Opinion (mine), not a fact: 95% of currently existing truly decentralized systems (typically blockchain-based) are rubbish. Or, if you're asking for more precise classification, they can be allotted as follows:
- systems that should never be decentralized (because there's no point) - example: all the corpo-blockchains
- modern equivalents of a Ponzi scheme AKA crypto-gambling - example: bitcoin
- obvious frauds that exploit naivety of hype-prone masses - example: NFTs
- messed up attempts of solving real-life problems, stuck because of technical/conceptual imperfections of 1st generation blockchains - example: 95% of the stuff based on so-called 'smart contracts'
In other words - not 'rubbish', but four different piles of ... rubbish.
It sounds harsh, I know. Nevertheless, I still FULLY believe in decentralized systems. Bah, I'm confident that in the relatively near future, next-generation decentralized systems will revolutionize (in a truly meaningful way) our lives.
But these next-gen decentralized systems may not be what we expect at this point. The key difference between current-gen and next-gen will PROBABLY BE NOT about tackling the well-known technical problems (like energy consumption while mining new blocks). I believe that the changes will be far more fundamental (and placed in a deeply conceptual layer) ...
Let's get physical
The decentralized systems we currently know were supposed to eliminate centralized control - e.g., almighty payment processors or highly regulated banks who act as intermediaries. But it was possible (so far) only for entities that deal with virtual resources that do not have a physical representation in the real world, like money. No one cares about the physical location of a particular (physical) coin - what's important is to ensure that virtual currency flow happens in a closed, auditable circuit, based on well-known rules, equal for everyone.
That obviously has brought some benefits already, mainly for the criminals, the "gray zone," and some early-adopting idealists. But we're barely scratching the surface of the potential benefits of decentralization. To elevate the game, we need to mix (properly) the digital and physical worlds.
What do I mean by that?
I strongly believe that the real benefit of decentralized systems can be achieved ONLY WHEN:
- the real entities (in the physical world) get their digital representations in a decentralized mesh of systems (connected by using common protocols)
- these representations are unique (cannot be multiplicated or re-assigned to other entities), so, e.g., one physical person should not have more than one representation
- these representations need to be credible (there has to be an easy and reliable way to prove their veracity)
Reaching that goal (which is not trivial - PKI is far from sufficient here) enables unprecedented opportunities:
- physical-world relationships could be replaced/enriched with digital relationships 1:1, so ...
- ... digital interactions could become equally effective (useful) to physical ones ...
- ... including even the complex, multi-step, transactional ones (like buying a car on credit, with co-ownership, obligatory insurance and employment statement issuance, etc.)
Identity is essential
I know it sounds a bit high-level and maybe even vague, but look through your recent experiences - whatever you've been doing in a physical world. Plenty of activities require participation (direct or indirect) of centralized authority, e.g.:
- when you sign any kind of contract, your identity has to be verified (e.g., by checking your national ID, issues by some govt office)
- when you open the door of your car and start its engine, you need to use the unique car key - the one you've received when you bought it
- if you want to check your e-mail messages, you need to verify your local identity (specific for this e-mail service provider), by entering your password or sharing another identity token/proof (which is set for this particular service)
Yes, referring to the before-mentioned centralized authority doesn't happen all the time (e.g., you don't run to the issuing office to have someone's personal ID verified) - mainly because the physical proofs of identity (documents, various keys, etc.) are manufactured in a way that makes forging at least very hard while verification remains simple.
Unfortunately, this process has not been digitized well so far.
There's no trustworthy digital identity (that meets the three criteria I've put above) - not only for people but also for physical goods people get into interactions with (a hairdryer you buy, a door you'd like to open, a bus you'd like to board). Practical implications are not hard to guess:
- digital processes either have to have physical "interludes" (like manual, human checks) ...
- ... and/or accept the obvious flaws, risks, and inconsistencies (that happen at the intersections of the physical and digital world)
Where's decentralization in that?
OK, trustworthy digital identity sounds very useful then, but do we need decentralization for that?
Great question.
Let me answer by approaching it from the rear side: I don't think that full decentralization is even possible. In the end, there has to be some entity (one or more) to confirm the digital identity (e.g., verify its uniqueness) and "bind" it with an entity. Even in decentralized reality, trust is essential - in some cases, it can be fully provided algorithmically (e.g. cryptocurrency transaction's correctness can be validated based upon historical transactions in the blockchain), but in some cases (like creating the digital identity) it can not.
Obviously, it doesn't mean that the other extremum (full centralization) is the way to go. Fully relying on a limited number of parties (as digital identity validators) creates certain risks, e.g.:
- operational (processing bottlenecks)
- security (it's enough to penetrate a single service provider to commit a malicious action of unprecedented scale)
- political (whoever owns such a service, has tremendous power at their disposal)
Probably the best solution is (as nearly always) some sort of balance between these two ends of a spectrum. Some regulated, trusted institutions/consortia will have to be involved, but in the smallest possible scope, i.e. while issuing the identity that could be verified w/o their direct involvement.
Identity, once already created, will remain decentralized (but immutably signed by a trusted authority, for the sake of straightforward verification).
Wait, what about ...
- ... privacy (exposing information in a distributed system)?
- ... technical feasibility?
- ... already existing implementations?
- ... concerns about immutability (in real-world things ... change)?
- ... additional benefits like a feasible information audit trail that could help battling fake news?
It seems that I've already surpassed my character limit for this post (by far). So more on these (very interesting) topics later, in subsequent posts. Stay tuned.
P.S. If this topic has caught your interest, there's a very interesting book on decentralized identity - "Self-Sovereign Identity" by Alex Preukschat and Drummond Reed. Highly recommended.