thoughts on web5

Assigning very hazily defined versions to the world wide web seems to be the current fashion. Recently there has been the Web5 proposal [1] emerging from Jack Dorsey et al, formerly also known as project BlueSky.

The portable identity problem which Web5 is aiming to solve is a valid concern. It's similar to the problem of nomadic identity in the fediverse. Ideally, your social network identity wouldn't be strongly anchored to a particular domain name, so that you could then easily migrate between instances. Easy migration would help to reduce "dreadnought" syndrome where there is one infeasibly massive, expensive to run, and hard to moderate instance creating a sort of *black hole network effect* within an otherwise decentralized architecture.

The architecture proposed by Web5 is similar to that of the Solid project [2]. You have a database containing your documents and a permissions system whereby other internet systems can be given access to your data. If you are familiar with self-hosting then this is like a sort of home server but virtualized in the cloud.

In the abstract the Solid or Web5 design is reasonable. Any step away from centralized silos and lock-in effects is going to be beneficial for users. But with software the devil is always in the details, and the details of Web5 are...not all that great.

My biggest criticism of both Solid and Web5 is that the identity system is based upon Decentralized IDs (DIDs), which are overwhelmingly based on blockchain. Web5 is specifically proposing that identity be based on the oldest and dirtiest blockchain technology: Bitcoin. There are many problems with blockchain systems. They are slow, require global consensus and so are logically centralized, and use up gigantic amounts of electricity. Blockchain mining is so expensive that over the last decade it has become highly centralized. The inefficiency is also concealed from the end user in that it happens "somewhere out there" and becomes someone else's problem rather than directly on your phone or laptop.

If there is a solution to the identity problem then it needs to be lightweight and genuinely decentralized, not requiring proof-of-work or proof-of-stake somewhere in the background. Blockchain stuff is really a fake decentralization, cloaked by mathematical complexity.

But the fact that the internet has an identity dilemma is undeniable, and needing to create a separate account on every website is a high friction user experience. At present using a password manager seems to be the best solution, and maybe that will be surpassed by hardware tokens in the next few years. So a good version of Web5 would use something like hardware tokens for identity, and those are then able to encrypt/decrypt your data store, which could exist in multiple places and be automatically synced, like nomadic accounts on different instances in the fediverse. No blockchains would be needed.

[1] Web5 proposal

[2] Solid project