Web 2.0 defined our identities for us through big tech companies that were given free rein to share our identity data once we opted into their platforms. Web3 flips the dynamic of this precedent, allowing us to begin our interactions from a stronger position of privacy. In this new world, data sharing is considered ‘off’ by default, giving us individual, self-sovereign control over who gets to see what parts of our identity.
However, there’s a giant roadblock in the way of making this Web3 vision a reality.
The problem is that we’re addicted to our wallets. We associate our entire on-chain identities with our wallets — and now it’s hard to extricate ourselves from this convention because we’ve built protocols around the user behavior. Examples of using a wallet as an identity include: using wallets to log into sites; proving ownership of NFTs to enter Discord servers; having our ENS domains tied to our wallets; and receiving tokens, tickets, and other documents via our wallets.
Why is it bad to allow wallets to serve as our identities? To start, wallets rely on public keys unlocked only by private keys. If a user’s private key is compromised due to loss or scam, they no longer have control of their wallet. This means their Web3 personality, reputation, and assets are all gone with a lost private key. It’s a devastating loss. Another problem with the approach is privacy. By nature, a public key and its digital assets are available for anyone to see. Transacting with the same public key continuously makes privacy impossible. Finally, allowing a wallet to serve as an identity presents a flexibility issue. Either a user shares their key across multiple devices, which is a security risk, or assets must be stored in a hot wallet. To sum it up, using a wallet as an identity is not a strong foundation for a functional Web3. The behavior doesn’t protect the user, and it doesn’t change the dynamics of the identity data economy.
Fortunately, a better solution is available. The tools for systemic change already exist, and if we use them, we can collectively stop using our public keys as identifiers.
The technical solution uses a combination of concepts, which includes DIDs, tokens and credentials. We’ll get to these in a moment. For now, what you need to know is that these tools solve the identity-as-a-wallet problem, and they offer more nuanced control over our identities, different levels of privacy, and a more user-friendly experience. Further, the standards around these tools have been developed by identity experts for years.
Because these concepts are complex, we launched Civic.me, your identity portal for Web3. It’s a dashboard where you can privately manage your Web3 presence, reputation and identity.
Civic.me uses DIDs, tokens, and Verifiable Credentials to create a platform that handles identity in a very smart way. Let’s dive into each component and see how everything works together.
When you connect your wallet to Civic.me, you are connecting a decentralized identifier (DID). You can think of this as an abstraction layer over your wallet, which allows you to connect multiple wallets together into a single identity across chains, define controller relationships between DIDs, and even add constraints to them.
Technically speaking, DIDs are a W3C standard designed to be decoupled from centralized registries, identity providers, and certificate authorities – and they are being adopted across Web2 and Web3 by the likes of Microsoft, Hyperledger, and many more.
Tokens are used broadly across Web3. Common uses of tokens include PFPs, DAO governance, community membership NFTs, and proof of attendance. Given their ubiquity across platforms, they are also the de facto standard for identity on Web3 at present.
Organizing, viewing, and accessing these tokens is a fragmented experience for users, and that’s a big reason we were inspired to build Civic.me, a unified dashboard to manage tokens privately across all of your wallets, and across all chains.
Civic.me also gives you access to a bespoke token, called a Civic Pass. These are non-transferrable, “soulbound” tokens, which represent an aspect of your identity, and grant access to permissioned protocols, which have safeguards based on real-world identity properties. Examples of protocols that have implemented Civic Pass are:
- NFT projects minting with bot or Sybil resistance (Metaplex)
- DeFi Protocols protecting against activity from OFAC-sanctioned countries (Solrise DEX Pro)
- DAOs seeking to implement non-plutocratic voting. (Realms)
Civic Pass is an example of a “responsible” soulbound token because it’s based on a set of principles around privacy and decentralization. Crucial to this is the concept of verifiable credentials.
Verifiable Credentials (VCs) are another decentralized identity standard. We use VCs to attest identity information while maintaining privacy and GDPR compliance. Civc attests to identity information by issuing a verifiable credential, then registers that attestation on chain in the form of a token.
VCs are “self-sovereign” claims about a person that they own and control. Examples of identity information in the form of a VC include a driver’s license or a passport. VCs are attested by Civic and presented to relying parties by the individual as needed.
Civic Pass is a token stored on-chain, so that smart contracts can access it, but the data behind the pass is stored off-chain in verifiable credentials.
Civic.me is for everyone
By incorporating the main components detailed above: DIDs, tokens and verifiable credentials, Civic.me is our proof of concept for an enriched identity layer on Web3, which goes beyond simple public keys and wallets. We are dedicated to ensuring our collective Web3 experience prioritizes privacy, remains security-conscious, and is designed to be future-proof so we can focus on on-boarding the next million users to Web3.