Talk to any three blockchain entrepreneurs, and at least one of them will pitch a way for internet users to own their own data.
Recent privacy debacles at Yahoo, Equifax and Facebook have driven home the realization that anyone with a smartphone is walking, talking, searching, eating, posting, browsing fodder for advertisers, machine learning algorithms and thieves. And users neither control this data nor receive any compensation for giving it up.
Yet, blockchain fever – entering the mainstream at the same time as this data sobriety – appears to provide an antidote, and a rash of decentralized applications has appeared to help users monetize their data.
Using cryptographic technology such as public-private key pairs, such projects aim to let users of digital services control the data they produce, many times offering a marketplace where users can do things like selling their Yelp bookmarks to an advertiser for a few bucks’ worth of cryptocurrency.
But the team at uPort, an ethereum-based identity protocol, is going after a bigger prize.
Rather than ask, “How can I get paid for my data?” uPort aims to answer, “Who am I in the digital age?”
For Reuven Heck, co-founder and project lead at uPort, this isn’t the kind of problem that can be answered with just another app. Because the internet wasn’t built with an identity layer embedded, Heck said, tweaking the top of the internet – the application layer – just isn’t cutting it.
Rather, the internet needs to be rebuilt at a deeper level, and according to Heck, uPort aims to do just that:
“We believe we now have technology that allows us to build this as a horizontal layer across the internet … without being owned and controlled from an individual company.”
That ambition has led uPort – among the oldest projects under the umbrella of ethereum startup and incubator ConsenSys – to be regarded as one of the most exciting blockchain-based approaches to rationalizing users’ scattered, insecure digital identities.
The internet of identity
It’s notable that uPort has managed to attract a significant amount of interest despite not being focused on the end users.
According to Danny Zuckerman, uPort’s head of strategy and operations, the project emerged from persistent calls across the ethereum developer community for an identity system – preferably a decentralized one, given ethereum’s fundamental mission.
With that background, uPort decided the best approach was to give developers with a way to delegate the task of storing user-specific data on the blockchain by, Heck said, “integrating a few lines of code into your application.”
And yet, it’s not necessarily safe to assume that uPort will only be buried in decentralized applications’ innards, hidden from end users.
“There will be a lot of different ways that users interact,” said Zuckerman, because “it’s really this identity layer for the internet, and there’s not one way you interact with the internet.”
To explain what was meant by an identity layer for the internet, Zuckerman began with the “top-down mechanism” of the analog world, in which the government defines an individual’s identity in a limited number of ways: a passport number, a national identification number, a Social Security number, a driver’s license number. The specifics depend on the jurisdiction, but most people have one or two primary, officially sanctioned identifiers.
The web, by contrast, is a free-for-all.
“With the internet there started to be all kinds of other identity systems, typical username and password – basically anything where you identify who you are and create an account – and so there was this proliferation of many, many identities,” Zuckerman said. “And that started having user data captured in lots of different places, not under their control.”
And for many blockchain enthusiasts, that just doesn’t make sense. On the one hand, these multiple identities are challenging for everyone to juggle (without being subject to security slip-ups). On the other hand, allowing a single, centralized party take over digital identity is not ideal either.
Rather, uPort’s idea is to put users in charge of holding and, if they choose, sharing the data associated with their identity, using the same cryptographic protocols that allow them to control cryptocurrency without the need for a third party. And this goal is frequently called “self-sovereign identity.”
A crowded space
UPort is far from the only project working towards the goal of self-sovereign identity using blockchain technology.
The Sovrin Foundation is one of the most prominent examples of uPort’s competition.
The foundation is behind Project Indy, a set of identity tools launched last year by the Hyperledger consortium. In contrast to public, permissionless uPort, Indy is a hybrid: anyone can view the ledger, but writing to it requires permission. Also in contrast to uPort, Project Indy is planning an ICO.
Civic, which plans to fully roll out its identity platform later this year on RSK, a layer-two bitcoin smart contracts platform, recently raised $30 million in an ICO.
Microsoft and Accenture have unveiled an identity prototype that uses a private, permissioned version of ethereum.
Meanwhile, developers on the public ethereum network are working on a standard for tokenized identity. Called ERC-725, the standard is being spearheaded by Fabian Vogelsteller, the creator of the ERC-20 standard that powered a boom in the crowdsale of crypto tokens.
Finally, the team at Digital Bazaar – which has been working with the World Wide Web Consortium, a standards body – has launched an experimental “testnet” version of a blockchain-based identity solution called Veres One. Like uPort, it is public, permissionless and lacks a token of its own. Unlike ethereum-based uPort, however, it is a freestanding blockchain.
The risk of having all of these divergent, competing standards for blockchain-based identity is that they will recreate the current system: fragmented and siloed.
But most of these projects’ teams, including uPort’s, are aware of the risk and working with different standards bodies to try and build an interoperable system. UPort, for instance, joined the Decentralized Identity Foundation – which includes big names like Microsoft and Accenture, among others – in order to develop a standard for everyone.
Heck underscored the importance of interoperability by citing the examples of WeChat, WhatsApp and Facebook Messenger. As impressive as these messaging apps’ userbases are, he said, “nothing really has replaced email.”
The reason, he continued, is that:
“Email’s the only universal thing which works across the world. You can send emails from anywhere to anyone. Everybody has something that’s compatible.”
Trying to go it alone is just bad business, he added, saying, “No solution which thinks they are winning now because they were earlier will win if they’re not on a joint standard.”
Momentum and roadblocks
And while all these solutions have made significant progress over the past year, uPort has a whole group of potential partners and clients in the various other “spokes” of ConsenSys. One of these spokes, Viant, is currently integrating uPort, while others – including OpenLaw, Meridio and Civil – are planning to do so.
Tyler Mulvihill, the co-founder of Viant, which plans to go live with its ethereum-based supply chain platform this year, told CoinDesk that using uPort as its identity solution was “a really easy decision,” not only because of the ConsenSys connection, but because “they’re leading the space in self-sovereign identity.”
Gnosis, a prediction market that was spun out of ConsenSys, used uPort to verify that each user was only submitting one entry to its Olympia tournament.
Outside of ConsenSys, Melonport, a decentralized asset manager based in Zug, Switzerland, is using uPort to perform know-your-customer and anti-money laundering (KYC/AML) checks.
But uPort’s most notable partnership is with the government of Zug itself, which is conducting a pilot program to register citizens’ IDs on ethereum. The first registry was completed in November, and the total is now over 200. The city government then announced a voting pilot using uPort last week.
Another pilot, in which uPort and Microsoft partnered with Brazil’s Ministry of Planning to verify notarized documents, began in June 2017. According to Heck, more such partnerships could follow.
“We are talking to other cities and governments at the moment – none of them we can talk about at this point,” he told CoinDesk.
In many respects, though, uPort has a long way to go.
The same questions that nag the ethereum ecosystem as a whole can make the way forward uncertain for uPort. How to scale the network to enable faster and cheaper transactions is a major hurdle.
Also important – arguably more so, given uPort’s focus on identity – is the question of how to protect users’ privacy when using a blockchain like ethereum, which is visible to anyone.
“Transparency in blockchain is obviously a feature,” said Zukerman, “but when it comes to personal data and identity data it’s a liability.”
Finally, there’s the question of what happens to a user who loses their private key, and with it, presumably, control over their digital lives. UPort has explored different solutions to this problem, starting with designating friends who can collectively vouch for a person and transfer the lost ID’s data over to a new public key. That was an ethereum-specific solution, though; the team is now working on a blockchain-agnostic one.
But still, even with these roadblocks, uPort has had no problem with its main goal, convincing developers to use its platform in their applications. Heck concluded:
“People come to us.”
Mirrors image via Shutterstock
The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.