DEV Community

Cover image for What's the point of Web5?

What's the point of Web5?

Rizèl Scarlett on September 18, 2023

Table of Contents Meet Dawson The Meeting The Ultimate Crisis - a stolen username What exactly is Web5? What is the point of Web5? Why ...
Collapse
 
pachicodes profile image
Pachi 🥑

Riz, this article is AWESOME, I feel bad for calling it an article, bc it is waaaay cooler!
The storytelling, the illustrations. Did you do that?

You are the best, and TBD is lucky to have you

Collapse
 
pachicodes profile image
Pachi 🥑

Just saw that your little sister did the art. she rocks!

Collapse
 
blackgirlbytes profile image
Rizèl Scarlett

Thank you! Yeah she does!!

Collapse
 
valvonvorn profile image
val von vorn

Yes, I agree;
I also like the art very much!

Collapse
 
blackgirlbytes profile image
Rizèl Scarlett

Thanks Pachi! Miss you <3 <3 and yeah like you saw my sister did the illustrations!

Collapse
 
andria_girl profile image
Andria Brown

All of the reasons in the Why would someone need ownership over their digital identity? section don't seem to be that well thought out in my opinion. In fact, the whole premise of this thing seems off.

I'm gonna try to explain where I'm coming from by going through each of the reasons you listed.

  1. There’s no way someone can steal your handle, just like what happened with Dawson's "@webheart" username.

    • The whole premise that someone can steal your username in this weird way seems entirely made up for the purpose of making this point. I have never heard of someone stealing another person's active username, this would be a catastrophic development failure and has nothing to do with not using SSI. And while I do get that a CEO could just fuck with the databases, using a DID doesn't get you back "@webheart"; it gets you a random 1,285-character identifier. Perhaps the argument that is more pertinent is that requiring everyone to be solely represented by their username limits what you can be known as online because someone else may have the username you want; however, using this as an argument for switching to SSI makes no sense because display names are already a popular concept. On top of that, SSI would actually be less secure than the common unique username with a display name scheme as impersonation would be significantly easier when using a DID since no one will ever remember someone's DID so all you would have to do is copy their display name.
  2. You can take your followers and content with you if you decide to switch platforms.
    You have full control over how your data is shared, reducing unwanted advertising and privacy breaches.

    • Reading further up on how the decentralization of data with DWNs works, it seems like this is not possible currently using just schema.org schemas (as they are ambiguous and allow for too much variation too be useful for interoperability). Instead, you would need to establish very rigid deterministic schemas designed for interoperability for each data/usage type and come to a consensus with all of the other companies/developers that are working with similar data.
    • Beyond that, the current state of access control with DWNs is decidedly not a privacy improvement. The unit of access control is the site and not users or groups; therefore, after granting a site access to your data, that site has the same level of access as it did before, and it can show anyone your data regardless of whether you approve or not. You might be thinking, "At least I can revoke access to my data," but you can already generally do that; in most cases, it is a requirement that a site delete your data if you request that they do so. This is an improvement in the ease of revoking access to your data; however, it does not seem worth migrating everything over for that.
    • And one last thing: it is never really explained who is running the DWNs. In order to give sites access to your data, you have to trust some random third party with your data on their DWN. This could easily lead to a supply chain security vulnerability in which your data is less safe than if it were in the hands of the company that would be more easily held to data privacy regulation.
  3. You can take your medical records with you, ensuring that you have access to your own health information wherever you go.

    • While having easy access to your own medical records sounds great, you'll likely run into issues with HIPAA compliance by trying to store PHI on a DWN. And no DWN would willingly store your PHI because of the hefty fines and possible prison time. Ease of digital access to medical records can be done in other ways.
  4. You control who has access to your medical data, making it more secure and private.

    • This is just like the second bullet for #2. Site-based access control lists are not an improvement in privacy and health providers are already legally required to protect the privacy of your PHI. Also, hospitals often need to share your medical data with other healthcare providers (pharmacies, laboratories, clinics, etc.) and sometimes even other hospitals. Pawning off all of this security management on the user and the DWN sounds like a UX nightmare.
  5. Your financial transactions are secure, and only you have access to your financial data.

    • This... just doesn't make sense. Banks are generally required to follow regulations that require them to save and monitor your financial transactions. But even looking past regulations, a bank manages your money so they have to have access to all of the data regarding your finances that they control. And it's not like access control really applies here either since you're not gonna be sharing your transaction data between two banks (maybe between a bank and budgeting app, but that's already a thing).
  6. You can easily prove your identity for online transactions, reducing the risk of fraud.

    • This also doesn't make sense. Are you suggesting that payment processors require you to prove ownership of an SSI wallet before being allowed to make purchases? This doesn't sound like a security improvement at all; it sounds more like adding extra steps in the name of security. If someone stole your debit/credit card and has your PIN, a digital SSI wallet isn't going to be able to stop them from using your card at a physical store.
    • An overarching issue I've noticed is that using an SSI wallet means that if you lose access to your wallet you lose access to all of your data permanently (no "I forgot my password") so if you went down that road for banking, you're potentially costing some people their livelihoods over maybe stopping someone from doing a little bit of fraud that the banks can just reverse anyway once it's reported.

Overall, "Web5" looks like it's just repeating the same issues as every other fully decentralized system before it that failed, ignoring those issues, and making outlandish claims about the things it will solve if implemented. It's a solution in search of a problem, or at the very least, a solution designed with total disregard for actual issues that people face.

P.S.
What was that "@webheart" stuff about? That was so random.

Collapse
 
blackgirlbytes profile image
Rizèl Scarlett • Edited

Ah, the @webheart stuff was a pop culture reference. As the kids would say, "The girls who get it, get it" haha.

It sounds like a made up situation and super ridiculous, but it's not! Recently, Elon Musk changed the name of Twitter to X, and he also took someone's username @X and only offered them merchandise as compensation for stealing their handle. I was poking fun at the situation and exploring if that would happen if you owned your digital identity.

Check out this blog post by Ebony Louis called "Who really owns your social media handles". It talks about the real life situation a little more in depth.

I get that a DID is a long alphanumeric string. But take BlueSky for example, you have aliases on top of your DID. I will expand on that in future issues.

Thanks for your perspective! I appreciate it, and it helps me to dig in a little deeper to some of the applicable use cases for Web5. I literally posted this my first day on the job. And my job is to learn in public. Those "claims" were my own or what I thought of as I've been exploring Web5. I understand most of your rebuttals, except for the aspect of data portability with followers/social media. That's one of the main benefits of Web5. At the moment, it's still under technical preview, so as it evolves, we will see how that's possible.

Future issues of blog series should allow me to expand on some of my thoughts concepts or even give me room to correct myself.

Collapse
 
samuelthng profile image
Sam

As inspirational as the reasons given are, I think Web 3, 4, 5, and other look to the future posts are quite meaningless, (in my very limited opinion) based on the fact that Web 1 and Web 2 are basically coined terms to describe a bunch of characteristics seen on the internet - characteristics that evolved organically as society jumped onboard the world of the internet, whereas web 3 and so on attempts to predict and even direct the internet. In my opinion, the attempts are not only feeble at this point, they do not matter much to the masses and the only people who can do anything about these predictions are engineers and readers of these articles.

Collapse
 
blackgirlbytes profile image
Rizèl Scarlett • Edited

This is a thoughtful and valid comment! Thank you for sharing your thoughts. I respectfully agree AND disagree with you.

I agree that we can’t force the internet to go in a certain direction and that people outside of software engineers don’t care about or even know about this.

However, I think technology is adopted if it’s accessible, has valuable use cases, and enough developer involvement. This is what drives a nice to have technology to become a must have technology.

Example back in the day, there were skeptics of web 1. It was mostly used by academics but once things like email came out, the masses saw the value and it became accessible to them. Or even something like AI. It’s popular now but it’s spent years being this thing that people tried to make popular but it was hard to adopt. There weren’t a lot of use cases and you had to have specialized knowledge to build with it. The companies like OpenAI made it more accessible for engineers to build with it and engineers found use cases like GitHub Copilot to build.

So it’s up to the engineers building this and the developer community to figure out what makes this usable and valuable. So far, the biggest example I’ve seen that some people are using is Blue sky which is a decentralized social media app. We just gotta stay tuned and see what happens!

Collapse
 
davidchuka profile image
David Chuka

enjoyed reading this. loved the storytelling style

Collapse
 
blackgirlbytes profile image
Rizèl Scarlett

Thank you, David!

Collapse
 
nfodor profile image
Nicolas Fodor

Best of class article, joyful to relevant.

Collapse
 
blackgirlbytes profile image
Rizèl Scarlett

Thank you! That is high praise

Collapse
 
konung profile image
konung

Nice illustrations and article , but I have a question - what happened to Web 4?

Was web 4 built by Google and then abandoned right after the launch ? 😀

Collapse
 
blackgirlbytes profile image
Rizèl Scarlett

LOL ha ha 🤭

it's web5 because they're hoping to take the best elements of web 2 and the positive principles of web 3. So web 2 + 3 = web5

Collapse
 
adaptive-shield-matrix profile image
Adaptive Shield Matrix

"This enables the creation of secure, user-centric, privacy-first applications."

There is no difference to the current WEB 2.0.
No one stops you to build secure, user-centric privacy-first applications right now with current WEB 2.0 technologies.

The Problem ?

  • The Incentives of corporations is to build apps, where they have total control over them. Why would a corporation who invests heavy money into something give it up freely (and possible die because of it) ?
  • Applications are not secure, because there are not enough incentives to secure them. More features / sales / growth / revenue is more important than a small possibility to get data breaches. The security does not win the cost-benefit-ratio. That stops a shitty WEB5 app to be completely insecure? You still have to trust the developer to implement everything properly (and his firm to not succumb to shortcuts / leaving money on the table).
  • Privacy first -> is not that users want. Only EU (or people in the EU) seem to care about data/privacy protection. US - does not care at all (except maybe California?). Nearly half the world is on facebook and eagerly share that they ate on breakfast.

Why would any of that change?
Incentives rule the world

Collapse
 
blackgirlbytes profile image
Rizèl Scarlett

Those are really good points. Here's the interesting thing though: I found that there are legit companies ALREADY building with web5. And I found out that a lot of big name companies like Microsoft and Auth0 are heavily investing in decentralization and decentralized identity. Like they have whole teams dedicated to it. And w3c developed a lot of open standards around the protocols and principles that web5 is built upon.

Right now, if I'm being honest..I'm still fairly new to the company I work at, so I'm not YET equipped to rebuttal you. HOWEVER, I'll keep this in mind because I do want to figure out what the incentive is..especially for the companies that are already building with web5.

Thanks for your comment!

Collapse
 
valvonvorn profile image
val von vorn

This is a parody? What is the point of inventing another version number for the web, even more so after controversy about Web3 and no relevant mention of a Web4 apart from some marketing buzz rebranding Web3 as Web4.

Someone claim the web has does not have the version numbers](hidde.blog/the-web-doesnt-have-ver...) why do people tend to invent the numbers anyway?

Sorry if your post was meant in good intention;
I was just triggered about something seeming like the Web3 BS.

Collapse
 
blackgirlbytes profile image
Rizèl Scarlett • Edited

I know the author of the blog post -- Hidde is a great Developer Advocate.

It's not a parody. The name of the technology -- Web5 is a bit tongue in cheek, but the technology is legitimate: developer.tbd.website/docs/web5/

I wrote this blog post on my first day on the job, so some of my views have evolved, but I wrote it with the intention of getting acclimated with the work that Block and TBD are doing.

Here's my latest blog post on the technology if that helps: dev.to/tbdevs/how-web5-and-bluesky...