The Digital Identity Phantom Menace

One of the biggest cliches in the current hype about Web 3.0 is the concept of decentralization. The term has taken on many self-important quasi-philosophical features, such as Enlightenment-era ideals of autonomy, self-determination, and the ultimate subjective: “freedom”. All across the web, you can read articles proclaiming the dawn of “decentralized digital identity”, which just begs the question: is digital identity something that could be decentralized?

Setting aside much of the (mostly manufactured) cheerleading for “decentralization” in all forms, I want to focus on how digital identity, almost by definition, could never possibly be decentralized. I believe pretty much the exact opposite is true: digital identity will be the ultimate centralized commodity (perhaps it already is).

One of the key features that decentralization zealots rely on is blockchain technology. Despite what some may say, blockchain is not inherently decentralized any more than any other database. It could be argued that it is apt to be even more centralized since blockchain is immutable. Those who have access to an immutable blockchain database could certainly wield a lot of power over the data stored therein. This brings up another question: is your digital identity immutable? What exactly is your digital identity anyway?

Digital Identity

Digital identity is merely a dataset that is constantly updating and fluctuating. This dataset is a construct, an avatar of you or who you are. These datasets are collections of any scattered behaviors, actions, and interactions you may (or may not) have online with myriad people and organizations. Is that collection WHO you are? Or, isn’t it just a sample of WHAT you have done? Is a pattern the same thing as a person?

Maybe this is pedantic, but there is a huge difference between who you are and what you do. For example, if I buy several books on Amazon about true crime and serial killers, does that indicate that I am a criminal, murderer, lawyer, or investigator? If I were to post on Twitter some thoughts and opinions on food prices, does that make me an economist?

Herein lies much of the problem with the concept of digital identity: human beings are NOT simple datasets that can be aggregated and put into neat little boxes on any sort of database, whether it be blockchain or whatever. The whole idea of digital identity is an invention of corporations, governments, and non-governmental organizations for purposes of profit and control. Facebook, Twitter, and others seem to revel in the power they have to remove people from their platforms for nearly any reason. They accomplish this through the control they have over your “digital identity”, which can be interpreted and manipulated at will in any context.

To think that anyone could somehow achieve autonomous control over their own digital identity is a pure illusion (or more accurately: delusion). Blockchain will not facilitate autonomy over digital identity, as once anything is “written” to the blockchain, it is there permanently. Forever. Blockchain may have some utility in cases of asset ownership and trade, but digital identity is not an “asset” that anyone “owns” or even “possesses”. Digital identity is a phantom that constantly changes depending on the context of where it is being used.

There is not going to be decentralization of digital identity, but there will most certainly be more centralization of it. Your credit score, education and medical records, criminal history, online habits, banking and money, and any other data that is inherently quantifiable are not even really “yours”. Unless you want to go live out in a cave somewhere and never interact with another person again, everything you do is inevitably being used as a data commodity. There will be no decentralized blockchain that is free from observation and commodification.

The reality is much worse, as the opposite becomes easier: since blockchain cannot be rewritten, your digital identity will likely contain mistakes, errors, and outdated info, and will always be subject to the rule of law. Too much quasi-libertarian nonsense permeates the blockchain space, where these myths of decentralized everything swirl around in an echo chamber. Governments, institutions, and corporations will always use laws and regulations to assert authority over any blockchain-related info. How could it be otherwise?

What about the innumerable ways in which you can attempt to mask or manipulate your own digital identity? Do you have different email addresses for different purposes: business, personal, or otherwise? Have you ever used a temporary email account? Do you have an alias? Do you have anything in your background that you would rather some people not know about? Do you think that employers will not have any access to your records just because they are on the blockchain? What about lawyers, judges, and governments? How is it decentralization when entities with these powers and abilities retain such access?

This entire issue reminds me of an important distinction within the field of web development: the difference between authentication and authorization. Just because someone’s digital identity or credentials have authorized access to something does not necessarily allow them authorization to any and everything. When logging into a website, you authenticate your digital identity by entering the correct information or data. Once you log in (depending on the situation) you may or may not have authorization to every feature of that site. The situation does not change because now your credentials and records are stored in a blockchain database rather than any other database. You can authenticate who you are in the physical world, but that does not necessarily mean you have the authorization to stop the use of your info. The control over such things as authorization will always be subject to higher-order authorities in any society where there is the rule of law.

Decentralization, autonomy, and total revolution is not going to take place via blockchain databases. If only it were so easy.