Skip to main content
SearchLoginLogin or Signup

Decentralised Digital Identity

The current relationship between publishers and consumers suffers from a lack of trust. Could a Web3 solution help build trust while also giving consumers agency over their own data and publishers a more sustainable revenue stream?
Published onJun 01, 2023
Decentralised Digital Identity
·

ABSTRACT

This article explores how the concept of a ‘Decentralised Digital Identity’ applies to media users or a professional publishing company. We investigate how these types of identities can be used to develop trust and extract new value in the publishing and media industries. The work is based on the research undertaken by the Cogency project in 2022, which assessed how Web3 can be used to help build ongoing trust and develop new sources of revenue for publishers and content producers.

The contribution outlines how:

  • research from a media coalition assessed the benefits that Web3 blockchain technology might hold for media and publishing;

  • how blockchain technologies could be used to create decentralized identities for verification;

  • how these identities may lead to users having new forms of agency over how their data is used;

  • how giving users agency over their data can create new revenue streams for publishers; and

  • how a decentralized digital identity could also be applied to publishers to provide proof of authenticity for content and develop trust.

Background

In the summer of 2022 a coalition of local and international news, current affairs and lifestyle publishers, academics, members of the Web3 community and technologists came together to assess how Web3 technologies might be used to help build ongoing trust and develop new sources of revenue for publishers and content producers. This group called itself Cogency.

Cogency investigated the potential impact of Web3 and other various emerging technologies, ranging from meta-spaces and non-fungible tokens (NFTs) to decentralized autonomous organization (DAOs) and decentralized content delivery networks (CDNs). The group also identified opportunities and barriers to adoption during this work, including scalability and cost. 

Through researching these technologies, Cogency identified a key concept of a unique decentralized digital identity, also known as a decentralized identity or ‘DID’. However, it was unclear whether the use of blockchain technology focused around DID could give users new agency over how their data is used, develop a trust system that verifies content’s origin, or generate new funding models for content creators. For example, would DID on a blockchain system help publishers and subsequently jumpstart a more diverse, vibrant and professional ecosystem?

Some of the problems that the coalition aimed to solve were:

  1. Users have no agency over their data and as a result the current relationship between publishers and consumers suffers from an imbalanced data value exchange, where publishers extract proportionately more value from data.

  2. Publishers are losing money for a variety of reasons including:

    • Legacy, small and large, professional publishers have seen a gradual deterioration in the value of what they publish due to the changing economics of the advertising industry such as the development of programmatic advertising and monetisation of data, the rise of digital platforms including Google and Facebook and the explosion of user generated content.

    • The widespread use of ad-blocking technology by consumers has also significantly impacted the revenue of publishers relying on ad income.

    • User-data plays crucial commercial and operational roles for publishers but regulations and legislations are being put in place in many jurisdictions which will greatly limit professional content makers’ ability to gather and store user data. 

  3. The current relationship between publishers and consumers suffers from a lack of trust (in publishers and journalists) which historically has been in part due to practices such as creating click bait to drive engagement. In the future trust may further be eroded due to the authentication challenges that Artificial Intelligence (AI) may create for the publishing industry, where a proliferation of content may make it harder for users to distinguish between what is authentic and what is not. At its worst, the emergence of deepfakes and AI synthesized content that is designed to be indistinguishable from authentic content, poses a significant challenge to maintaining trust in the digital world. As these technologies become more sophisticated and accessible, they could be used to create false narratives or disinformation, thereby further eroding trust among consumers of content.

The Cogency project ran for three months investigating whether the technologies associated with the Web3 movement might solve the problems outlined above, with a focus on verification.

Full details of the research and its outcome can be found here in the project’s white paper.

Since the publication of the white paper Cogency has continued its work, expanding the concept of a Cogency DID from something that is just for consumers to something that can be created for publishers too.

How it works

Currently, users have little agency over how their data gets used online. DID are built into Web3 environments and allow users to create, manage and control their Personally Identifiable Information (PII) without a centralized third party like a registry, identity provider or certification authority. DID and PII can also be used for institutions, where PII is information about the institution as opposed to an individual.

PII is the body of information about specific individuals or a group that directly or indirectly identifies them. This usually includes data such as name, address, credit history as well as data from online sources and can include things like usernames and passwords or search and engagement history.

The use of a DID, which includes PII, can develop a trust framework for identity management where users have agency over the information stored and can share or restrict access. In this trust framework, users who accept DID trust providers of DID and vice versa thanks to the underlying ‘trustless’ technology; trustless refers to the quality of a decentralized environment where, in using the network, there is no need to rely on trust in a third party.

The user accesses and controls their DID through a digital wallet where they grant or deny access and permissions to their PII data.

The notion of ‘self-sovereign identity,’ with no middle person or platform needed to establish identity, is at the heart of the idea of decentralized identity. To manage the DID, instead of having a set of identities across multiple platforms or a single identity managed by a third party, such as universal login, self-sovereign identity users have their own digital wallets in which their PII credentials are stored and accessible through reliable applications with no third-party intervention.

When accessed by the user via their digital wallet the DID, and associated PII, can be shared by the user with any other user or organization that accepts the DID. This portability means that users can share their PII anonymously across different platforms without involving a third party, giving users full autonomy over their data.

Why use DID for PII in publishing?

The Cogency project felt the portability of anonymized PII in a ‘trustless’ environment like the one described above and the demographic composition of the associated potential users (young and typically currently less engaged in traditional media) make decentralized digital identities a particularly exciting new field for publishers, media and content makers to explore.

PII data is, of course, already collected by media and publishers online as audiences engage in their content. The PII data is used for user acquisition and retention as well as a variety of commercial targeting strategies.

However, each publisher’s view of engagement data is siloed; they can only see how users engage in the platforms or titles they control. DID’s portability changes that siloed perspective by allowing data from multiple sources to be shared, giving the potential for a broader view of the data gathered on a user. If publishers had this broader view of what their audiences engage with online they could tailor the audience experience much more precisely, which in turn could be used to improve user acquisition and retention as well as the user experience.

At the same time, audiences have little agency over the access permissions and portability of their PII and as a result cannot benefit from sharing their data between publishers. If these users had greater agency over their digital identity and could share their engagement data between publishers, they could bargain with publishers more effectively for incentives which could include, for example, gifted content or exclusive access.

Finally, publishers themselves do not have a way to verify their credentials and authenticate and verify their content in a ‘trustless’ way. The future of publishing looks set for a proliferation in the creation of new content. Being able to verify your publishing brand and the content you create in such an environment will become increasingly important. Having a publisher DID with associated PII, which in the publishers’ case could include verified content, may help protect against IP theft and improve trust overall.

Delivering a solution

The Cogency project identified three constraints that would impact the practicality of implementing any new solution like a DID for this consumer base:

  1. First, any solution that will have a long-term impact needs to have a commercial element that does not cannibalize any existing revenue streams and is ideally repeatable over time. (Participants in the project agreed that any solution will be more widely adopted and maintained if it helps publishers with their bottom line, be they for or not for profit.)

  2. Second, the media industry does not have large sums available for research and development. This lack of resources means any solution will be more likely to succeed if it is built on existing processes, workflows and technologies.

  3. Third, to onboard the audiences associated with this technology the building and governance of any solution must be done in a decentralized way or it will not be seen as authentic to the community. The Cogency project has operated as a coalition to create credibility with this community. Additionally, in order to have mass consumption of decentralized technology there is also the need to educate audiences, ensure user friendliness, and have transparency when building solutions and focus on security.

With these things in mind, the Cogency team proposed the development of a decentralized identity for content consumers that is embedded in the existing subscription workflow and online payment systems.

Users would then be guided to create a Cogency DID and connect their current wallet (or create a new payment option) when they are setting up a new subscription with a publisher.

Once connected to a publisher these users can build what we are calling a Cogency Engagement Graph as a part of their DID that includes verified information (metadata) about how engaged they are with content across every publisher that they are connected to. This verified engagement credential is ranked based on how engaged the users are in a nine-level Fellowship Model (for details see white paper).

The more engaged the user, the higher the ranking. The content consumer will be able to use their identity to signal their interest in different types of content, provide the permissions they wish to grant to any new publisher they engage with, and negotiate for better services and privileges from publishers.  

In return for validating these identities and the levels of engagement on their platforms, publishers will have access to a broader understanding of what content consumers want based on a broad cross-section of their engagement across multiple platforms, not just their own. This information can be used to assist in user acquisition and retention as well as content targeting and even the planning and commissioning process. 

Publishers will be able to charge a fee to create the identity generating new revenue in the subscription workflow. They will also be able to better tailor subscriptions and membership programmes to vastly improve user acquisition and retention as well as audiences’ day-to-day experience. 

The majority of the revenue raised during the creation of the DID during the subscription process will be kept by the publisher. A small percentage of the revenue will go towards the maintenance of the infrastructure required to maintain the DIDs

The publisher will also be able to create a publisher DID. This DID will operate in the same way as the consumer DID. But in the publisher’s case verified information held in the DID will be a verification of the content itself, acting as an archive to prove origination. The unique identifier for content included in this process can be used to track any usage across the internet and protect IP.

So, in return for a small fee, content consumers get autonomy and greater agency over their personal data, an improved content service where they can indicate to publishers the content they want through their Cogency DID and trustworthy content whose origin they can verify.

The architecture

The solution will require the development of a new wallet ecosystem, which could be done in partnership with an existing supplier (such as Polkadot), in order to build the DID solution, Cogency Engagement Graph and the Fellowship Model for each user. These, in turn, will communicate with the Content Management Systems (CMS) of the different publishers.

In this process, the consumer interacts with the publication by requesting a Verifiable Credential (VC), the digital equivalents to our identity-related documents.

Diagram showing the Verifiable Credential (VC) process. Source: Authors’ white paper.

The consumer starts the flow (1) by using a browser or native application to access the publisher’s web frontend page when setting up a subscription or membership. The publisher website drives the consumer to a form to collect initial data around permissions and interests to determine whether the credential can be issued and the customer’s content. Next (2), the consumer is prompted to set up a Cogency Wallet. The publisher’s web frontend calls (3) the Cogency service to generate a VC issuance request. The wallet downloads (4) the request from the link, where the request includes the DID of the publisher, the URL with the VC manifest, and the look and feel of the VC. Then (5), the wallet validates the issuance request and processes the contract requirements. Lastly (6), the Cogency verified id service returns the signed VC, which allows for the DID and associated document (and corresponding metadata) can be viewed on a url via the subject’s wallet.

In total, this process allows the consumer to interact with the blockchain to get authorization to consume content securely. From there, the Cogency Fellowship Model would recognize, nurture, and incentivize content based on the consumers’ engagement. During the whole process, the consumer is at the heart of every interaction owning their own identity which remains private unless the consumer states otherwise.

Next Steps

Having published its first white paper the Cogency team continues to refine the proposition. In the summer of 2023 we are building a proof of concept for the Web3 aspects of the solution and partnering with several publishers and CMS providers to test the solution. We welcome other partners who are interested in testing the technology.

Longer term the team hopes that the Cogency ID can be used for a variety of consumer activities and help in reallocating content-based value from digital platforms and advertising agencies back to publishers.


David Tomchak is the founder of Cogency, a technology working group, and is a multi-award-winning journalist, editor and technology leader whose experience over the last 20 + years has ranged from organisations such as the BBC and the Evening Standard to start-ups and the likes of JP Morgan. His career has also included a spell in government where he was the Head of Digital and Deputy Director of Communications for Downing Street in the UK. David founded the AI In Media (AIIM) working group in 2016 which has now been included in Cogency. David is also a Visiting Policy Fellow at the Oxford Internet Institute, University of Oxford.

Ursula O'Kuinghttons, Director of Communications and Partnerships at Web3 Foundation, brings extensive experience in journalism, media business and the tech industry from her work at El País Newspaper, Prisa Media, and as a founder member of Civil Media Company in New York City.

Comments
1
?
Justin Frevert:

I am so happy that this research is moving forward - it ties with one of my favorite topics in web3 that is closely related: trustlessness + news media.

As someone who has thought about starting a news media parachain several times, I cannot help but be curious about a number of things proposed here. I have a few questions and comments about the proposal.

Why investigate ink! smart contracts and include them in the diagram? The reason for inclusion wasn’t shared in the paper, but smart contracts are typically included on a chain if the aim is to have an on-chain platform for third-party developers to build on. I initially got the sense that this chain is a bit different than a smart contracts chain, given its focus on monetizing through on-chain(L1) identity services.

Are there any details to how user’s data would be obscured? This was not specified(I guess it might come later), but it brings some additional thoughts around trustlessness:

  • The most common-sense approach for obscuring their data might be to simply encrypt it for each user.

  • I’d be curious if the team explored homomorphic encryption for these use cases. The basic idea of this concept is that a user’s data can be encrypted, and a third party can perform operations on it(the obvious implication being that some day agents such as machine learning models could run over these.). The result of those operations are encrypted and only able to be decrypted by the one holding the private key(the user). This puts the user in a position of privacy where they can also elect to reveal their data. They might do this for example, if the application allows them to do it in return for a token.

  • Zero-knowledge proofs allow similar functionality. Different functions can be defined with optionally private inputs to do things such as parse a Cogency Engagement Graph privately, or verify someone’s identification information without revealing it to give them some status. E.g. their position at some publisher. Honestly, the suite of services could suffer in terms of decentralization order to provide the DID services, and this is a trustless option which might not suffer in the same way.

Web2 CMS integration

As a previous developer of a news CMS, this is one of the most exciting parts of the paper. Honestly, something as simple as adding optional DID/public key fields to author profiles in some of the popular CMSes would be a bit of a revolution for news, and a really great and easily replicatable example for web2 apps to adopt trustless technology.

Lessons Learned

You did the right thing in answering “how we won’t go the way of Civil”, which is the first line of questioning from any journalist on these sort of proposals(in my experience). A few comments:

  • The answer for “Operating under the Ethereum blockchain…” doesn’t really answer the expensive fees question, since the common Substrate fee calculation logic still scales with traffic. Regardless, Substrate chains are usually cheaper.

I think an explainer on why a blockchain is necessary is pretty important, as parachains are real beasts, and this is being suggested for a cash-strapped industry. I’d be curious why a smart contract isn’t viable, at least for piloting. Or even why a core set of these features couldn’t be tested via offchain applications.

Thanks,