A visitor takes a picture of an image designed with artificial intelligence by Berlin-based digital … (+) creator Julian van Dieken (C) inspired by Johannes Vermeer’s painting “Girl with a Pearl Earring” at the Mauritshuis museum in The Hague on March 9, 2023. (Photo by Simon Wohlfahrt / AFP) (Photo by SIMON WOHLFAHRT/AFP via Getty Images)
AFP via Getty Images
This is the second installment in a four-part series on the intersection of crypto and AI. The first article explored whether crypto can counter AI’s centralizing force and meet an increasingly insatiable need for compute. Today, we examine if crypto can bring back robust identity and provenance in a world flooded by AI.
Crypto’s chances of decentralizing AI in the near term are very slim. But can it at least help counterbalance some of its side effects? We suddenly live in a world where generative AI can flood any digital platform with infinite content, can perfectly impersonate us through text, audio and video, and replicate human behavior with minimal training.
While this poses some deep questions about what it even means to be human—Meghan O’Gieblyn has a thought-provoking book on the topic—it also presents some more immediate and pressing questions for every platform we rely on today. To some extent, none of this is new: Facebook and X have been fighting bots and inauthentic behavior for more than a decade. Yet, the scale and sophistication of what’s now possible is unprecedented and remarkably human-like, reaching far beyond fake profiles or misinformation.
Our society depends on countless systems designed under the assumption that distinguishing humans from machines is possible. While CAPTCHAs have become more advanced—they now leverage AI to combat AI through behavioral patterns, keystroke dynamics, and trackpad movements—it’s uncertain how long these tiny and frustrating Turing tests will remain effective. As Dzieza aptly noted, “There’s something uniquely dispiriting about being asked to identify a fire hydrant and struggling at it.” The entropy generated by our actions still carries a distinctly human fingerprint—likely due to the intricate interplay between our nervous system, its various components, our body, and even cellular dynamics. However, it’s conceivable that AI could one day master this as well.
A biometric data scanning device used to scan the iris of people in exchange for the cryptocurrency … (+) Worldcoin, in Buenos Aires on March 22, 2024. (Photo by JUAN MABROMATA / AFP) (Photo by JUAN MABROMATA/AFP via Getty Images)
AFP via Getty Images
Can Decentralized Identity Beat Centralized Systems?
In 2021, most dismissed Worldcoin’s vision of transforming identity verification with an eye-scanning orb as laughable and dystopian. Yet, as the need for stronger “personhood credentials” becomes more urgent, its premise may feel less far-fetched. As AI accelerates, so does the need to restore scarcity and safeguard processes from Sybil attacks—threats where the low-cost creation of fake identities undermines the integrity of systems.
Enter crypto—the industry that turned digital scarcity and Sybil-resistance, starting with Bitcoin, into a $3 trillion ecosystem. While critics often dismiss it as a series of Ponzis, crypto remains, for better or worse, the one sector that has successfully onboarded millions into the practice of self-custody of digital assets and the difficult discipline of securing private keys. Crypto-based experiences have long paid a significant price for this added complexity compared to the centralized systems they aim to replace. However, this may shift if the user experience improves without compromising on stronger privacy and control over data.
But where can decentralized identity realistically outperform centralized solutions? Much like the debate over whether crypto can decentralize AI, the answer lies in a simple set of trade-offs, which we turn to next. Regardless of the technology, any solution must be intuitive for humans while costly for AI. Yet, if AI can enlist a human workforce, we may ultimately have to accept that humans and AI will operate on increasingly equal footing.
Disrupting From the Ground Up
Decentralized identity exhibits the key characteristics of a disruptive technology (see graph below): it falls significantly short of centralized alternatives in critical performance areas valued by incumbents, such as delivering a seamless user experience and meeting regulatory requirements. At the same time, it enhances privacy and data ownership, and its open architecture enables developers to freely recombine components to create new products.
Proponents of decentralized identity argue that it could be vastly superior to the status quo—even in regulated financial services. Today sensitive personal information is duplicated across systems—e.g. for know-your-customer (KYC) purposes—increasing the risk of leaks and leaving users with little control over how their data is used. Ironically, the fragmentation of data across providers complicates compliance efforts by making it impossible to obtain a comprehensive view when required. An architecture where users have greater control over their data and disclosure only happens when necessary could be both safer and more compliant.
Such a user-centric approach would have strong, pro-competitive effects on digital platforms in messaging, social media, and commerce. Because of network effects, these verticals are dominated by a small number of players who control how user data is used and monetized. Decentralized identity would lower user lock-in and enable easier data portability by allowing users to seamlessly transfer their social graph, interactions, or transaction history between platforms. It would also deliver new forms of interoperability between services, and developers could design products that combine in a modular way components from different systems.
Evolution of centralized and decentralized identity performance over time across high- and … (+) low-regulatory applications (inspired by Christensen’s theory of disruption)
Christian Catalini, 2024.
Yet most users today willingly trade privacy for convenience—and are likely to keep doing so, especially when it means accessing increasingly powerful, albeit invasive, AI tools. In the absence of a privacy black-swan event, decentralized identity will only overtake centralized solutions when it significantly improves usability and exceeds the current regulatory bar. If it succeeds on both fronts, disruption will follow.
But big tech companies won’t give up control over identity easily. By integrating elements of decentralized identity—such as verifiable credentials—and shifting parts of AI training and inference to users’ devices, they can address privacy concerns while preserving their gatekeeping role, ultimately reducing the value of decentralization. Governments will also want to retain significant control over digital identity, as it is crucial for law enforcement, national security, taxation, and the delivery of public services.
Christensen’s theory of disruption accounts for this challenge, emphasizing that disruptive technologies often gain traction by solving problems incumbents consider insignificant—until they evolve to dominate mainstream use cases too.
Within crypto, this pattern is evident with Bitcoin: initially dismissed by central bankers and economists as a poor store of value and an impractical medium of exchange, it has steadily gained adoption—from crypto enthusiasts to traditional financial institutions and now governments. As it continues to diffuse, Bitcoin could ultimately challenge the US dollar and become a new type of global reserve currency. Decentralized identity may follow a similarly gradual yet transformative trajectory.
Passport of woman who immigrated from her homeland to the United States thru Ellis Island.
Getty Images
The Government’s Role
While government-issued identification has existed for centuries, the modern passport emerged as a response to the surge in immigration to the U.S. following World War I. Over the years, it has evolved through a constant cat-and-mouse game with increasingly sophisticated counterfeiters and forgers.
Passports epitomize the “last mile problem,” serving as both digital and physical documents. Their integrity and validity depend on the holder matching the biometric data stored on the embedded chip and the printed information on the physical pages, which are secured with advanced printing techniques, holographic elements, laser engraving, and specialized materials.
Countries like Estonia, Singapore, India, China, and several in Europe have broadened the scope of services accessible through digital IDs, including public services, welfare, age-restricted purchases, websites, and social media. It is easy to envision governments advocating for similar solutions to address the rising challenges posed by AI, potentially involving biometrics—though such measures could raise significant concerns around privacy, surveillance, and accessibility.
In the U.S., the track record of the public sector collaborating on this with private companies such as Id.me and Clear Secure has been poor and includes everything from verification lapses to privacy and reliability problems. In these applications, the introduction of biometrics increases security but also risks: because biometrics are irrevocable, a breach of raw biometric data at a private provider is damaging and irreversible. Modern implementations mitigate this by using biometric tokenization, converting raw data into encrypted tokens, but trust in the provider to perform this correctly and avoid being compromised is still necessary.
Overall, this shows that governments should not pick winners but instead allow market forces to shape the application layer of identity. At the same time, regulators have a critical role to play in protecting privacy and ensuring that the digital identity ecosystem of the future is built on robust open protocols and standards. They also have the ability to deliver some of the most foundational attestations and verifications that citizens and businesses will need to ensure the ecosystem is truly trustworthy and useful.
Driven by national security concerns, countries like Estonia had to embrace digital identity more than two decades ago. Today, their bet powers everything from public services to safer merchant payments. As the AI threat rises, more countries will follow.
What proponents of decentralized identity often overlook is that, while bottom-up approaches may provide enough signal for some applications, it is only through government-issued IDs that participants gain the associated trust, legal assurances, and recourse. The sooner government IDs embrace open protocols, the faster decentralized identity can address high-value applications.
Apple Wallet icon displayed on a phone screen (Photo by Jakub Porzycki/NurPhoto via Getty Images)
NurPhoto via Getty Images
Big Tech’s Battle for Your Digital Wallet
Centralized identity and authentication systems offered by major tech companies come with several advantages. They are user-friendly and familiar, feature battle-tested access recovery mechanisms, and can be strengthened through multi-factor authentication. They also benefit from the significant security investments made by these companies, shifting the burden of protection away from consumers and businesses.
With millions of people relying on “sign-in with” flows every day—Okta estimates that 73% of social logins on its platform are powered by Google—these systems represent the most successful and advanced form of secure, global authentication. On mobile devices, companies like Apple, Google, Samsung, Huawei, and Xiaomi have fine-tuned biometric flows to deliver a seamless blend of enhanced security and convenience.
However, these tools grant tech companies visibility into every authentication, create a single point of failure in the event of vulnerabilities or breaches, and raise concerns about government surveillance in countries with weak privacy protections and laws requiring extensive data sharing with authorities.
Big tech companies have also been rapidly expanding their presence in financial services, a move that grants them access to government-issued forms of verification through know-your-customer (KYC) onboarding processes. This is particularly significant as these companies increasingly compete to dominate the digital wallet experience—spanning payments, credentials, reward and membership programs, ticketing, and travel. By positioning themselves as central identity hubs, they can secure a privileged role across these services and shape the resulting ecosystems to their advantage.
When combined with new forms of government ID such as RealID, these wallets can unlock the delivery of verifications in a privacy-preserving way. For example, in collaboration with SpruceID, the California DMV mobile driver’s license (mDL) has implemented a platform for issuing digital credentials, allowing holders to selectively disclose key information—such as confirming they are above the legal drinking age—without revealing their entire ID. Google Wallet lets users scan their U.S. passport for use at select TSA locations, hinting at its potential as a full-fledged identity and attestation platform. Similarly, Apple’s Wallet supports many types of digital cards, and its NameDrop feature already allows users to share information selectively.
Overall, as AI gets increasingly better at recreating liveness, both public and private solutions will need to develop new techniques to stay ahead, distinguishing humans from deepfakes and bots. But can decentralization play a meaningful role? That’s what we explore next.
LONDON – OCTOBER 14: A 3D facial recognition program is demonstrated during the Biometrics 2004 … (+) exhibition and conference October 14, 2004 in London. (Photo by Ian Waldie/Getty Images)
Getty Images
Decentralized Identity
Decentralized identity solutions are private, modular, and global. Instead of relying on credentials issued top-down by trusted authorities, they are bootstrapped from the ground up. Because they operate on permissionless networks, their identifiers and credentials work across providers, driving healthy competitive dynamics at the application layer.
But since building trust without leveraging existing institutions is extremely hard, their adoption has been very limited. To become truly useful, decentralized alternatives will have to evolve to resemble their centralized counterparts in terms of usability and compliance. Without this transformation, they will remain confined to problems that do not require off-chain enforcement or legal protections.
That does not mean decentralized identity cannot already address highly valuable business problems. In fact, this aligns with the theory of disruption: by tackling issues that centralized providers cannot or choose not to address, and by enabling solutions impossible under traditional architectures, decentralized identity can evolve until it can unlock mainstream adoption.
Whenever the demand for stronger identity or reputation stems from business needs rather than regulatory requirements—such as a protocol or game developer aiming to reward humans, but not bots—decentralized solutions can offer a viable alternative. Similarly, while they may not meet the same standard of certification as a trusted third party, they may be able to reduce risk enough to enable transactions that would otherwise be impossible.
The parallel here lies in how onchain analytics have enabled blockchain networks to remain open while simultaneously interfacing with regulated institutions that need to assess the risks of transactions entering or leaving their perimeter. Decentralized identity could improve these tools without compromising privacy.
Crypto wallets began as passive apps for storing private keys but are quickly evolving into active, programmable tools capable of storing user credentials and selectively disclosing information. Onchain attestations—such as those provided through the Ethereum Attestation Service (EAS)—build on this by allowing trusted issuers to store relevant information onchain for others to access and build upon.
While the resulting model is also wallet-centric, similar to those proposed by tech companies, it is unsurprisingly far more user-centric. As individuals gather attestations from financial intermediaries, communities, reputation networks, educational institutions, employers, and other sources, a robust measure of their trustworthiness and humanness can be rapidly established. In essence, this approach makes information about individuals and businesses—often already available on the public web or in the databases of digital platforms—more accessible.
A key question is whether this universe of credentials and attestations will require biometrics. Worldcoin is betting that it will, deploying its orbs globally to enable individuals to bridge the last mile between onchain and offchain systems by scanning their retinas. If Worldcoin succeeds in creating defensible network effects around its World ID and making it useful across various applications, it could control the next iteration of the passport—one that is global and not tied to any single country.
SpruceID approaches the same problem from the opposite direction by gradually integrating government IDs into the onchain ecosystem. Their solution already supports selective disclosure and offline verification, allowing users to utilize credentials like a driver’s license without the issuing DMV being aware of the transaction. By bridging the gap between traditional systems and decentralized technologies and incorporating high-trust, government-issued credentials, SpruceID may be able to accelerate the viability of decentralized identity solutions.
Onflow takes a hybrid approach to bootstrapping trust from government IDs without directly involving the public sector. Their onboarding process, designed to run on a user’s device for enhanced privacy, leverages the rigorous verification already performed during passport issuance to create an onchain attestation. This is achieved by reading the passport’s digital information, including the photo, from its RFID chip and comparing it to a biometric face scan conducted via smartphone. By using zero-knowledge proofs, Onflow enables users to later certify key information from their passport without revealing sensitive details—for instance, they can prove their passport is not from a sanctioned jurisdiction or confirm they are old enough to pass an age check.
These three examples demonstrate how decentralized identity solutions can differ in trust models, ease of use, and the role of third parties. Interestingly, many of the same considerations apply to the identity and provenance of digital content. With the rise of generative AI, digital content faces similar attestation and verification challenges. While traditional consortia and standards like C2PA are trying to tackle these issues, decentralized approaches could also provide critical proofs—spanning source, ownership, and authenticity—for various digital assets. For example, Story protocol envisions intellectual property ownership and transactions living on a permissionless network. As with digital identity, some of these digital provenance experiments may find greater success with new applications, media, and IP rather than integrating with existing systems. However, as the pace of creation accelerates, this distinction may become increasingly irrelevant.
Fingerprint Authentication Button. Biometric Security Background
getty
But What Will the Future Actually Look Like?
Ultimately, whether centralized identity, secured by big tech on top of government IDs, or decentralized identity, secured by permissionless networks, prevails will depend on crypto’s ability to drive growth in new use cases that legacy technology cannot address.
Without a killer app that exclusively operates on crypto rails and accelerates the adoption of decentralized identity, it is unlikely that we will address the challenges posed by AI through the harder-to-use and less-compliant decentralized approach. While decentralized identity can be global from day one, enabling faster experimentation and more competition, consumers will still gravitate toward solutions that are simple, familiar, and already trusted.
Big tech will fight to retain control over identity, as it underpins so many aspects of a person’s economic and social interactions. Governments, on the other hand, may attempt to counterbalance this by adopting open standards, though they are likely to stop short of fully embracing permissionless networks—as illustrated by the California DMV example.
A killer crypto app that quickly drives adoption of decentralized identity cannot rely solely on the launch of a speculative token. Instead, it must address problems that don’t demand full regulatory compliance from day one, as that would first require changes to laws and regulations. While decentralized identity could improve KYC flows, shifting to a privacy-preserving model requires new rules. However, it may still help de-risk stablecoin payments and improve institutional treatment of DeFi liquidity pools.
Without a killer app, decentralized identity may stay in incubation for a while, with users quietly accumulating onchain attestations from various providers for different purposes within the same wallet. As these building blocks come together, developers will refine risk, fraud, reward, and compliance processes to counter increasingly capable AI, eventually making decentralized identity more useful—which, of course, is exactly what the theory of disruption would predict.
