BCCN3

View Original

Are Web3 Passports Too Public For The Blockchain?

With the development of web3 passports beginning to show up on various networks like the Polygon network, some are starting to question whether passports are placing too much personal information onto blockchains where they can’t be removed. 

As convenient as web3 passports can be for verifying identities and following upcoming regulations, the high frequency of scams within the web3 industry forces users to consider how willing they are to upload personal information on a network that will be permanent. 

What is a web3 passport?

Web3 passports have become an interesting concept since 2021 when NFTs and cryptocurrencies took over the mainstream. The idea is that a web3 passport can reside within a user’s wallet and be used as a quick way to verify their identity for KYC/AML purposes. 

Unfortunately, crime is a rampant issue within web3 as many criminals flock to the blockchain to make transactions that would otherwise be forbidden through traditional financial service providers. Due to this, many web3 businesses such as centralized exchanges are requiring users to upload personal information in the event that they use assets to fund criminal activity. 

Why are they helpful?

KYC/AML practices can be time-consuming processes for both users and businesses as it requires employees to verify information from every customer involved. Likewise, many users are not always willing to provide such private information to businesses that they have little interaction with. Moreover, the fact that many of these businesses have turned out to be fraudulent makes user willingness even lower. 

With a web3 passport, users won’t have to worry about this issue as much because they’ll be able to provide their web3 passport to businesses by connecting their wallet which will automatically verify their private information for KYC/AML.

What’s the issue?

While convenient, web3 passports still pose some risks. The cryptocurrency industry is still highly susceptible to scams and there is a belief that private information can be stolen more easily if placed in a wallet that can be drained. 

Fortunately, there are methods to avoid this issue by making the passports soul-bound which would prevent them from ever being released, but access to a user’s private keys could still pose issues. In that case, it is important to encrypt information placed inside web3 passports to prevent the data from being leaked and recovered by bad actors. 

Likewise, staking is another method that can be used to protect web3 passports because it makes them harder to drain from a wallet. When a token is staked, it is effectively locked into a protocol that won’t release the token until a set time is created by the user or protocol which would add an extra layer of protection to passports storing sensitive information. 

Web3 cybersecurity needs to be ready

Web3 passports provide a convenient solution to KYC/AML processes which can create long waits while asking for private information that users may not be willing to hand over to businesses they are unfamiliar with.

Additionally, with scams still a common issue in web3, users need to be assured that their private information won’t be compromised if placed on an immutable blockchain. If passports are to become more commonplace in web3 it is absolutely necessary that cybersecurity measures are enhanced and optimized to prevent significant data leaks.