Great article and a promising future, but I am worried about the implications on privacy. If your identity is the sum of all your previous authentications and forever persistent, then you have a record of your private information and actions forever embedded in the blockchain. Who has access to this information? Is it conceivable that this information could become public, possibly due to a leak? What happens then?
This is a great point and one that is important to consider. The key thing to remember is that permissionless identities let you start fresh without any links to prior identities. Something that wasn't possible before in Web2 as everything is tied to your email/phone/passport. Thanks for the comment, appreciate the discussion!
I think an alternative to consider is also that sensitive identity information (like full name, passport number, home address, etc.) could be stored off-chain and integrated into the wallet experience so the user still has control over who has access to that sensitive info and when. Or even stored in a private blockchain and as @Alen said, only smart contracts can access that private blockchain. With either solution, zk proofs can then be implemented to verify those pieces of information without actually exposing them.
I think that zk system can step in this problem. We can develop a system where only smart contracts are allowed to read the record of private information once users need to interact with any services. Data is public to smart contracts only, no need to trust another party to control your data.
Great article and a promising future, but I am worried about the implications on privacy. If your identity is the sum of all your previous authentications and forever persistent, then you have a record of your private information and actions forever embedded in the blockchain. Who has access to this information? Is it conceivable that this information could become public, possibly due to a leak? What happens then?
This is a great point and one that is important to consider. The key thing to remember is that permissionless identities let you start fresh without any links to prior identities. Something that wasn't possible before in Web2 as everything is tied to your email/phone/passport. Thanks for the comment, appreciate the discussion!
I think an alternative to consider is also that sensitive identity information (like full name, passport number, home address, etc.) could be stored off-chain and integrated into the wallet experience so the user still has control over who has access to that sensitive info and when. Or even stored in a private blockchain and as @Alen said, only smart contracts can access that private blockchain. With either solution, zk proofs can then be implemented to verify those pieces of information without actually exposing them.
yeah agree with this
That's a good point although the key issue with off-chain info like that is how do you prevent wallets from being traded...
I think that zk system can step in this problem. We can develop a system where only smart contracts are allowed to read the record of private information once users need to interact with any services. Data is public to smart contracts only, no need to trust another party to control your data.
That partially works except when you have credentials tied to smart contract wallets or multi-sigs which fully break this pattern :/