Moving past the login box using Verifiable Credentials
Visit any traditional website today and you’ll likely be confronted with a barrage of obstacles. The first thing will be those annoying cookie pop ups pushing you to consent to the countless number of 3rd parties that will track your visit. This information is peddled on exchanges around the world. Get past that, and you will eventually be pushed to share your email address or phone number, and create yet another password. All making you a likely target for phishing attacks and putting your personal data at risk of being included in the 1,291 data breaches affecting nearly 281.5 million people in 2021. This approach is not going to last.
Web 3 has brought a new way to engage with websites, and dare I say, it is almost magical. No cookies, no username, no password, no sharing personal information. I can browse freely and pseudo-anonymously without having to worry about the cookies and terms I was forced to accept. When I want to transact, I connect to a website with a “wallet”. The wallet (e.g, MetaMask) is a browser extension or mobile app that holds a unique pseudonymous identifier, such as my Ethererum address. When I click “Connect”, my wallet proves to the website that I control the private keys associated with that address. All my data stays with me, on my device. This puts me, the user in control.
The wallet replaces the username, the password, the cookie and requires no personal data to be shared. This is great for website owners as well because they no longer need to store sensitive data about their users. No surprise then that MetaMask, for example, claims to be “trusted by 21 million users worldwide”. The Web3 community is also exploring using other identifiers like NFTs and Ethereum Name Service (ENS) that can be associated with a wallet.
The Role of DIDs and Verifiable Credentials
But if we do not share any personal data, how do we complete web transactions that require age verification or affordability criteria(e.g. loans). How could users prove that they meet those eligibility or qualification criteria without breaking the Web3 model or privacy and convenience?
This is where the W3C standards on Decentralised Identifiers (DIDs)and Verifiable Credentials (VCs) come into play. DIDs and VCs are a new type of unique identifier with linked verifiable information that can be controlled solely by the user. DID-based representations for Ethereum Accounts and ENS names have been already defined, and with zero transaction costs, users can easily create their own DIDs. They will then be able to prove control over their DID, enable trusted third parties to “issue” cryptographically signed verifiable credentials (e.g. I am over 21) linked to the user’s DID, and allow websites to “verify” a user meets any eligibility (e.g. age verification) and/or qualification criteria (e.g. affordability checks) whilst preserving the user’s privacy.
Furthermore, these verifications can be done using selective disclosure (e.g. to prove your age, you need only disclose your date of birth versus showing your entire drivers’ license), predicates( e.g. instead of sharing your full date of birth, you can simply prove you are over 21), and zero knowledge proofs (e.g prove that I am a European citizen without sharing my passport details), using “anonymous credentials”. This makes it possible for users to not have to compromise on neither the user experience nor on their anonymity within the Web3 ecosystem.
Get Started with Dock
Dock is a platform designed to provide a simple solution for businesses and developers to build, manage and present digital credentials that are instantly verifiable using blockchain technology. With a standalone blockchain and seamless adoption and interoperability, Dock is part of a movement to solve universal problems with existing data and how it is captured, shared and controlled.