On Tokenisation, Identity & Trust
I've had cause to think about tokenisation a little lately. Like all emergent technologies, it seems inevitable but is, well, just starting to emerge.
There is something of a divide when it comes to web3 technology, it remains somewhat fringe, incomprehensible to some, discounted by many, misunderstood by most, and as Chris Dixon points out in his excellent book “Read, Write, Own”; “Crypto” has come to be more closely associated with the “casino culture” of digital currency speculation or trading, which despite its wider reputation is, in and of itself, a healthy and viable marketplace, especially with the advent of crypto-based ETFs.
The other side of the web3 technology that is less discussed and slightly harder to understand (without the analogy of the stock market that we have for crypto exchanges) yet I have found myself often talking about it recently - is tokenisation.
Tokenisation of data ownership and identity.
I recall in about 2008 thinking about Facebook and how it might become like a passport and portal to the internet - a simpler time when identity online wasn’t as high risk (or maybe I was just younger and more naive). This did become somewhat true. Social login was, and remains, convenient. Add the advent of passkeys today and it is even more frictionless, thanks to the unique nature of biometric identification - you face or fingerprint are, for all intents and purposes non-fungible.
However, we have learned in the intervening years, identity and the dataset behind your identity present value to third parties and risk from less scrupulous third parties… trust, and safety.
I was at a dinner last night hosted by Concentrix ahead of the Trust & Safety Professional Association Summit here in Dublin. The discussions, on a broad range of online trust and safety topics from content moderation to protection of human rights were fascinating and got me thinking about self-sovereign identity or user-owned identity and its many applications across the web.
User-owned identity is where one's identity is owned by the individual and is not intermediated by a central authority so does not require multiple unique verifications across different corporations or even government institutions.
This seems like the natural evolution of passkeys but puts the ownership of the verification (and its application to third parties) in the hands of the individual.
An example might go something like this:
I want to get a new credit card with Company X (not my bank), because of the benefits - say air miles.
Company X doesn’t need to run full KYC on me, and I don’t need to get my passport, take six selfies, provide proof of address etc. as that is all verified on the blockchain against my unique (non fungible) identity token. Then Company X can verify my credit worthiness with my bank, as my identity token matches - as verified on chain - and (hopefully)… boom new credit card.
But let’s go further, I can use my tokenised identity with associated secure payment methods for my subscriptions, my identity becomes by payment method. Let’s take my gaming subscription to X-Box Game Pass.
My underlying identity (regardless of my gamer tag) can be verified, the payment method associated and chosen by me at my end of the transaction without a lot of hullabaloo and away we go.
Let’s go one step further; While my gamer tag may keep my real name anonymised (as deos my tokenised identity), there is an underlying verifiable identity associated to my account.
So, let’s say I am a bad actor, a troll - and I get banned. Today I can just set up a new account, different email etc. and go straight back on. With singular verifiable identity that won't work - the hope being that my online behaviour improves because the stakes for me are higher as my identity (albeit externally anonymised or customised per usage) is persistent across platforms, vendors and communities and so a ban of that identity has a real effect.
This solves somewhat (but not completely) for the challenge of forced user verification, so we get the best of both worlds, verified identity but tokenised so anonymity can be retained, especially for at-risk groups or anyone who wants to only share what they want to share.
To be clear, the technology is not here yet and there are counter arguments that are for another day. But this is one of the more interesting parts of how blockchain technology and web3 will, in the fullness of time, present real utility in the modern world.
So, tokenisation of identity is promising, its success hinges on striking the right balance between user empowerment, security, privacy, and regulatory compliance. As such, the path towards widespread adoption will likely be complex, but the potential rewards for individuals and society are significant.
