Web 3 has stunned the world by forging a parallel system of finance of unprecedented flexibility and creativity in less than a decade. Cryptographic and economic primitives, or building blocks, such as public key cryptography, smart contracts, proof-of-work and proof-of-stake have led to a sophisticated and open ecosystem for expressing financial transactions.
Yet, the economic value finance trades on is generated by humans and their relationships. Because Web 3 lacks primitives to represent such social identity, it has become fundamentally dependent on the very centralized Web 2 structures it aims to transcend, replicating their limitations.
Glen Weyl is a researcher in the chief technology officer’s office at Microsoft and co-author of “Radical Markets.” This article is adapted from “Decentralized Society: Finding Web 3’s Soul,” a paper he co-wrote with Puja Ahluwalia Ohlhaver, a strategist at Flashbots, and Vitalik Buterin, the co-creator of Ethereum.
For example, the lack of Web 3-native identity and reputation forces non-fungible token (NFT) artists to often rely on centralized platforms like OpenSea and Twitter (TWTR) to commit to scarcity and initial provenance, and prevents less than fully collateralized forms of lending. Distributed autonomous organizations (DAO) that try to move beyond simple coin voting often rely on Web 2 infrastructure, such as social media profiles, for resistance to Sybil attacks (one or a few entities pretending to be many more entities). And many Web 3 participants rely on custodial wallets managed by centralized outfits like Coinbase (COIN). No wonder: Decentralized key management systems are not user-friendly for any but the most sophisticated.
In our paper, we illustrate how even small and incremental steps toward representing social identity with Web 3 primitives could solve these issues and bring the ecosystem far closer to regenerating markets and their underpinning human relationships in native Web 3 context.
Even more promising, we highlight how native Web 3 social identity, with rich social composability, could yield great progress on broader, long-standing problems in Web 3 around wealth concentration and vulnerability of governance to financial attacks, while spurring a Cambrian explosion of innovative political, economic and social applications. We refer to these use cases and the richer pluralistic ecosystem they enable as “Decentralized Society” (DeSoc).
Our key primitive is accounts that hold publicly visible, non-transferable (but possibly revocable by the issuer) tokens. We have chosen this set of properties not because they are clearly the most desirable collection of characteristics, but because they are easy to implement in the current environment and permit significant functionality.
We refer to the accounts as “Souls” and tokens held by the accounts as “Soulbound Tokens” (SBT). Despite our deep interest in privacy, we initially assume these will be publicly visible because it is technically simpler to validate as a proof-of-concept, even if limited by the subset of tokens users are willing to publicly share. Programmably private SBTs are a next step we discuss below.
Imagine a world where most participants have Souls that store SBTs corresponding to a series of affiliations, memberships and credentials. For example, an individual might have a Soul that stores SBTs representing educational credentials, companies they’ve worked for, hashes of works of art or books they’ve written, etc. In their simplest form, these SBTs can be “self-certified,” similar to how we share information about ourselves in our resumes. But the true power of this mechanism emerges when SBTs held by one Soul can be issued by other Souls, who are counterparties to these relationships. These counterparty Souls could be individuals, companies or institutions.
For example, a university could be a Soul that issues SBTs to graduates. A stadium could be a Soul that issues SBTs to longtime Dodgers baseball fans.
Note that there is no requirement for a Soul to be linked to a legal name, or for there to be any protocol-level attempt to ensure “one Soul per human.” A Soul could be a persistent pseudonym with a range of SBTs that cannot easily be linked. We also do not assume non-transferability of Souls across humans. Instead, we try to illustrate how these properties, where needed, can naturally emerge from the design itself.
Perhaps the largest financial value built directly on reputation is credit and uncollateralized lending.
Currently, the Web 3 ecosystem cannot replicate even the most primitive forms of uncollateralized lending, because all assets are transferable and saleable – thus simply forms of collateral. The traditional financial ecosystem supports many forms of uncollateralized lending, but these are often mediated by centralized credit scoring mechanisms – the rationale being that less-creditworthy borrowers have little incentive to share information about their creditworthiness.
But such scores have many flaws. At best, they opaquely overweight and underweight factors relevant to creditworthiness, and bias those who haven’t accumulated sufficient data, mainly minorities and the poor. At worst, they can enable “Black Mirror”-style opaque “social credit” systems that engineer social outcomes and reinforce discriminations.
An ecosystem of SBTs could unlock a censorship-resistant, bottom-up alternative to top-down commercial and “social” credit systems. SBTs that represent education credentials, previous work history and rental contracts, to name a few, could serve as a persistent record of credit-relevant history, allowing Souls to avoid collateral requirements by staking meaningful reputation to secure a loan. Loans and credit lines could be represented as non-transferable but revocable SBTs, so they are nested among a Soul’s other SBTs – a kind of (non-seizable) reputational collateral – until they are repaid, and subsequently burned (or, better, replaced with proof of repayment that augments the Soul’s credit history). Think of it as similar to a note on a credit history.
SBTs offer useful security properties: The property of non-transferability prevents transferring or hiding outstanding loans while the presence of a rich ecosystem of SBTs ensures that borrowers who try to escape their loans (perhaps by spinning up a fresh Soul) will lack SBTs to meaningfully stake their reputation.
The ease of computing public liabilities with SBTs would give rise to open-source lending markets. New correlations between SBTs and repayment risk would emerge, birthing better lending algorithms that predict creditworthiness and thereby reducing the role of centralized, opaque credit-scoring infrastructure. Better yet, lending would likely occur within social connections, birthing new forms of community lending. In particular, SBTs could offer a substrate for “group lending” practices similar to those pioneered by Nobel laureate Muhammad Yunus and the Grameen Bank, where members of a social network agree to support one another’s liabilities. Because a Soul’s constellation of SBTs represents memberships across social groups, participants could easily discover other Souls that would be valuable co-participants in a group lending project. Whereas commercial lending is a “lend-it-and-forget-it” until repayment model, community lending might take a “lend-it-and-help-it” approach, combining working capital with human capital with greater rates of return.
Not losing your soul
The non-transferability of key SBTs – such as one-time issued education credentials – raises an important question: How do you not lose your Soul? Recovery methods today, like muti-signature recovery or mnemonics, have different trade-offs in mental overhead, ease of transacting and security. Social recovery is an emerging alternative that relies on a person’s trusted relationships. SBTs allow a similar, but broader paradigm: community recovery, where the Soul is the intersectional vote of its social network.
Social recovery is a good starting point for security but has several drawbacks in security and usability. A user curates a set of “guardians” and gives them the power, by majority, to change the keys of a wallet. Guardians could be a mix of individuals, institutions or other wallets. The problem is a user must balance the desire for a reasonably high number of guardians against the precaution that guardians be from discrete social circles to avoid collusion. Also, guardians can pass away, relationships sour or people simply fall out of touch, requiring frequent and attention-taxing updates. While social recovery avoids a single point of failure, successful recovery depends on curating and maintaining trusted relationships with a majority of your guardians.
A more robust solution is to tie Soul recovery to a Soul’s memberships across communities, not curating but instead drawing on a maximally broad set of real-time relationships for security. Recall that SBTs represent memberships to different communities. Some of these communities – like employers, clubs, colleges, or churches – might be more off-chain in nature, while others – like participation in a protocol governance or DAO – might be more on-chain. In a community recovery model, recovering a Soul’s private keys requires a member from a qualified majority of a (random subset of) Soul’s communities to consent. As with social recovery, we assume that the individual has access to secure, off-chain communications channels broader than the chain itself where “authentication” (through conversation and sharing of shared secrets) can take place. We can often think of the relationships tokenized by SBTs as being precisely the access to such channels.
Maintaining and recovering cryptographic possession of a Soul requires consent of the Soul’s network. By embedding security in sociality, community recovery deters Soul theft (or sale). A Soul can always regenerate their keys through community recovery. Thus, any attempt to sell a Soul will lack credibility because a Seller would also need to prove they sold the recovery relationships.
Programmable plural privacy
Most valuable data isn’t necessarily individual, but interpersonal (e.g., social graph) or valuable only when pooled in larger groups (e.g., health data). Yet, “self-sovereign identity” advocates tend to treat data as private property: Data about this interaction is mine and so I should be able to choose when and to whom to reveal it. But even more than in the physical economy, the data economy is poorly understood in terms of simple private property. Even in simple two-way relationships, such as an illicit affair, the right to reveal information is usually symmetrical, often requiring mutual-permission and consent. The Cambridge Analytica scandal was largely about people revealing properties of their social graph and information about their friends, without their consent.
Rather than privacy-as-transferable-property-right, a more promising approach is to treat privacy as a programmable, loosely coupled bundle of rights to permission access, alter or profit from information. Every SBT – whether the SBT represents an affiliation, membership, credential or access to a facility – also has an implied programmable property right specifying access to the underlying information constituting the SBT: the holders, the agreements between them, the shared property or assets and obligations to 3rd parties, to name a few. Some issuers and communities will choose to make SBTs wholly public, like SBTs that reflect information in a public resume. Some SBTs will be private in the atomistic sense of verifiable credentials. Most will be somewhere in between, revealing some information publicly and keeping some information private while sharing some information to a designated subset.
SBTs enable privacy as a programmable, composable property right that can map upon the complex set of expectations and agreements we have today. Better yet, SBTs also help us imagine new configurations, as there are an infinite number of ways privacy – as a property right to permission access to information – can be composed to create a nuanced constellation of access rights.
For example, SBTs could enable holders to run computations over data stores, perhaps owned and governed by a collective of Souls, using a specific privacy preserving technique. Some SBTs may even grant permission to access data in a way where computation is possible across data stores, but the contents can only be proven with a third party’s permission. This could be useful for SBTs that instantiate and represent “continuous voting” mechanisms, where the voting mechanism needs to tally votes from every Soul, but votes should not be provable to anyone else to prevent vote buying.
SBTs could steward healthier forms of the “attention economy” that empower Souls to filter spam inbounds from likely bots outside of their social graph, while elevating communication from real communities and desired intersections. This would be a dramatic improvement on communication platforms today, which lack user control or governance and auction user attention to the highest ad bidder, even a bot. Listeners could become more aware of to whom they are listening, and be better able to assign credit to works that spur insights.
Rather than optimizing for engagement, such an economy could optimize for positive-sum collaborations and valuable contributions.
Albert Einstein told the 1932 disarmament conference that the failures of the “organizing power of man” to keep pace with “his technical advances” had put a “razor in the hands of a 3-year-old child.” In a world where his observation seems more prescient than ever, learning how to program futures that build on trust – rather than replacing it – seems a required course for human life on this planet to persist.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.