Internet users want control over their data and visibility into how their data is being used. An evolution of today’s web, already mapped out by Sir Tim Berners-Lee, can provide both.
By Osmar Olivo
Web 3.0, or Web3 if you prefer, refers to a new web paradigm that promises to make the internet fairer and more secure by putting users in charge of their own data and identities. Web 3.0 promises to empower all of us with unprecedented levels of control over, and visibility into, how our data is used.
To Web 3.0 evangelists, this revolution is achieved via a fully “decentralized” internet built on blockchain. Needless to say, this is a departure from all of the existing constructs of the web.
However, it’s not reasonable to expect everyone to throw away what they currently have and start over. After all, what we have is pretty good at a lot of things. We need to shift the paradigm, not overhaul it. Instead of a revolution, what we need is an evolution of the web as we know it, to enable the capabilities promised by Web 3.0: security, privacy, consent, user-centricity, interoperability, and more.
As currently considered, the Web 3.0 promise is missing something—namely, the logical next step toward a better internet. This logical next step has been provided by the originator of the web himself, Sir Tim Berners-Lee.
A practical step toward a better internet
In order to disentangle the promise of Web 3.0 from the implementation details of blockchain, it helps to consider what people actually want out of the next era of the web.
What many of us want is visibility, choice, and a reasonable degree of control over our data. We require the ability to know who has access to our data, to know how our data is being used, and to decline consent if we’re not comfortable with sharing certain data. Perhaps most importantly, we want our data to be used for our benefit.
Blockchain can help with these goals in certain cases. Because blockchain is a protocol for reading and writing data in a decentralized and immutable way, it can help make the ownership and historical integrity of data easier to manage and access. Certain finance, supply chain, and chain of custody use cases are perfect fits for blockchain as a result.
But there are many more technical capabilities required for Web 3.0 solutions to deliver visibility, choice, and control over data. In order to build Web 3.0 apps that are fast and flexible, we need a tech stack with solutions for identity, data management, application interoperability, access control, and consent.
Fortunately, solutions to these requirements already exist in the form of emerging web standards and technologies, including those encapsulated in Solid, Berners-Lee’s new system for organizing data, applications, and identities on the web. Let’s look closer at these requirements and what complete solutions need to look like.
Web 3.0 must rely on identity and access control
What most people want and need is visibility, transparency, and consent over their data. In particular, individuals need guarantees around confidentiality between themselves and trusted parties, partners, and institutions. For example, my medical records are between me and my doctor. My finances are between me, my financial institution, and my accountant. Whenever more than one party requires access to data, we need a robust and unambiguous access control system to manage confidentiality—not a public ledger of who owns which data point.
These types of flexible data relationships require identities on the web that are not tied to any particular vendor or application. Solutions such as decentralized identifiers and web identifiers are already gaining traction in this space, but the solutions must be finalized and integrated with the rest of the web stack. Fine-grained access controls are also required for an end-to-end solution. Accordingly, web standards are emerging that aim to provide simple privacy controls over user data. These standards are incorporated into Berners-Lee’s Solid technology, which is designed to be an end-to-end solution for identity, applications, and data on the web—all built around personal online datastores (Solid Pods).
What would this look like in a Web 3.0 world? Today, when you install a new app on your smartphone, you will receive a notification requesting access to various classes of data stored on your device, such as your contacts, pictures, or location. You’re given the option to grant that access or reject it, and you reserve the right to revoke access to those applications and services at any time in your privacy settings. A true Web 3.0 solution would bring this user experience to all of the data about you on the web, such as your financial records, medical data, browsing preferences, and ecommerce data, not just the data stored on your phone.
Web 3.0 applications must be interoperable
The web today is characterized by fragmented data. Every web user’s data is scattered across countless organizations, each with its own silo. Nearly every company in the world struggles to capture a valid and consistently up-to-date, 360-degree view of its customers. Companies integrate numerous platforms and data warehouses to avoid data duplication, staleness, and decay.
All of this effort leads to incredibly complex infrastructure, which is a compliance and liability nightmare, and results in only a handful of companies having the resources to set themselves apart. This means that success continues to be determined by which companies can hoard the most data and not who delivers the best services.
New web technologies like Solid solve this problem by building on already widely adopted web standards to ensure interoperability at an application and protocol level. Building on these standards prevents lock-in for users and enterprises alike.
Application interoperability is necessary for organizations and people to work with each other seamlessly on the web. An interoperable data standard gives organizations a single authoritative source of truth while reducing operational overhead and simplifying infrastructure. Because each individual is empowered to control and update their own data within the framework, the information will be both accurate and up-to-date. Such a system also provides transparency and visibility into who has access to which data and what that data is being used for, which protects the individual’s data privacy rights and complies with modern privacy legislation.
Web 3.0 must be distributed
With web-native solutions such as Solid, data is distributed. This means that regardless of where personal data is physically stored, it is connected to the person it describes, and the data is interoperable across systems. People are able to revoke access to most classes of data if they choose, but there is also support for cases where access must be granted to certain entities for compliance and governance reasons.
Decentralization is an extremely popular concept with Web3 evangelists. But requiring physically decentralized storage does not always mesh well with organizations that require governance and compliance. For example, if regulatory compliance requires special measures to be taken to protect certain classes of data housed on servers, organizations will generally struggle to adopt blockchain (or any solution based on decentralized storage) because they will have no simple means of identifying and governing those different classes of data.
In addition, complete decentralization forces each individual to self-govern their data—a situation most people don’t want. Realistically, the majority of people do not have the knowledge and skills to do this effectively or safely, given the complexity of today’s data ecosystems. Full self-governance leaves end-users and their data more at risk, defeating a central purpose of Web 3.0 and regulations such as GDPR, HIPAA, and PCI.
Blockchain is an impressive technology that can be highly useful in specific contexts. But it does not provide the end-to-end capabilities needed to serve as the foundation for the next evolutionary phase of the web. Achieving the full promise of Web 3.0 will require Solid technologies and standards that enable interoperability and fine-grained access control within a distributed and compliant system. These capabilities serve to engender trust as people gain visibility, transparency, and consent over their data.
The logical next step toward a better web is for organizations to adopt this new infrastructure as the focal point of sharing critical data across their services and businesses—enabling governance and seamless flow among internal systems, external partner organizations, and users. For enterprises and governments, the endless integrations and operational workarounds necessitated by data silos would give way to an architecture that synchronizes consent-based data between the user and the organization. This is the empowerment that Web 3.0 aspires to and the vision that Solid is working to make a reality.