Soulbound Tokens, Self-Sovereign Identity, and the Pursuit of a Universal Identity Standard
How can we apply new identity primitives to create more transparency and trust in the web3 world and beyond?
Thus far in the nascent web3 world, our identity profiles have largely been fragmented and opaque. Profile picture NFTs (PFPs), pseudonymous handles on centralized web2 platforms, and the financial assets in our wallets provide some semblance of identity layers. But these are really only scratching the surface. The actions we take in environments supported by different layer 1 blockchains (L1s) are disconnected, which makes it difficult for us to build, manage, and contextually project a holistic and reliable reputation set. The lack of a universal identity standard is holding us back; it’s harming collaborative processes and opening the door for bad actors and scams which breed mistrust and stigmatize the entire industry.
In a thought-provoking episode of Bankless, Vitalik Buterin and Evin McMullen discuss two different primitives for expanding upon and improving our identity standards and, by extension, facilitating more transparent, trusted interactions. Buterin, along with co-ideators Glen Wyl and Puja Ohlhaver, is a proponent of Soulbound Tokens (SBTs), a new, non-transferable NFT standard on Ethereum (exact technical specifications still in the works). At a fundamental level, SBTs are public attestations that could potentially represent a wide range of credentials: academic achievements, open source contributions, personal information, and affiliations, to name a few. The SBT, as it is posited, cannot be sold, destroyed (by the receiver), or transferred, but rather, as the name implies, the token remains inextricably linked to a specific ‘soul’ (i.e., wallet).
As I understand them, SBTs were proposed on the basis of a few fundamental beliefs:
Existing web3 asset standards are too financialized; the transferability of assets is creating an environment that lends itself more to speculation rather than ‘social relationships of trust.’ As such, overall ecosystem growth is hindered as some outside entities are wary about engaging with and incorporating speculative instruments into their respective ecosystems. SBTs, by nature, combat this financialization by creating a new asset type that’s architected around actions rather than transactions.
Existing web3 asset standards are leading to vulnerabilities and plutocratic outcomes within web3 systems. Token-based governance within decentralized autonomous organizations (DAOs) opens the door to both outsized influence from whales and sybil attacks (where a single user accrues majority voting power, either through one or multiple wallets depending on the governance structure). SBTs, in one sense, constitute attribution assets that could theoretically enable a more meritocratic distribution of voting power and differentiate between ‘unique souls and sybils.’
Given the on-chain permanence of SBTs, some concerns naturally arise. First and foremost, SBTs are a conceptual standard specific to the Ethereum blockchain. Buterin acknowledges in the Bankless episode that the lack of chain agnosticism from SBTs in their current form ultimately ‘reduces their social scalability.’ Second, there are limitations to the types of credentials that SBTs can and should support. While the immutability of blockchains does wonders for referencing financial data transparently in perpetuity, it is less appropriate for housing personally identifiable information (PII) and other identity-related data. Any form of PII - passport, license, health records, SSN, etc. - should never be immutably recorded to a blockchain regardless of the safeguards put in place to protect that data. Third, there are questions around how, if it all, recipient consent factors into SBTs. If SBT smart contracts stipulate a sort of recipient ‘opt-in,’ wouldn’t this negate some of the proposed use cases for ‘negative reputation’ SBTs? According to the whitepaper, negative reputation SBTs - credit history, data about unpaid loans, negative reviews and complaints from business partners - are ‘made visible even if the holder does not want them to be visible.’
While the intention might be for increased transparency, it’s difficult not to imagine a frightening devolution of the SBT standard into an open-sourced scarlet letter branding system. The question then becomes, how can we reasonably prevent nefarious folks from brandishing the iron rods and weaponizing SBTs? History is replete with warning signs; some examples are more benign (e.g., Lulu Dating App’s Shaming System) while others are quickly becoming dystopian facets of society designed mainly for punitive purposes (e.g., China’s social credit score system).
SBTs in their current form - as indelible marks without recipient consent measures - have the potential to breed real toxicity. This also begs the question of how an individual’s lack of commitment to their SBT wallet could circumvent the system. What’s to prevent someone from switching wallets after accruing one or more negative reputation SBTs? The creation of a new wallet without the negative reputation SBT would then conceivably enable the individual to partake in whatever action they would’ve been precluded from (i.e., loan). Wallet transferability as a risk to SBTs was illuminated in a recent podcast episode of The Chopping Block:
‘I think people forget that addresses and private keys are transferable. People were buying other people’s addresses during the Bored Ape land sale to participate. Private keys are easily transferable. ‘Soulbound’ is a crazy term because it’s not actually bound to an individual, it’s bound to an address, and addresses are more transferable than people think…if your idea of an SBT is that it’s tied to one private key forever and you build it up over 15 years, that’s just not going to work.’
Perhaps it will depend on the entire reputation set that individual has already established with a particular wallet, and whether or not they’re willing to abandon any associated positive credentials. It stands to reason then that a universal identity standard should be built first and foremost with positive, rather than negative, attestations in mind.
SBTs: From Concept to Reality
Concerns and cautionary precedents aside, SBTs are merely at the concept stage right now. There are significant technical lifts required to bring SBTs to fruition, namely in recovery and privacy. SBTs will require wallet modifications, or new infrastructure all together, that enables community recovery. This mechanism is proposed as an enhancement to social recovery in which a user identifies a set of 3+ ‘guardians’ and grants them the power, by majority, to change the wallet’s signing key. In most cases, guardians are unknown to each other to reduce the chance of collusion. Problems naturally arise when relationships with guardians deteriorate or guardians pass away.
Community recovery aims to address social recovery’s perceived shortcomings by shifting guardianship from a curated group of confidantes to a ‘maximally broad set of real-time relationships’ stemming from a user’s respective communities. These communities can be on-chain or off: DAOs, events, universities, or even the last ‘20 people you took a photo with.’ How this more expansive community recovery model actually gets executed remains a question, as expressed in the white paper:
‘Precise details to make this work will require experimentation. How guardians are chosen and how many guardians’ consent is required, for example, are key security parameters for further research. With such a rich information base, however, community recovery should be computationally possible, with security increasing as a Soul joins more distinct communities and forms more meaningful relationships’
Is community recovery, if even proven technically feasible, really more effective than social recovery? Like relationships, community involvement can also be impermanent; people graduate from universities and move on from DAOs. Is collusion in this context really more preventable when people have a penchant for publicly projecting their various community involvements/memberships? Executing on a community recovery model that captures this impermanence without compromising security is a major challenge here.
With respect to privacy, SBTs will require a robust and wide-ranging application of cryptographic measures to ensure on-chain user data is accessible only by designated parties. Scalability becomes a question as rich data sets are stored on chain for public review. In some simple cases, as posited in the whitepaper, hashing (data stored off chain and linked to an on-chain hash identifier) can address both confidentiality and scalability concerns. But in instances where disclosures become more nuanced, zero-knowledge proofs (a particularly expeditious computational method that enables a user to confirm a statement is true to another user without conveying more information) can be incorporated to limit information accessibility. While none of this is considered technically infeasible, implementation within a new token architecture remains a thought exercise at this point.
Disco - Decentralized Identifiers & Verifiable Credentials
Whereas SBTs are (largely) on-chain, siloed to one L1 ecosystem, theoretical, and raise questions about consent, decentralized identifiers (DIDs) and verifiable credentials (VCs) offer a more flexible, user-controlled alternative. Both DIDs and VCs are digital credentialization standards supported by the W3C, and have working groups executing on practical applications; together, they underpin the concept of self-sovereign identity which, as the name implies, champions individuals to fully control their identities.
Decentralized Identifiers (DIDs): DIDs are the enablement layer within the self-sovereign identity framework. They are persistent, cryptographically verifiable identifiers that do not require a centralized registration authority. A person can have numerous DIDs that correspond to different identifiers like their Bitcoin address, passport number, and email address. These DIDs are used to verify, and thus attest to, one’s verifiable credentials. In the Web2 world, we are reliant on identifiers from intermediaries - Facebook, Google, and email providers - to connect us. This obviously has massive consequences for privacy as these intermediaries aggregate, use, and sell our data. DIDs reduce the influence of centralized identities and restore data control to the individual. The design enables the controller of a DID to prove control over it without requiring permission from any other party.
Verifiable Credentials (VCs): Whereas NFTs signify ownership of a digital asset, VCs constitute ownership of an attribute. VCs can represent a wide variety of one’s attributes - diploma, citizenship, achievements, contributions, credit score, etc. - that can then be reflected through a DID. Unlike NFTs and other crypto assets, VCs are non-transferable and specific to a DID, and by extension, an individual.
Data integrity and interoperability amongst previously siloed parties are the ultimate goals here. The data silos and physical credentials that still define our identity systems today have many shortcomings. You can imagine a VC-rich world where a US citizen that emigrates to another country could transfer their credit history rather than starting anew. Their credit score would be reflected as a credential verified by a US Credit Bureau and its DID, and easily confirmed by the new country’s credit bureau at the consent of the individual.
McMullen’s Disco (which we at Raised in Space are fortunate to be an investor in) utilizes DIDs and VCs to allow users to manage holistic identity profiles, analogized as ‘data backpacks.’ Like a backpack, your Disco identity profile is portable across different environments and contains digital compartments that house the disparate data pieces that make you…you. DIDs have associated on-chain public keys linked to off-chain VCs which are hosted by the user. Like the credit example illuminates, users maintain control over who can access each of their VCs. This modularity allows users to share only VCs that are relevant in the context of a specific environment or instance.
This embedded user control is in stark contrast to the way our identities manifested in the web2 world. Moreover, there is a depth enabled by DIDs and VCs that enables users to project information in a layered fashion. I like to conceptualize this depth as similar to a Matryoshka doll (nesting doll) whereby a VC may have an overarching disclosure that then has many other associated, and perhaps more sensitive, ‘sub-disclosures.’ Take education and college degrees for example, which McMullen discusses in the Bankless episode. A college degree could represent one outermost ‘layer’ of a VC, which then extends to more sensitive and specific layers like a transcript. In some instances, that outermost layer would satisfy a particular request. In others, secondary layer disclosures would be needed. But what if you didn’t finish college? College credits are largely acknowledged in the context of a whole - i.e., the degree. Either you graduated and get credit for the whole, or you didn’t and get credit for nothing. This sort of ‘gatekeeping,’ as McMullen describes it, is holding students back. VCs can enable ‘scenarios like reverse transfers where students can get credit for courses already completed, which can lead to associate degrees and real opportunities,’ according to McMullen.
While DIDs and VCs aren’t exactly novel concepts, Disco’s deployment of them in a consumerized fashion across an increasingly interoperable web3 ecosystem is novel. Because VCs are compatible with 90 different types of keys, Disco’s dynamic approach makes it better equipped to serve as a universal identity standard for web3 and beyond relative to SBTs.
Web3’s Most Pressing Problem
While Disco has vast applications across the digital and offline worlds, what especially intrigues me is how it can potentially address one of the biggest problems plaguing the industry and hindering overall ecosystem growth: rug pulls. NFTNow describes these types of scams as:
‘a malicious act in which crypto developers lure in early investors and then abandon the project by either (1) taking off with the project funds or (2) selling off their pre-mined holdings, with the intention of draining all funds from investors.’
According to Chainalysis, in 2021 alone, rug pulls cost community members a collective $2.8 billion.
While ‘onboarding friction’ and ‘lackluster UX’ - often cited as major current roadblocks to outsider adoption - are largely product optimization problems that can and will be overcome, rug pulls represent more of a systemic issue that requires an industry-wide solution. These scams can, understandably, leave victims disenchanted with the entire industry. So when I think about what’s both stymieing growth and contributing to web3 participant churn - it’s rug pulls.
That’s why we need to start self-regulating. We need more generally accepted consumer protection practices to prevent bad actors from continuing to prey on the lack of effective safeguards in the space. And that starts with having identity standards in place that have the potential to preserve anonymity while simultaneously proving the trustworthiness of a creator.
Team evaluation is always a key piece of criteria when evaluating an investment in both the private and public markets. What have the founders or management teams accomplished in the past? Why are they uniquely suited to tackle a problem or lead the company going forward? Some might say that NFT projects aren’t companies and labeling them as such diminishes their artistic orientation. In some cases, that’s correct and pseudonymity can actually provide increased mystique and value (i.e. Banksy). But make no mistake about it, leading projects in the space - Bored Ape Yacht Club, Moonbirds, Doodles, FlufWorld, Artie, Altered State Machine, etc. - look a lot like companies with roadmaps for growth, revenue line expansion, and further IP exploitation.
Of course in the traditional finance (TradFi) space, operating a company pseudonymously or anonymously is rather inconceivable. Said company would find it difficult to establish credibility and attract outside investment. You need people to sue and a means of recourse in the TradFi space, but that’s not the case in web3. Of course the opposite instance, where biases can impede known founders from fundraising and scaling companies, is an unfortunate and all-too-common occurrence. As such, the web3 industry is (largely) a collective proponent of pseudonymity and its benefits in reducing the discriminations that can come with gender, race, political affiliations, pedigree etc. and that’s a beautiful thing in most respects. In some cases, remaining pseudonymous is a protective measure against kidnapping and other crimes that have been perpetrated against perceived crypto whales. But it’s also undoubtedly creating an accountability loophole that has cost us billions of dollars.
There have been attempts at putting safeguards into place. Civic, a decentralized identity verification firm, launched its Civic Pass program to verify the real world identities of project founders. This, in turn, would allow project founders to establish trust with their communities while retaining pseudonymity or anonymity through the project. In January, a project on Solana called ‘Big Daddy Ape Club,’ a lazy derivative of BAYC, scammed users out of $1.3M despite its founders being verified through Civic. This was allegedly the same founders’ third scam, and they remain at large - which brings into question the effectiveness of Civic’s Pass product.
Taking a different approach, a new Ethereum token standard - ERC-721R - has been proposed that would incorporate a refund mechanism. The mechanism would lock funds transferred to a smart contract for a specified period. During this ‘refund’ period, the creator would be prohibited from withdrawing any funds while any minters (i.e., buyers) could get their money back. While the standard is an effort to improve the space, its current iteration poses many questions. For one, it’s the creator that ultimately decides on the length of the redemption period; what’s to prevent the creator from simply rugging after the period ends? The refund mechanism might provide a veneer of credibility, but isn’t really a true determinant of a creator’s trustworthiness. Second, the redemption period opens the door to arbitrageurs on the collector side who might purchase assets only to initiate a refund if the floor price drops below the refund price. This would put creators in a precarious position. Finally, and most importantly, the standard leaves us in the same Ethereum silo as SBTs, unable to interoperate and prevent rug pulls on other L1s - like Big Daddy Ape Club.
Proving trustworthiness requires going direct to the identity source. If project founders choose to remain pseudonymous or anonymous, we should require a minimum viable identity disclosure (MVID). The MVID, similar to a credentials data room of sorts, would be a set of verified credentials and references that serve to demonstrate a founder’s credibility. What have they done in the real or digital world that might imply their commitment to this particular project? Are there notable contributions to projects they’ve made that can be expressed as verified credentials? Who (preferably a known person) can vouch for their trustworthiness after having direct dealings with them? This would be the same as a founder including both personal and customer references during a fundraise - again, a very standard practice in the traditional world. If there is no MVID associated with a project, then buyer beware.
Of course, this concept is far from flawless and we can’t conflate prior actions with definitive trustworthiness. There could inevitably be pseudonymous creators that establish credible reputations over the long-term only to rug in their last act (the long con!). But the longer a pseudonymous creator operates, the larger their audience grows, the more commercial opportunities are unlocked, and the more valuable that persona becomes. The anonymous creator behind the wildly popular Bored Elon Musk account articulated this phenomenon and discussed scams in general on a recent episode of Web3 Breakdowns:
‘Plenty of people are bad actors in plain sight. Take Adam Neumann and WeWork or Elizabeth Holmes and Theranos - these people are scamming others for billions of dollars and you know exactly who they are. And those aren’t edge cases. These things are happening every single day across many industries. One can argue that if you have someone to sue, it will make it less likely for that person to scam you. That is a fair argument. My response is, anyone who has built up a reputation and spent enough time growing their community has something to lose. I have something to lose. So, if you’re looking to invest in someone with a pseudonymous identity that has not existed for a long enough time or built up a reputation, maybe think twice about it. I think if someone has something to lose, that’s going to make them behave more ethically. And for me, I’ve invested a lot. The Bored Elon account is a huge investment. It’s hard to quantify, but it’s worth a lot of money and I don’t want to jeopardize that by being a bad actor.’
And so not investing behind a new pseudonymous founder is what we’re confined to now in order to protect ourselves. And it’s a necessary measure given the scale of scams in the space, but it can also be stifling for many good-natured creatives (like Bored Elon) that wish to remain behind the scenes. So perhaps the MVID might be best applied to newer pseudonymous creators. While these newer creators might not have established artistic or project lead track records, Disco’s data backpack is built to be compatible with attesters in both the web3 and traditional worlds.
Even with its flaws, the MVID concept sets an expectation of disclosure and makes for a more informed buyer set. Again, these types of disclosures are commonplace in the traditional world and the absence of them would be a major red flag. We need to establish similar expectations in our industry. It’s time to self-regulate. The tooling, through Disco, is being built for us to do it in a manner that’s secure, consent-driven, and compatible with the old and new world.
This post references the following writings and podcast episodes:
“Soulbound: On or off Chain? | Vitalik Buterin and Evin McMullen”. Bankless, by David Hoffman. June 8, 2022. (Podcast)
Weyl, E. Glen; Ohlhaver, Puja; Buterin, Vitalik. “Decentralized Society: Finding Web3’s Soul”. May 10, 2022.
“Why Solana’s Frequent Downtime Doesn’t Bother Kyle Samani.” The Chopping Block, by Haseeb Qureshi, Robert Leshner, Tom Schmidt, Tarun Chitra, and Kyle Samani. June 13, 2022 (Podcast)
Rossow, Andrew. “Scams Explained: What are Rug Pulls? Are They a Crime?” NFTNow. April 14, 2022.
“Bored Elon Musk: A Parody That Became a Company | Bored Elon Musk”. Web3 Breakdowns, by Eric Golden. June 10, 2022. (Podcast)
Meanix.eth. “The End of NFT Rug Pulls?” CoinDesk. April 19, 2022.
The Chainalysis Team. “The Biggest Threat to Trust in Cryptocurrency: Rug Pulls Put 2021 Cryptocurrency Scam Revenue Close to All-Time Highs.” Chainalysis. December 16, 2021.