Identity can be hard to define. In the real world, we don different (often overlapping) masks depending on the situation—family, work, public service or private play. Online, the distance between the “real you” and these masks is often more pronounced. We adopt pseudonyms, handles, avatars and personas—each associated with a different reputation, a different level of trust from the community, and different data (profile pictures, posts, etc.). While some may be closer to what you might consider your “core” identity than others, they are all part of your overall digital identity. As the concept of the metaverse evolves, and with the prospect of avatars that span multiple virtual environments, identity becomes more complicated and protecting it becomes all the more important.
“On the Internet, nobody knows you’re a dog.”
While still humorous, the sentiment behind Peter Steiner’s 1993 New Yorker cartoon with the famous line “On the Internet, nobody knows you’re a dog”—suggesting that you can be whoever you want in the digital world—is no longer a novel one. In fact, with the rise of Big Data, it feels likely that true anonymity in the metaverse will be increasingly difficult to achieve.
After all, while you can be whomever you like online, your real identity comes into play the instant you participate in one verified transaction, post one photo with landmarks and timestamps, or even frequent one set of pokéstops in Pokémon Go! And that is before we take into account the power of sophisticated algorithms that can glean pertinent facts and identifying information from even the most anonymous-seeming of interactions.
Practicing Good Identity Hygiene in the Metaverse
A digital identity is a collection of information about a person that exists online. When this information is grouped together, it can provide a digital representation of an individual. However, the overlap between a digital “individual” and the real-world person it represents becomes larger every day—even though a digital identity can conceivably (and may eventually) be tied to computer-generated individuals, virtual assistants or sophisticated AIs.
So, what makes a “good” digital identity? According to the ID2020, a public-private consortium in service of the United Nations 2030 Sustainable Development Goal, a good digital ID must be portable, persistent, private and personal. These characteristics are the hallmark of an interoperable metaverse where ownership rights are recognized and protected.
Although the ID2020 goal is focused on improving digital identity through policy and regulatory change in the real world, a carefully designed ID verification system and thoughtful policy will have long-lasting positive impacts for the next iteration of the web.
When discussing identification verification programs, it is important to draw a conceptual distinction between “identity” and “identification”—with “identity” being an individual’s unique set of attributes and “identification” being the means by which we prove we are who we say we are. For example, digital ID programs let us authenticate who we are over digital platforms, through a variety of factors such as fingerprints, passwords, and authentication apps or devices. The internet has no built-in user verification system. Instead, there is a variety of authentication solutions and logins, individually managed by different applications. Social Login partly solves this problem but leaves the control of identity in the hands of a few big platforms acting as gatekeepers. An interoperable metaverse will require an interoperable platform agnostic identity that is verifiable. In other words, we need an authentication process that compares the identity a person claims to possess with data that proves it.
Further, a good ID program should be rooted in a carefully designed policy framework that allows individuals to create and safeguard their identities in the digital world. The ID2020 framework factors, which provides a good starting point, consist of the following:
- Portability. Your information should be able to be moved seamlessly from one storage site to another, without duplication, modification or deletion. Self-sovereign ID is an approach to digital identity that emphasizes individual control of digital identity. In such a system, which is often decentralized, credentials are managed using crypto wallets and verified using public-key cryptography anchored on a distributed ledger. In the Metaverse, tokenized identity in the form of an NFT stored on a blockchain or digital wallet may provide portability. An NFT passport already exists and as we see more proliferation of these platforms and technologies, keep an eye out for platforms that are truly interoperable—that allow information to be accessed and trusted anywhere you happen to be.
- Persistence. Your digital identity must be durable. It must be something that will stay with you for life, and that no individual or institution can duplicate, modify or delete. Persistent ID also implies a level of uniqueness. With a unique digital ID, an individual has only one identity within a system, and every system identity corresponds to only one individual. While this is not the case with of most social media identities today, with digital wallets and tokenization of information, it is possible to tie our disparate digital pseudonyms to each other.
- Private. This may be the aspect of identity we’re most familiar with in the Digital Age. There should always be safeguards in place to ensure that activities accessing and using an individual’s information without consent are strictly forbidden.
- Personal. An ID that is truly personal is one that the user controls at a granular level on an ongoing basis. Ownership of digital assets such as social media handles, domain names, or avatar skins is largely platform dependent. In a self-sovereign identity system, individuals control access to and composition of their own identifiers.
Of course, designing a system in view of the above factors is no easy feat. For any given system, there are technical challenges to overcome—such as improvements in cybersecurity, transaction speed and volumes on-chain. Governance issues abound. Questions concerning the implementation of such a system will need to be answered. For example, does it need to be international? Would this be done by the government? Would it need to be a public-private partnership? Furthermore, true and complete interoperability (and thus portability) remains mostly aspirational at this point. However, there is also no shortage of individuals (and institutions) in both public and private spheres thinking about these challenges and how to solve them. As the digital identity ecosystem expands, the important question is, how well is our ability to both project and protect our digital identity keeping up?