Over the past few weeks, Facebook has been raked over the coals in the press and U.S. Congress for practices that are hard to regard as anything short of evil. In essence, the company allegedly knew for years that its algorithms were pointing users to content that was harmful in a variety of ways, but did nothing, because change would mean losing money.
This article is excerpted from The Node, CoinDesk’s daily roundup of the most pivotal stories in blockchain and crypto news. You can subscribe to get the full newsletter here.
If you’ve ever used your Facebook account to log into another service online, you’ve been helping the social network make your online experience more toxic, even if you’re not a user of Facebook.com itself. Or maybe you do much the same using Google or Apple identity services. All involve major trade-offs – like possibly having your data shared with U.S. intelligence.
It’s one of the core quandaries of today’s internet. While the ‘net’s inherent anonymity is definitely a good thing, it leaves users of ID-reliant tools in thrall to major centralized identity providers and their seemingly inevitable abuses. Blockchain developers have long talked about developing “decentralized” identity standards to save us from the dangers of Big Login, and at least one significant step towards that future appears imminent: Sign-in With Ethereum is coming.
It’s just what it sounds like: a standard way to use an Ethereum wallet that you own as an identifier across multiple services. If your first thought is, “my name isn’t even attached to my ETH wallet,” that’s exactly the point: Using a cryptographic marker as an identity means the user, not the identity provider, has total control over what information is associated with it. Eventually, you’ll be able to decide, for instance, whether a particular service needs your name, proof of your age, or a glimpse of your ETH balance. You won’t have to send all that information to every service you use.
The standard is being developed by Spruce Systems, cofounded by former ConsenSys staffers, which won a recent development RFP from the Ethereum Foundation and Ethereum Name Service. The initial goals are modest (always a good sign, in my book).
“We’re starting with not as serious, not as strong identity,” says Spruce co-founder and CEO Wayne Chang. “Because we want to be battle tested. In the short to medium term it’s more like social media credentials that tie their Twitter handles to a blockchain … We don’t want to provide [know your customer] credentials for buying millions of dollars of financial securities right yet,” though that’s a possibility down the road.
Applications for this initial iteration, according to Spruce, are more likely to include lower-security uses like gating content for non-fungible token (NFT) holders. But, eventually, by integrating secure off-chain storage, Sign-in With Ethereum (let’s just call it SIWE) could also offer “strong” options such as government ID. Users will be able to control access to that data on a case-by-case basis and remove or disassociate it at will.
One significant hurdle for SIWE is the inherent risk of reusing any identifier, particularly an address that can likely be pretty easily linked to wallets used for financial activity. While the idea of using multiple or disposable wallets as a security measure is familiar to crypto users, it’s probably a bridge too far for normies, at least for now – one more reason SIWE is starting with baby steps.
Spruce regards its work as a community project, and it is holding weekly community calls as it develops the SIWE standard. Information about those calls and how to participate should be coming soon at Login.xyz.