Web5: a plain English overview

Jack Dorsey recently announced the creation of “Web5”, a play on Web2 + Web3. His basic thesis is that Web3 has the right idea in aiming for a more decentralised internet, but is using the wrong tools. By “wrong tools”, he means blockchains (a core component of Web3) which claim to be decentralised, but aren’t.

In Dorsey’s view the only blockchain that can truly call itself decentralised is the Bitcoin blockchain. While there’s room for debate here, he’s got a point. A lot of other blockchains have either shown outright that a small number of people have edited the “immutable” ledger, or show signs that they could.

Not Bitcoin. Many people have tried to change the Bitcoin protocol in all sorts of ways over a 13 year period, and all have failed miserably. So as far as Dorsey’s concerned, Bitcoin is the solid base layer - the foundation - you want to build the decentralised web on top of.

So what’s he building?

Web5 products: decentralised identity and storage

I imagine there will be a lot to come with Web5, and it might become the basis for how all applications are eventually built. But you’ve got to start somewhere.

For Dorsey, that’s with decentralised identity and storage. For the purpose of this post I’m going to try and stay away from some of the associated jargon you may have heard like DID’s, DWN’s, DWA’s etc. as much as possible and stick to human language. So what do we mean by decentralised identity and storage?

Let’s look at that in the context of how the internet works now in Web2 world, versus how it could work in a Web5 world.

Identity and storage in a Web2 world

In Web2 world (the world we inhabit currently), when I visit a web application such as Spotify, they first need to prove who I am, so they can present me with my data (i.e. playlists etc.), so I can play their music.

To do that, first of all they make sure that I am who I say I am by asking for my login credentials - typically an email address and password. Then they go out back, fetch my data, and present it to me in order to serve my purpose - playing music.

That’s all well and good, but there are a few issues with it. The main one is that all of that data of mine - the login credentials and the music preference data in this case - is on their database. In order for them to verify my identity by giving my email and password, they need to store that same email and password in their database so they can cross reference it to “let me in”. The same goes for my preference and playlist data. It’s my data, but in order for them to fulfil my desire of listening to music, in a Web2 world, they need to keep it on their database.

This begs the question - who’s data is it? And what are they allowed to do with it other than serve my purpose of playing music? It’s worth noting that once they have all my data, there’s nothing technically stopping them from giving (or selling) that data to anyone else. They have the data on their database after-all. Now, if they did give my data away it would be considered unethical and would cause them reputational damage, but the fact remains that it’s possible to do it anyway - willingly (through a sale) or unwillingly (through a hack).

Identity and storage in a Web5 world

Now let’s look at Web5 world. In this world, I would show up to Spotify in the same way I did before. But this time they don’t ask for my credentials, cross reference it in their database, and present me my data from their database. In this world I just show them my decentralised ID (DID), which you could think of as a kind of digital passport, and instead of them going out back and fetching my data from their database, instead, I give my data to them and they present it back to me. For example, Spotify asks me for my playlists, I give them to Spotify, and they construct the playlist on their platform so I can listen to their songs in the sequence I desire.

So this is a fundamental shift in how data storage works. In this case, Spotify could never share my data, willingly or unwillingly, with anyone else because they don’t ever store the data. I do. It’s mine. I own it and store it, and I only give it to other parties for the sole purpose of fulfilling a given purpose at a given time.

At this point you might be wondering how you’re going to store all of that data and ship it around to different apps to use. And it seems like that would be a nuisance to manage - but the Web5 folks have solved that.

How Web5 data storage works - a safety deposit box in cyberspace

So we’ve established that Web5 changes things from the app storing your data and presenting it to you, to you storing your data and giving it to the app so they can present it to you. Which begs the question, where are you going to store all of that data? You probably don’t want to clog up your hard drive with all data for all apps. And what if you lose it?

In Web5 technical language, this is solved using what’s called a decentralised web node, or DWN. In layman’s terms, you could think of it as a safety deposit box in cyberspace, which only you have the key to. When you show up to an app such as Spotify, you just give them the key and they go and fetch the data from your DWN for you. You could restrict access so they can only access what they need to serve your purpose on Spotify, so they can’t just access all of your data that you carry for all other apps. It’s safe.

So you own your data - big whoop?

It’s possible that you’ve thought to yourself that you don’t really care if companies hold onto your data. Like I said, it’s generally in their best interest to treat it with respect and not abuse it, so who cares if it sits on their database vs mine? To that I’d say there are two ways to look at this - philosophically, and practically.

The philosophical case for owning your data

Some people don’t care about owning their data from anything more than a purely practical perspective. But there are others who do care beyond mere practicality, and they really care. Practical reasons for owning your own data aside, it’s the principle of it all. It doesn’t belong to the company. It belongs to the user, and the user should have sovereignty over it. And that’s really all there is to say on that front. If you have a deeply principled position that no company should have custody, let alone ownership of your data, Web5 is for you.

But for those of you who couldn’t care less about owning your data from a philosophical perspective, there are also some deeply practical benefits to owning your data as well.

The practical case for owning your own data

Security

So in the Web5 world, you don’t give up custody of your data. You store it in a safety deposit box in cyberspace (your DWN), and importantly, you hold the keys to that box. In one way this is good because it means you’re safe if an app you use gets hacked. The hacker can’t get your data because the app doesn’t have your data.

So you have control over your own keys, but you can lose those keys just like you can lose your car keys. And it’s unlikely that there’ll be any locksmiths to cut a new key for you in Web5 world. You see this kind of thing with bitcoin, which uses a similar digital “key” system. People have lost hundreds of millions of dollars worth of bitcoin in landfill because they threw out a hard drive with their keys on it. Ouch. So maybe you’re safer storing your own data. But maybe you’re much better off just leaving it with the apps you use, for the same reason you keep your money in a bank. What’s apparent to me here though is that the user should have the option for either, and Web5 could allow for the user to have that choice.

Integration alternative

Let’s take our example before of collating playlists to use with Spotify. Spotify owns the audio data (the songs), but I own the playlist and preference data. Now let’s say one day I want to switch to Apple Music, who have pretty much all of the same audio data, but none of my playlist data. Ideally, Spotify and Apple Music would integrate with each other, and I could just request Spotify transfer all of my playlist data to Apple Music so I can seamlessly transition with all of my data and listening preferences. But they don’t do that, because they compete with each other. They don’t want me to switch providers, so they make it as annoying as possible to do so.

But if I have the data, Spotify and Apple Music don’t need to integrate. I can just give it to Apple Music without Spotify’s permission, because it’s mine and I have custody of it. As long as Apple Music knows how to read the Spotify playlist data (a relatively simple thing for an engineer to implement), all of my playlists will be ready for me on Apple Music when I switch over. Voila!

This is actually a big deal. A lot of productivity is lost in the tech world due to different providers not integrating for one reason or another. But now it doesn’t matter. If two providers don’t create a bridge to share data, I can be the bridge, because I’m the one with the data.

That’s not to say we won’t ever need integrations again, because sometimes apps need to share data that doesn’t belong to the user. For example, Uber gets map data from Google Maps. I can’t facilitate the transfer of that data, because it’s Google’s data, not mine. But there are many situations where I just want two services to share my data between them, but they won’t. Web5 solves that.

Your data, yours to monetise

In a Web2 world, companies who have custody of your data often monetise that data. Facebook does this by allowing advertisers to serve you deeply targeted ads by renting out your anonymised data to those advertisers. Linkedin straight-up sells the un-anonymised data to buyers via products like Sales Navigator and Recruiter. It’s data you’ve made public for free, but they still manage to sell it with add ons such as advanced search filters.

In a Web5 world, companies couldn’t monetise your data without your express permission. As a result, many people wouldn’t give permission. To counter that, companies could make an economic calculation that it would be worth it to *pay* you for your data, and you might deem that to be worth it. The important thing again here is that the choice is yours.

Now, it’s worth noting that those platforms give you “free” access to their software, which you could argue is their “payment” for your data. But the vast majority of users are not aware they are even entering into this trade. Some might realise that they’re being served ads and conclude that’s what’s paying for the platform (in the case of Facebook, for example), but most people have no idea of the extent to which their data is being fed into the advertising models, and how much money the platforms are making from it.

Web5 has the potential to make these types of relationships opt in for the user, rather than opt out - and that drastically changes the dynamic between users and platforms, in favour of the user.

Conclusion

Web5 could fundamentally change the way all apps are built. But in order to get there, two big hurdles need to be overcome: user adoption, product adoption. Users need to get their head around the fundamental shift of owning their data, and the tech that surrounds that (i.e. a digital wallet). If users see enough value in this concept, they will work to overcome that hurdle. But we also need products and apps to start building things in this way. There is value in allowing users to take custody of their data vs the product, but there are also drawbacks (i.e. you can’t monetise data you don’t have).

I personally think Web5 offers people more control and sovereignty over their data, and that it will be a good thing if adopted. But only time will tell.