement of which team received more votes in an election is a contentious subject. It is also one that could be instantly solved by implementing the verifiable one vote per person model made possible by Web3 identity.
DAOs/Communities
Having discussed voting it seems only natural to look at the wider application of identity in DAOs and communities. Identity based DAOs will function as a specific subset of Identity Restricted Contracts for communities. I’ve seen many female focused DAOs which, without a robust identity solution integrated, possess no way to use the very cryptographic guarantees the community is founded on to ensure that only eligible (female only in this case, if such a DAO wished) candidates could participate.
Aside from immutable communities founded on the sex of members, it is extremely plausible that we will one day see organisations such as the ADL or BLM using Web3 based identity protocols to airdrops reparations to members of their respective, represented races.
Ratings and Reputation
Reputation tied to an identity could open up new avenues to DeFi users who previously were required to front capital. For instance; serving as an alternative to depositing collateral in DeFi protocols such as Aave. There will likely be various forms of Identity-tied Reputation based on on-chain participation, credit ratings, work history, endorsements etc.
The deduplicated identity benefits for Reputation don’t just stop at the individual. Ratings and reviews for services and larger entities will be truer without bots manipulating opinion.
Regulatory Compliance
Finally, we have come to the elephant in the room. Many in Web3 ignore it. Some outright deny it. Few prepare for it. But as sure as water is wet, DeFi will be regulated. And identity will play a part in that. The regulatory compliant side of identity is such a significant usecase; I will be breaking it down into further subcategories, starting with the current narrative on everybody’s lips.
Real World Assets
Everybody is excited about the tokenization of Real World Assets coming to our industry, but how many have really considered the (legal) requirements for RWAs beyond surface level hypotheticals about Proof of Reserve? Let’s first look at what a RWA is: any asset that exists off-chain. Simple enough, but let’s consider two of the more popular instantiations of RWAs: stocks and real estate.
When was the last time you, or someone you know, traded a stock without revealing personally identifiable information to the broker or bank? What about the last time you, or someone you know, bought, sold or rented a property without revealing personal information about yourself, your income etc. to the estate agents and relevant parties? I won’t belabour it, but my point is this: it is impossible to engage in these activities without adhering to the necessary legal requirements. Tokenized RWAs will be no different. I’m sorry to break it to you, but without identity, you will never be able to trade your 420XXXDogButtPooCoin for tokenized AAPL stock. And good luck tokenizing or trading RWAs that aren’t backed 1:1 by a licensed custodian.
KYC/AML
Which brings me on to our next subcategory. Know-Your-Customer (KYC) and Anti-Money-Laundering (AML) laws have existed in traditional financial sectors since before DeFi came to be. These measures are enforced on centralised exchanges, and to the surprise of some defiant purists, will soon be enforced on DEXes too. DEXes and other DeFi protocols will have to comply with these laws or get shut down. The EU’s Markets in Crypto Assets Regulation was voted into law earlier this year. It will go into full force towards the end of 2024. We saw what happened with Tornado Cash; the devs got arrested and addresses that had interacted with the protocol were blacklisted. The same will happen to Uniswap, Curve, Aave and everyone else if they don’t comply.
Sanctions
KYC extends to sanctions. Governments don’t want to finance terrorists or countries they, or their allies, are at war with. According to Coindesk; North Korea has been using Monero since at least 2017. Governments may not be able to track Monero (they will likely blacklist associated wallets before long), but they will enforce sanctions imposed on an entity like North Korea through all of the other trackable Web3 assets — again, this goes back to KYC on Uniswap and friends.
Institutional Interoperability
Private banks have been developing their own private bank chains. These private bank chains will communicate with each other using CCIP and will need identity data associated with transactions.
Bonus Usecase
As a final, bonus usecase; deduplicated, sybil resistant, self-sovereign identities will make identity fraud and false identities a thing of the past.
Conclusion
From what we have examined in this article it is apparent that identity is not just a major component of Web3. It is a key component. It is of the utmost imperative that identity is done right in DeFi and Web3.
For an identity solution to be viable with most of the pressing, applicable usecases; it must integrate zero-knowledge proofs to protect the privacy of users. Furthermore the user data must be owned and controlled by the user themself. It must be appropriately stored; i.e. encrypted and distributed, not in a centralized database.
The foundation for the viable digital identity must start with the identity itself. It should not use a Google account, a bank account, an ENS domain, a driver’s license etc. as the foundation because, quite simply put, those things are not identity. Those things, as we already established, are derived from identity.
The user must verify their identity every time they access the solution, not just once upon sign up, because otherwise the solution is not sybil resistant — users will be able to exchange their “identities” with each other.
The solution must also allow for anonymous and pseudonymous participation. As a participant in the wider Web3 ecosystem, I should be able to prove (through ZKP) that I meet the appropriate regulatory requirements without revealing any other information about myself.
The question is; what identity solution can facilitate all of these usecases, whilst maintaining the highest standards of privacy, and putting the end user in full control of their own identity?