The dangers of letting Facebook control your online identity are clear. One alternative would use your Ethereum wallet instead, and let you control your own data.
Over the past few weeks, Facebook has been raked over the coals in the press and U.S. Congress for practices that are hard to regard as anything short of evil. In essence, the company allegedly knew for years that its algorithms were pointing users to content that was harmful in a variety of ways, but did nothing, because change would mean losing money.
If you’ve ever used your Facebook account to log into another service online, you’ve been helping the social network make your online experience more toxic, even if you’re not a user of Facebook.com itself. Or maybe you do much the same using Google or Apple identity services. All involve major trade-offs – like possibly having your data shared with U.S. intelligence.
It’s one of the core quandaries of today’s internet. While the ‘net’s inherent anonymity is definitely a good thing, it leaves users of ID-reliant tools in thrall to major centralized identity providers and their seemingly inevitable abuses. Blockchain developers have long talked about developing “decentralized” identity standards to save us from the dangers of Big Login, and at least one significant step towards that future appears imminent: Sign-in With Ethereum is coming.
It’s just what it sounds like: a standard way to use an Ethereum wallet that you own as an identifier across multiple services. If your first thought is, “my name isn’t even attached to my ETH wallet,” that’s exactly the point: Using a cryptographic marker as an identity means the user, not the identity provider, has total control over what information is associated with it. Eventually, you’ll be able to decide, for instance, whether a particular service needs your name, proof of your age, or a glimpse of your ETH balance. You won’t have to send all that information to every service you use.
The standard is being developed by Spruce Systems, cofounded by former ConsenSys staffers, which won a recent development RFP from the Ethereum Foundation and Ethereum Name Service. The initial goals are modest (always a good sign, in my book).
“We’re starting with not as serious, not as strong identity,” says Spruce co-founder and CEO Wayne Chang. “Because we want to be battle tested. In the short to medium term it’s more like social media credentials that tie their Twitter handles to a blockchain … We don’t want to provide [know your customer] credentials for buying millions of dollars of financial securities right yet,” though that’s a possibility down the road.
Applications for this initial iteration, according to Spruce, are more likely to include lower-security uses like gating content for non-fungible token (NFT) holders. But, eventually, by integrating secure off-chain storage, Sign-in With Ethereum (let’s just call it SIWE) could also offer “strong” options such as government ID. Users will be able to control access to that data on a case-by-case basis and remove or disassociate it at will.
One significant hurdle for SIWE is the inherent risk of reusing any identifier, particularly an address that can likely be pretty easily linked to wallets used for financial activity. While the idea of using multiple or disposable wallets as a security measure is familiar to crypto users, it’s probably a bridge too far for normies, at least for now – one more reason SIWE is starting with baby steps.
