Right now, you can buy an NFT of your favorite photograph, buy land in a metaverse like Decentraland or Cryptovoxels, and build a virtual gallery exhibition from scratch. In 2021, metaverse real estate sales hit $500 million. Experts say that number could double this year. The way we interact online is changing, and it’s happening at lightning speed.
The increasingly online nature of our everyday lives has opened countless (virtual) doors, but it’s also presented a complicated problem: online identity theft, wherein someone steals someone else’s information—email addresses, home addresses, bank numbers, social security numbers, and so on. Often, they do this in hopes of financial gain, which constitutes identity fraud.
Non-fungible tokens are unique digital assets that live on the blockchain, a kind of public, decentralized ledger. Unfortunately, the NFT space is not immune to bad actors. Phishing, for instance, where scammers pose as legitimate players (e.g., a marketplace, an artist, a collector) in order to gain access to your wallet, can happen. But in recent months, experts have posed an interesting question: going forward, could NFTs be used to offer us more protection online?
Currently, best practices for avoiding identity theft include creating strong, complex passwords; enabling two-factor authentication; never giving away your personal information, and not clicking on links or opening messages from people you don’t know and trust. These rules apply both in Web2 and Web3, but as we head further into virtual realities and virtual worlds, also known as “metaverses,” security is likely to become even more essential. How might we protect ourselves as we navigate this 21st-century “Wild West”?
(Before digging deeper, feel free to check out our guide to crypto buzzwords, as you’ll encounter some of them throughout this article.)
The main use cases for NFTs these days revolve around digital artworks and collectibles, serving as a certificate of authenticity for photographs, videos, gifs, 3D renders, and more. The appeal is two-fold: first, NFTs assign scarcity—and therefore value—to digital files that could once be copied endlessly. Second, they run on smart contracts, or programs that execute automatically once certain conditions are met. For example, you can have a smart contract that ensures that every time a work of art is sold on the secondary market, a percentage of that sale goes back to the original creator.
But some have wondered if, in the future, our identities could exist on the blockchain in the form of verified NFT ID cards. Though this is an oversimplification, many have compared the idea to a driver’s license or state ID; while your physical ID helps you navigate the physical world, a digital, tokenized equivalent could help you safely explore the web.
To understand how this might work, it’s worth revisiting our guide on the fundamental differences between Web2 and Web3. In Web2, our data can be owned and sold by large corporations, who then make money from our activities; in Web3, however, the hope is that we, as individuals, will have ownership over our information, with the choice to sell it (or not).
These parameters—what we share online and what we don’t—would theoretically be set by smart contracts on the Ethereum blockchain. All of your information could exist digitally as an NFT, but you’d decide what data you share with whom. A virtual club, for example, could verify that you’re over the age of 21, while an art dealer could verify that you have the funds to acquire an NFT masterpiece. Thanks to those smart contracts, there’d be no need to trust a third party with sensitive information.
The transparency of the blockchain—and its immutability—could mean that you always have a record of every transaction you make. That is, you know exactly where your data goes. And potentially, you could get paid for transactions that involve your information, depending on the smart contract. You could rent it out to companies, who could then use it to train artificial intelligence (AI) tools or create better targeted advertising. Or you could choose not to.
For the most part, this use case—NFTs for online identity verification—is still theoretical, and it carries its own risks; if someone gets access to your encryption keys, for example, you’d be in major trouble. We also don’t know for sure if it would work on any significant scale, especially in light of high gas fees and the environmental cost currently associated with interacting with the Ethereum blockchain.*
But it is an intriguing idea: imagine, for example, traveling between virtual worlds with a singular, verifiable identity. In Web2, we have different identities and logins for various platforms. In Web3, we could shop, go to work, attend events, and even visit a bank, moving across platforms seamlessly. No need to constantly fill out forms or manually share your data. And wherever we go, the hope is that we’d have control over our data, and ideally, we only share what’s necessary.
It’s worth noting that the larger idea of anonymity on the decentralized web is a complex and nuanced one. In the NFT space, many artists and collectors choose to be anonymous to protect their privacy and personal information, and that should be respected. The practice of “doxxing,” or naming the real-life identities of pseudonymous players in the crypto world, has sparked many debates.
On the other hand, some believe that those handling large sums of money have a responsibility to their investors to make themselves known and accountable. “Rug pulls,” for instance, are possible, in part, because of the anonymity of the space. In this type of NFT scam, someone can hype up a project on Twitter, grab a bunch of ETH, and then disappear without a trace, leaving investors with assets that are essentially worthless.
It’s hard to predict what our identities will look like in Web3. Will people continue to embrace anonymity in Web3? On the other hand, could they choose to verify their real-life identities through NFT ID cards? And can we have both? That is, will blockchain technology finally give us more control over what information we share, when we share it, and with whom? Questions abound, but so do possibilities.
*These problems will be solved, at least partially, when Ethereum switches from its current proof-of-work protocol to a proof-of-stake protocol.