In the last decade, the world has trended toward reducing IT costs via a cloud-first strategy, which has driven the software development patterns of organizations to move on to a Service Oriented Architecture (SOA) approach to rethinking existing projects and a SOA-first strategy for new projects.
The world realized quickly that security was going to be paramount and the home-brew API security of the past wasn’t going to cut it, organizations like OpenID created methods for validating user credentials and authorizing access in a straight forward and relatively secure way. Federated authentication led to ways of signing in once and having access to multiple resources and applications. However, one problem that wasn’t solved here was password control, trust in the handler of the password, and the seemingly never ending data breaches that led to massive leaks of Personally Identifiable Information (PII) into the hands of criminals.
Why Do We Need 3.0?
In a traditional application, a user would sign up to a web app or service, providing all their necessary PII (name, address, phone, birthday, etc.) and even billing information including credit card information. Once the account was created, this PII would be stored in the databases of the application.
Multi-paged and fine printed, these terms are glossed over. The data becomes sold, scraped, or let out in a data breach. Furthermore, a company may change their terms at any time, and the fine print can be adjusted to allow them to use the customer’s data in a way they may not actually want their information to be used.
In my opinion, that’s really what triggered a decentralized Internet concept, what journalists are now calling Web 3.0. A breakdown of trust in monolithic applications and corporations controlling data and information.
Trusting Others With My Data
Can I trust this organization with the data they’re asking for? Why do they need this piece of data? How will this piece of data be used? Will this data be deleted when I remove permission to it? How will this data be stored? For how long will this data be stored? Where will this data be stored? How will the data be transferred? Who will it be transferred to? Internal only or through a 3rd party? If the latter, how will the 3rd party use, store, transfer, and delete upon request?Said by every user of an application
There are a lot of questions that are typically not asked nor answered when users hand over their PII to a company that is using that data within a provided application.
Furthermore, organizations change policy and stance on a variety of issues all the time. One day, Facebook might be a platform for free speech, and then start blocking posts and content at the request of large entities/governments. Twitter might shadow-ban you, essentially hiding all your tweets, or you might get “deplatformed” because that service deems your opinions dangerous.
This kind of behavior, although probably born in sincerity, is the exact opposite of how a free global society should act. Unfortunately, we went down this path, and control of information flow has now consolidated into the hands of a few techno-oligarchs. Individuals who don’t want their PII abused by these organizations have relatively no recourse of the control of their data.
Inversion of Control
The solution to the data control issue, is to reimagine an Internet where the individual is sovereign once again. The individual’s data, and it’s use, is under the control of the owner of that data.
In order to do this, we have to take a technology that we commonly use today and reverse its control. Most modern organizations are using a technology called an Identity Provider (IdP) Service, which validates your identity. These are the interfaces you see when asked for a username or e-mail and password. The problem with this is that every company or app has their own instance of an IdP. They all want you to enter your PII into their system so that they can control that data.
What needs to happen is the PII control needs to be reversed. You need to be the IdP. That is, you will need to host your own identity verification service, and the application you are signing up for will request access to your verification service to ensure you’re who you say you are. Your identity service is where your PII is stored. You control your own data. The application will then request to be granted access to the PII. You will be able to pick and choose what PII you grant access to. You will also be able to revoke those grants to PII at any time.
This reversal of control does not come without some hurdles to cross. How does the individual user host an identity service? If a hosting service, who hosts it? How is the data stored? Etc. We start to get back into a gray area of the original problem.
This is in part a technology that the Solid Project and protocol is trying to solve. Tim Berners-Lee originally thought of the Web as a decentralized, interlinked network. The world moved toward a few tech-oligarch monoliths of compute and data aggregation.
The aims of the Solid project are in line with those of the Web itself: empowerment towardsIntroduction – Solid Specificationan equitable, informed and interconnected society. Solid adds to existing Web standards to realize a space where individuals can maintain their autonomy, control their data and privacy, and choose applications and services to fulfil their needs.
Furthermore, decentralized social media platforms will continue to turn the tables on the larger, monolithic monopolies we have today. ActivityPub-based platforms will slowly make gains of the social media space. Users who were previously banned will continue to commune together and build their own decentralized platforms. This is already happening today with the likes of Gab.com. It will continue to grow. The momentum of decentralized social is growing. How it totally plays out is still unclear, but rest assured, more free-thinking players will continue to gain larges swaths of disenfranchised social media users. Who is John Galt indeed.
What About Blockchain?
We can talk about blockchain, when discussing Web 3.0. I mean, why not SEO the hell out of this post. Right? Again, Decentralized Blockchain networks are nothing new, but there is some interesting work that has come out of the COSMOS camp working on a network that allows disparate blockchain networks to work together.
Big money (and Government) injected themselves into cryptocurrency through implementing and regulating monolithic exchanges for crypto coins (and NTFs) but there’s a continuing trend to keep the middle-man out of crypto coin transactions. For numerous reasons, the big money/Governments will continue to fight these, but the decentralized nature of these exchanges (DEX) like 1Inch, Raydium, etc. will allow those with enough technical know how to truly be able to exchange (and trade) value through a DEX.
What’s The End Game?
The future is decentralized data, banking, transactions, ownership, etc. The trend of gaining back control of our data, including financial transactions, seems to be signaling and thus solving the systemic problem of corporate and government overreach.
Time will tell just how much corporate Governments fight back through control over the Internet pipes themselves. It’s something the CIA has done time and time again. I’m hoping and praying for a less aggressive Governmental response, but preparing for that potential reality. With the concept of social scores, vaccine passports, and other nefarious methods of controlling people, it seems like the covert “cold war” for control between the ideas of individual sovereignty and global governance is certainly underway.
What are you excited for or worried to see happen in our near future?