One of the crypto industry’s biggest players is experimenting with ways to give its users more control of their personal information.
Crypto exchange turned corporate unicorn Coinbase has a 17-person team currently exploring decentralized identity solutions. B Byrne, the product manager of Coinbase’s identity team, told CoinDesk he wants to “help people own more of who they are online.”
Revealed exclusively to CoinDesk, Byrne’s approach relies on creating bridges between Coinbase products, such as its mobile wallet, with a built-in decentralized application (dapp) explorer.
“I’m looking at dapps, and which of our customers are using which dapps. That’s probably a good indicator of what types of activities [our customers] want to be doing in an on-chain way.”
In Byrne’s mind, the best way to start lies in identifying a small segment of Coinbase users who would gain real value from controlling more of their personal data, rather than Coinbase repeatedly collecting and storing their know-your-customer (KYC) information across the platform’s products.
Over the next 12 months, Byrne said his team aim to scale these experiments from just a few users to a “meaningful group” of dapp users. In addition to tech-savvy power users, Byrne said identity solutions could have the most immediate impact for customers that “aren’t getting access to things because it’s too hard as is.”
“We think it’s an important part of our future and we’re thinking about the tools we need to ship for that.”
As such, Byrne said his team is talking with projects like the W3C Credentials Community Group. W3C co-founder and crypto veteran Christopher Allen told CoinDesk the group aims to launch a Decentralized Identifiers (DIDs) Working Group in January that can recommend standards through the Massachusetts-based World Wide Web Consortium.
Although Allen is urging companies like Coinbase to take a more active role in these standards-building efforts – arguing that at least 5 percent of a tech corporation’s budget should be devoted to community contributions – Byrne said Coinbase is hesitant because such efforts are still too academic and might distract from the daily priorities of serving customers.
Indeed, Coinbase’s VP of corporate and business development, Emilie Choi, told CoinDesk there aren’t plans so far to delegate a portion of the $300 million Series E that Coinbase raised in October to the identities team or related community projects – aside from perhaps hiring at least three more digital identity experts.
Joseph Weinberg, chairman of data network Shyft, told CoinDesk that the whole industry needs to “figure out and formalize better ways” to standardize development models related to digital identities. Shyft is already working with government entities in Bermuda and Mauritius to test data-sharing and privacy technologies.
“You need to also focus on the governance part [of development] because these are systems that people work with,” Weinberg said. “That’s the problem that we’re not so good at in our space.”
By starting with a few Coinbase Wallet users, Byrne’s team hopes to find niche groups that could benefit from partially decentralized identity solutions in specific, regulator-friendly contexts. The operative word here is “partially.”
“We want to protect [Coinbase] users and make sure it’s really safe,” Byrne said. “I spend time thinking about the Social Security Administration or the DMV [Department of Motor Vehicles] , because they are the purveyors of so much identity today.”
Based on his own experiences building international and compliant privacy solutions, Shyft’s Weinberg told CoinDesk he doesn’t think decentralized identity solutions will ever allow crypto exchange users to control all their own data.
Regardless, Weinberg said companies can cooperate to give users the right to choose how data sharing happens.
“I have no problem paying for a service where I know how [identity data] is being used.”
When it comes to building such systems, Allen, the W3C co-founder, emphasized the importance of distinguishing authentication – “the relationship between the digital data and a real person” – from authorization – “the ability to do different types of things,” such as buying securities.
Coinbase’s Byrne generally agreed with this distinction, adding “at this point, it doesn’t feel like there’s a clear standard that we’ve agreed on that solves a problem.” He said it would be a steep commitment for Coinbase to be involved with each group that is currently working on its own identity standards.
For example, if the crypto exchange Kraken was already operating in one Caribbean country, then if companies like Coinbase entered the region they could simply query the international ID network for overlapping data instead of on-boarding users all over again.
It takes a village
Even if Byrne’s team develops identity solutions that reduce cross-platform friction or increase customers’ privacy, these solutions will probably rely on public tools and protocols that exist beyond Coinbase.
“It’s not a zero sum game at this point,” Byrne said. “Whatever standards we agree on, upkeep will be critical.”
To underscore this same point, Allen mentioned the infamous Heartbleed vulnerability that impacted several types of open-source software in 2014. That ripple effect across the tech industry started because just one person was updating the OpenSSL code years after its initial creation. A critical bug eventually crept in.
“I don’t want to see that problem replicated in the bitcoin world,” Allen said. “I would like it for customers to say: I don’t want to hire a qualified custodian unless you’re contributing to the commons.”
Plus, Allen said, official working groups like the one that his W3C community project aims to become, can create international standards that are referenced as an authority by regulators and technologists alike.
Without commenting on any specific resources or priorities, Byrne agreed Coinbase would need to commit to keeping the infrastructure for future solutions “healthy.” Byrne also expressed curiosity about how Coinbase could someday take a more active role in community efforts.
“A failure mode of past identity thinking has been trying to win it and own everybody’s identity completely as opposed to working in standardized ways that decentralize and distribute out that power,” Byrne said, adding:
“Everybody is still just getting started.”