Digital Identity in the Metaverse
Digital identity is one of blockchain’s most promising use cases. Blockchain’s decentralized nature ensures that no central authority has control over user data and can therefore not be hacked or compromised by cybercriminals. The crypto space has evolved in recent years from not requesting any information whatsoever about a user, to mandating basic KYC (“Know Your Customer”) and conducting due diligence to be able to buy, receive or trade cryptocurrencies. With more and more users coming into the space, protecting users against scammers and fraudsters is becoming very much at the forefront.
A brief view of how it has been progressing as users and regulators alike are starting to look closer into the space.
- Early on, any user could open a crypto account and trade with no limits.
- Later on, users saw their trading activity kept to a daily / weekly maximum up until they secured their accounts with additional factors of authentication e.g. biometrics, OTP or Authentication apps and adding security measures like Captcha (Completely Automated Public Turing test — if you didn’t know what Captcha stood for, know you know) in attempts to prevent account takeover.
- Now, completing a digital identity verification is a bare minimum for any user wanting to trade or as a wallet looking to transact in NFTs space or even buying virtual land. This is coupled with increase emphasis on security on moving from relatively weak authentication factors like One Time Passwords (OTPs) to seed /recovery phrases (essentially a cluster of random words generated by your crypto wallet when setting it up)
eKYC is not only needed for trading cryptocurrency but also on unique wallets to be able to purchase land in the Metaverse. Many users took advantage of the lack of enforcement measures to gain advantages in bidding for limited edition NFTs — More on this case below.
What is the point of having a verified identity in the Metaverse
To start off, not every user needs a verified wallet / avatar, however this is considered a basic access right and enforcement which would help support and complement a basic level of rules, guidelines and enforcement in the Metaverse. Some examples below:
- As we get more and more events in the Metaverse, some activities will have age restrictions like gambling in a casino, PG rated games for underage users… and of course the porn industry will be (is) an early adopter to deliver on new experiences. I can’t imagine my childhood without playing GTA (Grand Theft Auto) however I’m pretty sure I started playing this R rating game at 13 alongside my younger brothers— Moving past memory lane, that won’t be happen in the metaverse due to the basic enforcement checks.
- Many wallets or users would have been blacklisted for malicious activity. Unable to complete the verification process would block their access to conduct these activities
- Buying a NFTs or virtual land (e.g. The Otherside) required wallet holders to be eKYC’d to be able to participate in the land sale — the goal was to ensure that each wallet holder had an equal chance to purchase virtual land. However, that was easily gamed where many people were able to verify multiple wallets using the same Identity. Since that information isn’t centralized, this meant that the same user held different verified wallets which increased their chances during the virtual land sale. When certain people couldn’t afford to purchase the virtual land due to the high ethereum gas price (gas fees reached about USD 6K at some point), some users were taking bids to sell their verified wallet to others that were willing to pay the fees — in essence — their digital/crypto identity for up to 2ETH — at that time this was worth about USD 6-7K.
A big “WTF” moment! This raises many eyebrows with the lack of guardrails and any sign of regulation.
- Being able to create and sell their wallets many identities in an unregulated manner is in effect identity trading which will be used for fraud especially if not checked against any centralized government or police database.
- The effort to prove your identity post the initial setup is extremely simple whereby all you need to do is click accept. There is very little control to protect against account takeover.
In comparison, regulated financial institutions have resorted to digitally comparing your face against the face used during account opening process to confirm that it’s the same person who opened the account is about to use it now.
But there are a few good solutions on the horizon.
Soulbound Tokens — SBTs
Started as a white-paper titled Decentralized Society: Finding Web3’s Soul in May’22 few months ago with the first use expected in Q4’22. The logic behind “Soulbound” originates from WoW (“World of Warcraft”) where a user cannot sell or transfer Soulbound items; once an item is picked up, that item is forever “ bound” to the user and cannot be sold / dropped / transferred to anyone else.
SBTs are non-transferable tokens representing a person’s identity using blockchain. This could be any type of information that makes up a person or entity. The wallets that hold or issue these records are called “Souls.” Users can have multiple wallets (or Souls) representing different parts of their lives. Each SBTs can be seen as something that is verified and core to your identity e.g. Credit Score, Medical history, employment history, Educational history and certification.
For example, someone could have a “ID Soul” for their ID verification and a “Medical Soul” for their health records. SBTs would allow people to build a verifiable, digital Web3 reputation based on their past actions and experiences.
This not only solves a big issue that was described above where a unique user can be able to have multiple verified wallets using a single identities but it streamlines many users journeys in a trusted way. Let’s elaborate more on this:
- You setup your profile and want to get your SBTs medical records, educational record and Identity verification
- These credentials get verified one time and based on successful verification you get the SBT tagged to your wallet/avatar.
- Currently every industry be it healthcare, financial institutions, digital wallets, technology industry (e.g. ride hailing) has to develop processes and invest in solutions to check that you’re who you say you are and collect tons of information about you.
Having this token would provide different service providers with the comfort that:
- My information has been independently verified
- I am who I claim to be or as Eminem like to put it “And I am whatever you say I am, If I wasn’t, then why would I say I am?” — the “you” being the issuers of the SBT
- No information could not have been transferred to anyone else to use
The reason why the above is great is that it enhances the productivity of so many industries if/when adopted properly. It enables frictionless journeys from not only in the Metaverse but in the real world too.
ENS — Ethereum Name Services
Its your identity / authentication / website / payment method all clubbed into one. In short, its your Web3.0 username!
ENS’s job is to map human-readable names like ‘hassan.eth’ to machine-readable identifiers such as Ethereum addresses, other cryptocurrency addresses, content hashes, and metadata. Its the Web2.0 equivalent of Domain Name System (DNS) which translates an IP address to a website.
Before ENS we used to have to copy / paste long wallet addresses which seems intimidating to anyone new to crypto… with ENS, you can set up an ENS name which is easily remembered by you and others and can help differentiate the owner or the utility assigned to different wallets.
If anyone is old enough to remember the rush towards towards website domains and the rush to own certain keywords and the aftermarket that this has created, the same thing can be said about ENS — try it now and own your Web3.0 presence.
- Have your wallet ready
- Go to Opensea.io and link your crypto account
- Search for ENS (https://opensea.io/collection/ens)
- Type a keyword / name that you would like to own
- Purchase the ENS with ETH and Voila, it’s yours!
You can’t own an ENS for eternity; rather you pay for the number of years to keep your ENS up and running with ‘gas fees’.
As a user you can own multiple ENS that are linked to one or many wallets. Even coinbase is jumping on the ENS bandwagon.
While the crypto world is all about decentralisation, any change of enforcing certain rules will require of centralisation. Verifying an identity is the definition of trust which can easily be broken if not well regulated to protect the rights of all users (against scams) and ensuring all users (and their associated wallets) are used in line with rules and regulations.
As a user, I can be in control of the different identities I would like to hold or identify with (very woke statement but hear me out) — One identity can be purely for gaming, another for shopping while other can be used for more professional settings like attending meeting at work… this will ensure that your activities are kept private to the setting you’re in; similar to having different emails for different utility purposes (personal, work, gaming etc.).
Digital identity verification and its application to Metaverse context is extremely important. It will help bridge physical, digital and meta identity together. Your Metaverse identity is as good as your wallet being verified.
More on SBTs / ENS below
- https://nftnow.com/guides/soulbound-tokens-sbts-meet-the-tokens-that-may-change-your-life/
- https://academy.binance.com/en/articles/what-are-soulbound-tokens-sbt
- https://www.coingecko.com/learn/coingecko-guide-to-ethereum-name-service-ens