How to build our digital identity on Web3?
TechFlow Selected TechFlow Selected
How to build our digital identity on Web3?
Centralized entities control how we access the world and hold people's password data, which is often the cause of cybercrime.
Navigating Web3 tides with focused insightsWritten by: Donovan Choy
Translated by: TechFlow
Current digital identity systems have obvious flaws: centralized entities control how we access the world and manage people's password data—data that often fuels cybercrime.
How did things get this way?
The popular answer today is to blame everything on Web2. But the truth is, big tech companies significantly accelerated innovation in digital identity by popularizing multi-account models.
By establishing multiple identities, tech companies acted as intermediaries—"identity providers"—allowing users to log into different applications using familiar account credentials, greatly reducing the number of accounts users need to remember. This "single sign-on" approach increased interoperability across our digital services.
It’s what allows you to access Gmail and YouTube without logging into separate accounts, or use Facebook or Twitter to sign in to various e-commerce websites.
But the problem remains: Web2 digital identities still operate within the same account-based structure as their centralized predecessors.
The accounts still belong to the big tech companies that issue them, meaning:
- You don't truly "own" your digital identity.
- Your digital identity depends on their servers.
- We can't take our social relationships with us because they are proprietary data owned by corporations.
The good news is, thanks to advances in cryptography and decentralized blockchain technology, an alternative is emerging.
I call this the decentralized identity revolution. This time, blockchains offer a spontaneous, bottom-up way to create our own self-sovereign identities, instead of relying on traditional centralized institutions.
Functionally, the key difference in the decentralized identity revolution is that ownership of digital identity is no longer account-based and provided by intermediaries. Instead, it’s a shared digital connection where all parties involved commit to maintaining the relationship long-term—directly reflecting the types of relationships we have in the real world.
That’s what this article is about. Broadly speaking, there are three groups of Web3 digital identity participants.
They are Proof of Personhood (PoP), Verifiable Credentials, and more recently, Soulbound Tokens.
Let’s examine each one.
Proof of Personhood
Projects under Proof of Personhood (PoP) protocols are highly focused—as the name suggests, they aim to do just one thing: prove uniqueness of identity.
Well-known examples include Proof of Humanity, BrightID, and IDENA.
PoP projects are primarily used to establish unique identities, which in turn helps solve issues caused by Sybil attacks. They achieve this through hybrid methods such as photo and video submissions or complex AI-generated CAPTCHA tests.
Although PoP projects also build identity through community mechanisms like “trust networks”—requiring participants to sign each other's digital certificates as a form of “vouching”—they do so solely to prove identity uniqueness.
In short, these projects are useful for establishing individuality, but this sense of singularity isn’t well-suited for capturing rich interpersonal relationships on a social graph or how people connect with one another.
Soulbound Tokens
In May 2022, Glen Weyl, Puja Ohlhaver, and Vitalik Buterin introduced the concept of "Soulbound" tokens (SBTs) in their paper titled "Decentralized Society."
SBTs can be simply understood as permanent, non-transferable tokens on a public blockchain. They can be issued by anyone—individuals, private companies, universities, communities, or governments—in various forms: academic achievements, financial debts, employment contracts, etc.
Why would we want certain attributes of our identity to be non-transferable and permanent?
When two people meet for the first time and shake hands, that relationship exists only in their fleeting memories. SBTs aim to make that handshake happen on a public blockchain—witnessed and verifiable by the rest of the world. This allows us to add social context to a person’s identity, opening up a world of coordination possibilities and paving the way for removing intermediaries.
Essentially, SBTs formalize social capital (i.e., reputation) as property rights. By "exposing our souls," individuals can publicly stake their reputations and prove the authenticity of their claims.
Here are several examples of economic innovations SBTs could enable:
- Art: An artist without formal certification but recognized by their community can use SBTs to prove their "street cred."
- Education: Individuals who cannot afford expensive university tuition can demonstrate their qualifications via SBTs earned from informal learning channels.
- Banking: Loan applicants can prove trustworthiness by showing clean credit records—or positive reputation via SBTs—eliminating inefficient over-collateralization models common in DeFi (a repayment SBT could be issued upon loan settlement).
- Governance: DAOs can improve collective decision-making by preventing whale dominance (you can't buy SBTs). DAOs could also issue SBTs to trusted outsiders, enabling more inclusive voting designs and avoiding majority consensus traps.
- Record Management: SBTs can reduce friction with existing healthcare or insurance providers by easily transferring all medical records as SBTs.
- Business Operations: Traditional business functions like sales or HR can become more efficient by targeting potential customers/employees based on the types of SBTs they hold.
The grand vision for SBTs is that one day, in a society where Web3 has gone mainstream, there will exist a rich ecosystem of SBTs—so comprehensive that a person’s wallet address alone could serve as a reliable and complete "digital identity," replacing overly curated LinkedIn profiles and résumés.
Do We Really Want Soulbinding?
Soulbound tokens are not without criticism.
SBTs work well when we want to prevent hiding negative behaviors—like poor credit or criminal history—but this resistance to censorship may backfire.
The permanence and public nature of SBTs make it easy for anyone to correlate and infer information about a person, potentially erasing privacy and encouraging certain forms of discrimination.
For example, a racist employer might discriminate against a job candidate after peeking into their wallet and seeing SBTs indicating participation in Black Lives Matter events.
To mitigate this issue, critics of SBTs like McMullen prefer W3C-backed "Verifiable Credentials" (VCs).
Like SBTs, VCs can be issued by anyone and represent any kind of information. However, the key difference is that they operate using zero-knowledge proof technology.
Here’s a simple illustration of how VCs work:
- I claim I’m Batman, but you don’t believe me.
- To prove I’m really Gotham’s Dark Knight, I send you an encrypted VC stored off-chain.
- This VC is issued and cryptographically signed by the Gotham Police Department’s decentralized identifier (think of it as a wallet). Each decentralized identifier’s “signature” acts as a unique watermark, proving the information hasn’t been tampered with.
- You now know I’m Batman because an imposter couldn’t obtain this credential.
- The entire verification process is private—I don’t have to reveal any other personal information to you.
In short, unlike SBTs, Verifiable Credentials allow for “selective disclosure” of information.
Many verifiable credential protocols already exist in the Web3 space and have been market-tested. They’re built on official web standards recently established by W3C in July, offering a decentralized way to create privacy-sensitive digital identities without relying on central issuers.
Notable examples include Civic, whose on-chain VC product has supported over 295 NFT projects and helped block 1.2 million bots. Another is Ontology, whose identity solution has created over 1.5 million DIDs.
Finally, protocols like Disco allow you to create decentralized identifiers from your Ethereum address to sign VCs stored off-chain.
Trade-offs of SBTs
The authors of the SBT paper are not unaware of these criticisms. As they explicitly acknowledge in their paper, SBTs could lead to “dystopian scenarios” such as permissioned immigration systems, reinforced regulatory capture, or automated redlining.
But these criticisms aren’t insurmountable.
To address privacy concerns, zero-knowledge techniques can be applied to SBTs to create separate read-access permissions, allowing SBT holders to decide how and when to disclose them. Second, variants of SBTs can be designed to reduce their permanence—for instance, making SBTs transferable after a certain period, or allowing issuers to fully revoke them.
The tension between soulbound tokens and verifiable credentials can be understood as the difference between being a public figure and staying privately low-key. Public reputation (soulbound) carries greater weight and influence because it effectively declares, “I have nothing to hide,” but your enemies can also damage it through defamation.
On the other hand, private reputation (verifiable credentials) lacks public trust due to its concealment, but it’s less vulnerable to manipulation, and you retain better control over how a select few perceive you.
From this perspective, the greatest weakness of soulbound tokens is also their greatest strength. Being able to publicly expose your reputation invites scrutiny—but you’d better make sure you’ve done nothing wrong, or it will come back to haunt you.
The Decentralized Identity Revolution
The internet was built without an identity layer.
For decades, efforts to build this layer relied on centralized entities… until now.
Web3 digital identities—soulbound tokens, verifiable credentials, and proof of personhood—represent a credible alternative: creating digital identity in a decentralized, bottom-up manner.
Though their approaches differ, these builders share a common goal: enabling individuals to create a rich social layer without depending on centralized entities.
Thanks to blockchain technology, these efforts may eventually replace centralized identity systems (driver’s licenses, passports, birth certificates), reducing reliance on powerful institutions to define the rules of human identity.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
