From the Internet to Blockchain Tracing the History of Trust and Verification

From Internet to Blockchain Tracing Trust and Verification History

Author: JOEL JOHN, SIDDHARTH; Translation: Deep Tide TechFlow

Do you remember July 1993? I wasn’t even born then. Amazon, Google, Facebook, and Twitter didn’t exist either. Just like today’s blockchain, the internet was a slowly emerging phenomenon at that time. The required applications to attract and retain users didn’t exist yet. Due to the high cost of internet service subscriptions, users had to bear significant expenses. It cost $5 per hour to use the internet. This technology was still in its early stages and easily underestimated.

The above cartoon was published at that time, created by a non-technical artist. It is said that he had an expensive internet subscription that was about to expire. That was his background knowledge about the internet. But it captured the state of technology at that time very well, where mechanisms for identity verification and reducing malicious behavior didn’t exist.

• Starting from LayerZero and Google Cloud, should cross-chain rely on oracle or ZK?
• Blockchain Game Expert Expectations for the Remaining Time of 2023
• Meng Yan Reflection on the Blockchain Industry in the Past Decade How to Generate and Spread Trust Without Relying on Authority?

Most emerging networks have a common trend like this. It’s difficult to determine who participated in the early stages. One of Steve Jobs’ earliest adventures was developing a device that allowed individuals to deceive their identities on the telephone network.

The development of the internet requires verifying individuals’ identities because the information highway is only valuable when it can facilitate business. Conducting meaningful transactions requires knowing detailed information about customers.

Shopping on Amazon requires your address. One of the reasons why LianGuaiyLianGuail agreed to be acquired by eBay was the increasing fraud risk of their payment product. Trust became mandatory for the development of the internet. Building trust requires knowing who you are interacting with.

Internet applications collect identity information based on the consequences that may result from your actions. It’s a spectrum. A simple Google search only requires collecting your IP address. Sending emails to 100 people requires your email provider to know your phone number. Making payments through LianGuaiyLianGuail requires handing over a government-issued personal identification document. Regardless of your stance on privacy issues, it’s fair to say that once the identity of the user base is established, applications can expand.

When trust exists in a system, large networks like the internet can develop. The emergence of different forms of identity enhances trust, forming the foundation for a safer and more useful internet over the past decade.

From this perspective, it is easier for us to understand why the information collected every time we interact with the internet is directly proportional to the potential consequences of our actions.

Accessing social networks only requires a person to submit their phone number. However, for verified and widely influential accounts, social networks like Twitter or Meta may require other forms of verification, such as government-issued identification documents. Similarly, banks require information about personal employment and sources of funds due to the possibility of illegal transactions taking place in online accounts.

At the absolute end of this spectrum are marriage (at the individual level) and democracy (at the societal level). Assuming the actors are rational (which is often not the case), people try to gather as much information as possible about their potential life partners before getting married. The identity of voters often goes through multiple rounds of scrutiny because a few thousand fraudulent votes can skew the election results in favor of an unwanted candidate.

Today’s article discussed a simple question: what happens when the identity forms we use for blockchain applications evolve? Much of this industry is built on the spirit of relative anonymity and free access. However, just like the internet, having a more diverse user base is crucial for creating the next generation of applications.

There are two main reasons why on-chain identity becomes necessary:

1. Firstly, market incentives continue to drive individuals to exploit protocols through witch attacks. Restricting access to users associated with applications helps improve the overall unit economics for businesses in the industry.

2. Secondly, as applications become more mainstream, regulations will require service providers to provide additional information about their users.

A simple analogy used here is that the core of blockchain is a ledger. They are globally scaled Excel spreadsheets. Identity products built on top of them are vlookups, which can filter specific wallets as needed.

Internet Identity

All new networks require new identification systems. The emergence of passports was partly due to the construction of railway networks connecting multiple European countries after World War I. Even if we don’t realize it, we interact through basic identification units around us.

Mobile devices connected to cellular devices have an IMEI number. So, if you decide to make a prank call, the device owner can track it by finding the receipt for the device. Moreover, in most regions, some form of identification is required to obtain a SIM card.

On the internet, if you use a static IP address, your detailed information such as your name and address is already associated with your online activities. These are the primary identity elements on the internet.

Single sign-on buttons solve one of the biggest barriers on the internet, providing a mechanism for applications to obtain detailed information about individuals’ identities without needing to fill it out every time. Developers can collect detailed information such as age, email, location, past tweets, and even future activities on X platform with just one click after obtaining consent. It greatly reduces friction in the registration process.

A few years later, Apple released a single sign-on button deeply integrated with its operating system. Users can now share anonymous email addresses without revealing their detailed information to registered products. What do they all have in common? They all desire to learn more about users with as little effort as possible.

The more applications (or social networks) know about users’ backgrounds, the easier it is to target them with personalized identities to market products. The foundation of what we now call surveillance capitalism is the ease with which internet companies today can capture users’ personal information. Unlike Apple or Google, native blockchain identity platforms have not yet achieved scale because they lack the distribution that these giants currently possess.

Anonymity in blockchain is part of the feature set, but we have conducted identity checks at the periphery. Historically, on-chain currency exchanges for fiat currencies (exchanges) required the collection of user information.

Blockchain is the native identity primitive, it is unique because everyone can access detailed user behavior information. However, tools to identify, track or reward users based on their past behaviors only emerged a few quarters ago. Moreover, products that link on-chain identities with real-life documents (such as passports or phone numbers) have not yet been widely adopted.

In the past few years, the primitives we have in our ecosystem for identifying users are wallet addresses, NFTs, and more recently, Soulbound tokens. Their functionality is similar to IMEI numbers or IP addresses on the Internet. With just a click of a button, the same person can connect their wallet to an application. They are akin to email addresses in the early days of the Internet. To some extent, in 2014, about 90% of emails were spam, with one phishing link in every 200 emails.

We have created identity elements using the on-chain behavior of wallet addresses. Degenscore and Nansen are early examples of wallet labeling in practice. Both products examine the historical activities on wallets and assign labels.

On Nansen, you can scan token holders and find out the number of “smart wallets” holding that token, assuming that the higher the number of “smart” holders a product has, the higher its potential for appreciation.

NFTs have become an identity tool due to their scarcity. In 2021, the issuance of some “blue-chip” NFTs was limited to only a few thousand. The total supply limit for Bored Ape NFTs is 10,000. These NFTs have become symbols of identity because they have the ability to verify one of the following:

• A person can obtain “Alpha” as long as they mint it early enough.

• Or they have the capital to buy the NFT on the market after it is minted.

NFTs derive their value from who owns them. Bored Apes were once owned by Steve Aoki, Stephen Curry, Post Malone, Neymar, and French Montana. The challenge with NFTs is that they are inherently static and owned by the community. Since Bored Apes were minted in 2021, individuals could have achieved significant accomplishments, but NFTs cannot display any content to verify that.

Similarly, if a community has a poor reputation, it will also impact the NFT holders. University degrees are similar to NFTs, as both appreciate or depreciate based on the behavior of other parties holding the identity tool.

Vitalik Buterin proposed an alternative solution to this problem in his paper on Soulbound tokens. Unlike NFTs, Soulbound tokens (SBTs) are non-transferable. The key concept is that issuers (such as universities) can publish tokens representing certifications to wallets that cannot be transferred. Other token holders from similar certifying institutions can prove the validity of the SBT.

Therefore, if I say I work at McDonald’s and have been issued an SBT to support that claim, future employers can verify the claim faster than checking my LinkedIn or resume. If I have a group of colleagues who use their SBTs to prove this claim on-chain, I can further strengthen my claim. In this model, my claim is verified by the issuer (McDonald’s) and validated through a network of verifiers (colleagues) who are willing to support the claim with their on-chain identities.

The similarity between tokens and NFTs is that they are both provable states that can be acquired. SBTs are non-transferable, meaning that the wallet that owns them has the certification that can typically be earned. In the example above, McDonald’s certification may not be easily obtained through OpenSea.

But if I have the money, Bored Ape NFTs can be purchased. The interesting thing about SBTs is that they can be mixed and matched to create social graphs. We need to understand LinkedIn’s core value proposition to understand what I mean.

Like all social networks, LinkedIn provides status as a service. People compete through its information to become ideal business people. LinkedIn’s genius lies in creating the social graph of institutions early on. I can claim that I studied at Hogwarts with Harry Potter and Professor Dumbledore on the platform with just a few clicks.

A person’s status on a social network depends on the reputation of the organizations they are associated with and their relative ranking in that place.

In my hypothetical example, the “strength” of my reputation increases as I bind my identity to each new organization. As long as the network of people within these institutions does great things, my reputation will grow.

Why is this important? Because today, there is nothing to stop people from making false claims on LinkedIn. The social graph cannot be verified or proven, to the point that spies from sanctioned nations use it to target researchers.

The wallet network that holds SBTs may be a more decentralized and verifiable social graph. In the example above, Hogwarts or McDonald’s could directly issue my credentials. SBTs eliminate the need for platform intermediaries. Third parties can build custom applications by querying these charts, which increases the value of these credentials.

The promise of Web3 is that an open social graph will allow issuers to establish direct relationships with credential holders. The chart from Arkham above is an intuitive representation of all Bored Ape NFT owners. But if you need to contact all of them, the best option is to export their wallet addresses and send them messages through tools like Blockscan.2.

A more accessible alternative is to browse Bored Apes or their Discord social profiles, but this simply repeats the challenges we initially encountered in identity networks. If you want to scale, distributing anything through these networks requires centralization and permission from the Bored Ape management.

All of this brings us to the core issue of on-chain identity networks. Currently, they have not yet reached the scale necessary to achieve network effects. Therefore, despite having theoretical mechanisms to create open, composable social graphs and verify users through tokens, wallets, and SBTs, there is still no Web3-native social network that can retain users and achieve growth.

The largest “verified” social graph on-chain is WLD. They claim to have over 2 million users, but this is only 0.1% of the user base of traditional Web2 social networks like Facebook. The strength of an identity network depends on the number of participants with verifiable identities.

Here we need to add some subtle differences. When we talk about “identity” online, it’s a mixed bag. If I break it down, it’s:

1. Identification – individually identifying your core primitives. This could be your passport, driver’s license, or university degree. They typically verify parameters such as your age, skills, and location.

2. Reputation – in the context of X, it’s a tangible measure of individual skills or capabilities. It’s related to the quality of a person’s content on social networks and the frequency of audience reactions to it. In a work environment, it’s a graph of entities that pay an individual (or entity) over time. Identity is typically fixed at a given point in time, while reputation can change over time.

3. Social graph – think of it as the interconnections between a person’s identity and reputation. A person’s social graph depends on who they interact with and the frequency of those interactions. Individuals with high reputation (or social ranking) who frequently interact with someone will result in a higher ranking on the social graph.

Like most things, even within the realm of internet identity, there’s a range of applications.

Core primitives

While anonymity is part of the cryptocurrency feature set, we conducted KYC on the periphery of cryptocurrency. Converting on-chain currencies to fiat (exchanges) has always required collecting user information.

Exchanges are the largest on-chain identity graph to date, associated with personal identity credentials. However, it’s unlikely that exchanges like Coinbase will introduce identity-related products, as such actions may bring about conflicts of interest.

The earliest experiment with on-chain identity was BABT by Binance. Specifically, a Binance account bound token is equivalent to a Soul-bound Token (SBT) issued on the Binance Smart Chain. It is provided to users who complete AML/KYC on the exchange. Over the past year, more than 850,000 wallets have claimed BABT, an early attempt to establish a correlation between wallets and real identities on a large scale.

But why go through all this trouble? It helps applications know that users are “real”. By limiting access to users who have provided verified documents (in the form of a passport or other regional documents), products can optimize for reducing arbitrage attacks and minimizing the impact of fake user counts.

In this case, dApps do not have access to users’ verification documents. This functionality is performed by exchanges like Binance, who may use APIs from centralized service providers like Refinitiv. The benefit for dApps is having a subset of verified users who have proven themselves to be human.

Different methods are used to collect and transmit user information to applications depending on the background and available resources. There are several ways to achieve this. It is helpful to have a basic understanding of some terms before delving into these models.

1. Self-Sovereign Identity (SSI)

SSI can be seen as a design philosophy that gives credential owners complete control over their identity proof. In traditional forms of nationally recognized identity, the government or institutions are responsible for issuing and verifying identity.

When a person submits identity proof, such as a license for verification, the government system cannot sever their connection. The core argument of SSI is that individuals should control (i) management, (ii) privacy, and (iii) access to personal identity.

SSI-based identity products can include multiple forms of identity, such as certificates from their university, passports, driver’s licenses, etc. These may also be issued by centralized institutions. The core argument of SSI is that users should control how access to these details is granted.

2. Verifiable Credentials

Verifiable credentials are models for password verification of personal identity. They consist of three core components: issuers, verifiers, and credential holders. The issuer (such as a university) can issue password proofs signed by the organization to the credential holder. These proofs are used to support so-called “claims”.

In this case, a claim can be anything from “X is studying here” to “Y has been working with us for five years”. Multiple claims can be combined to form a person’s graph. In the case of verified credentials, no documents (such as passports or certificates) are passed, only the issuer’s password signature is passed to verify identity. You can see a real-time version of such a model here.

3. Decentralized Identifiers (DID)

Decentralized identifiers (DID) are the structural equivalents of your phone number or email address. They can be seen as your identity wallet address. When you use platforms that require age or geographical location verification, providing a DID can help the application verify that you meet the parameters required to use the product.

Instead of manually uploading a passport to Binance, for example, you can provide a DID. Binance’s compliance team can verify the location of the proof held by the DID and register you as a user.

You may have multiple DIDs, each with independent identity proofs, as you have separate wallet addresses today. Tools like Dock allow users to store identity proofs and directly verify access rights from mobile applications. In this sense, users of blockchain-native applications are already accustomed to the process of signing transactions and verifying the authenticity of identity requests. Another approach. Another approach to managing isolated forms of identity across wallets is ERC-6551.

Zero-knowledge proofs (ZKP) allow users to prove qualifications without revealing details. Every time I apply for a UK visa, for example, I have to provide all my bank transaction records from the previous quarter. The lack of privacy in foreign visa administrators handling my bank transactions has not been widely discussed, but it is one of the only ways to obtain a visa.

It is a requirement to prove that you have enough funds for travel and return home. In the ZKP model, visa officers can query whether a person’s bank balance exceeds a specific threshold within a specific period of time without viewing all of their bank transactions.

This may seem a bit far-fetched, but the primitives to perform this operation exist here and now. The pre-alpha version of zkLianGuaiss was launched in July this year, allowing users to provide anonymous personal data (and verification files) to third parties through a Chrome extension.

Evolving Infrastructure and Use Cases

I could talk all day about the Web3 identity-related application ecosystem. Over the past few years, many developers have received millions of dollars in venture capital. However, we are not here to draw a market map of identity solutions; I want to focus on what the evolution of these identity primitives means for today’s internet. A blog post by Dani Grant and Nick Grossman on the USV blog in 2018 provides a great reference for the next stage.

According to their account, breakthrough applications first require better infrastructure. This leads to a moment where the infrastructure layer must be improved to support scalable applications. Then, new generations of applications are built on this revised infrastructure layer, and the cycle continues until mature markets exist, such as blockchain and NFTs. In 2017, the Ethereum network was completely congested and stalled due to the popularity of CryptoKitties.

By 2021, the high prices of NFTs rationalized the spending on NFT transfers. By 2023, you can send millions of NFTs on Solana for less than $100, which partly explains why OpenSea has integrated Solana into its product for years.

Historically, developers had no incentive to identify their users. If they forced users to provide documents, they would reduce their market size. Regulations have prompted many developers to implement user identification to some extent.

Recently, the Celestia token TIA banned access for US citizens in its airdrop. Another reason for identifying users is to check for speculative behavior by airdrop participants. In both cases, emerging networks need primitives to prove who is becoming a participant.

One widely adopted primitive in this regard is DegenScore. The product analyzes users’ historical data to assign them a score. Then, on-chain launched applications can enable wallet access based on the user’s score. This strategy restricts people from creating hundreds of wallets and attacking new products for airdrops.

The product is not an identity verification tool as it does not check whether you possess government-issued documents. However, it provides developers with a mechanism to verify whether users should access their products based on their historical behavior patterns.

One of the products that combines off-chain identity with on-chain wallet addresses is Gitcoin LianGuaissport. Each time people associate some form of identity proof with their wallet address, the product will allocate a “seal”. Seals can be obtained by linking Facebook accounts, LinkedIn, or Civic IDs. Gitcoin’s server will send a verified credential to a person’s wallet address. Therefore, this product uses Ethereum proof-of-service to bring these seals online.

What is the purpose of all this? In the case of Gitcoin, it is mainly used for donations. Given that the product conforms to donations for public goods, verifying the actual users becomes crucial. In addition to Gitcoin, use cases for such products include DAOs. Typically, a person can distribute their tokens to thousands of wallets and vote in favor of decisions that benefit them. In this case, verifying the identity of the wallet becomes crucial, whether through past on-chain behavior or through connections to real-world identities. This is where the Gitcoin passport comes in.

Naturally, a person will not maintain a single identity in all applications. It is normal to have multiple wallets when using the same product. Consider the number of wallets you may use on Uniswap. Users also tend to switch wallets based on the nature of the application.

Separate wallets for gaming, media consumption, and transactions are not uncommon. ArcX Analytics combines browser data (similar to Google Analytics) with interaction data from smart contracts on the blockchain to help identify users. They mainly target developers who want to understand user behavior patterns.

Tools for handling multiple identities are also developing in sync. ReDefined allows users to resolve their email addresses to a wallet they own. Their API allows developers to create custom resolvers, which means you can have products where users’ phone numbers are resolved to wallet addresses.

Why is this important? It makes building remittance applications similar to Venmo simple. Users can upload their contact lists (just like on WhatsApp), and products like ReDeFined can map all phone numbers to on-chain addresses.

As I write this article, I have resolved my email address to a wallet address. The data about which email belongs to which wallet address is not stored on ReDeFined’s server. They cannot change this resolution data (the data that matches email to wallet address) if I don’t log in with my wallet address. This resolution data is stored on IPFS.

You can associate wallet addresses from different chains such as Bitcoin, Solana, or Polygon on ReDeFined. The product will check which assets the user is sending and route the assets to the corresponding on-chain wallet.

However, what if you want to identify and rank users in a protocol similar to Lens? Ranking algorithms based on user behavior have already emerged in Web3-native social networks. In the late 1990s, Google became a giant by studying the relative rankings between web pages.

It is called LianGuaigeRank, which provides reputation scores for websites based on the frequency of their mentions on other websites. Twenty years later, as web pages gradually become composable (through Web3-native social networks), we encountered the same dilemma with wallet addresses. How do you verify a user’s “value” on one social network using their activity on another network? Karma3 solves this problem.

It helps applications (and users) figure out how to rank community members in DAOs or see which previous works of an artist have been abandoned. Since the core identity unit (wallet address) is used across multiple protocols, Karma3’s product helps rank wallets. Therefore, a user on the Lens protocol may not need to start from scratch when writing on Mirror.xyz.

Portability of reputation has never existed on the internet. You can have 100k followers on Twitter, but when you start on Instagram, you have to start from scratch. This discourages major creators from transitioning to new social networks. This also partially explains why Web3-native social networks have not achieved scalability despite relevance and demand. The discovery engine is broken, and the incentive to switch to alternative solutions does not exist.

In the model of using Karma3’s product, new social networks do not have to start from scratch when ranking users relative to each other, solving the cold start problem of attracting high-quality creators. Does this mean we will see a large number of customized social networks emerge? It is possible.

So far, we have only discussed personal reputation, especially the reputation of individuals active on the blockchain. But what if you could create composable metadata for companies and query and display that data in different outlets? This has already happened in a native way in Web2. As early as 2008, Crunchbase extracted company information from LinkedIn.

The problem is that in this example, there is nothing to prevent Crunchbase from falsifying the data they present on third-party outlets. You can “trust” the system because, in this hypothetical model, outlets like Crunchbase have the incentive to pass on accurate information. However, the corporate entity does not control these outlets.

This is particularly important in the context of Web3 because traders often make decisions based on the details they find on platforms like Messari, CoinGecko, or CoinMarketCap. Grid is creating a network for companies to create verifiable credentials. In their model, companies can upload detailed information such as investors, team members, fundraising, and identities to a sufficiently decentralized network using their private keys.

Third-party data platforms like VCData.site can query information from Grid and display it to users. The advantage of such a system is that companies do not have to update their detailed information on multiple platforms. Whenever a startup company updates its detailed information using verifiable credentials, it will be reflected on all platforms that query its data.

Third-party validators (such as community members) will have an incentive to challenge fraudulent claims in such a network. This is still theoretical and speculative, but the ability to uniformly update all information related to a company across all platforms that mention it is powerful.

But what applications can be enabled by such a reputation primitive? A fairly simple example is real-world asset (RWA) lending.

The above process shows what this could look like in practice. Grameen Bank is the main bank of the emerging world cooperative. Part of the reason is the social reputation of individual default loans. Cooperatives composed of women who collaborate with small and medium-sized enterprises directly obtain loans from the bank and maintain a revolving credit limit that grows based on repayment frequency.

In the 1980s, when digital identities were not yet common, providing credit to non-bank users without collateral was revolutionary. In the 2020s, with the digital primitives we have, this model can evolve.

As shown in the figure above, cooperatives can provide data to underwriters running as DAOs. This data primarily involves their banking details, business transactions of small and medium-sized enterprises, and similar data points from Web2-native products. Tools like zkLianGuaiss mentioned earlier can anonymize and provide data to underwriters, who can then assess the creditworthiness of cooperatives and pass on risk scores to the market.

The market can obtain liquidity from fintech applications or institutional investors who want to earn returns on idle assets. This can work in two ways:

1. A fintech company can directly provide loans to cooperatives that have credit ratings from external underwriters.

2. An aggregator (or marketplace) can obtain liquidity from third-party fintech companies or institutional investors and provide loans based on credit ratings provided by underwriters.

In both cases, cryptographic primitives can be used to ensure the privacy of data provided by borrowers. A DAO consisting of multiple underwriters can facilitate loans faster than traditional entities if multiple people compete to assess risk. Finally, it can be assumed that leveraging the blockchain rails of global markets can bring better interest rates to borrowers. Our friend Qiro has been trying such a model.

While the flow of funds may vary, the “core” difference lies in how underwriting is done and how that rating is passed on to the market. Cooperatives seeking loans only need to provide detailed information once and have the right to protect their personal banking details from unauthorized access by third parties.

Of course, this is not an encrypted product. It is a fintech primitive that uses blockchain technology. The boundaries between the two have not historically blurred due to regulatory restrictions and lack of identification on the Internet. As the development of primitives we use to track and identify users evolves, the nature of applications that can be built on-chain will increase exponentially in complexity and adoption.

Two clear cases where this boundary has already blurred are: first, LianGuaiyLianGuail integrating stablecoins in its products; second, Remittance Gram launching a native wallet in its products. As the next billion users come on-chain, we still don’t fully know what kinds of fintech applications can be built.

Unable to Do Evil

I am from the state of Kerala in India. According to local legends, when the British colonizers arrived, they did not know the way through the mountain paths. Therefore, they bribed the local tribal members with gifts. Once they learned the route, the tribal members were often killed.

What does this story have to do with introducing decentralized blogs? I believe that the discovery of new routes often accompanies commercial activities, followed by varying degrees of violence. Violence is often used to ensure faster and safer business operations (eliminating competitors). When the Internet emerged, the “violence” we saw was not physical, but rather the subtle invasion of our thoughts and private space through surveillance capitalism. Ordinary users do not know how we transmit data through Internet giants.

Will they all turn to Web3 native identity primitives? No. But I believe that with the efficiency provided by blockchain in terms of speed, cost, and transparency, we can offer high-quality products. As Web3 native products such as zkLianGuaiss and Soul Bound Token make identification faster, the ecosystem may expand. Users will eventually realize that there is an alternative model in which they can choose not to provide personal information to strangers on the Internet.

Many of us do not have a strong opinion on decentralization. Some of us use Bitcoin and see how it can quickly send funds across the globe. The journey of the subsequent hundreds of millions of users may also be the same when it comes to identity and data primitives. If the products we build are fundamentally better, they will turn to Web3 native alternatives that give users control over their data.

What excites me is that the essence of consumer-facing applications may come from the next wave of “identified” users. There is still a long way to go before we map out the user community on the blockchain. But the primitives that help facilitate the transformation are here and now. Technology enables users to no longer suffer from violence and invasion.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!