As easy as 1.0, 2.0, 3.0: What Web 3.0 means for the future of data security
By Melissa Crossman, Chief Executive Officer of Cryptoloc
The next phase in the evolution of the web is upon us, but how much stock should we really be putting in Web 3.0, and what will it actually look like when it’s here?
It turns out Web 3.0 could be closer than you think – and when it comes to data security, the third time’s the charm.
What is Web 3.0?
Simply put, Web 3.0 is the next iteration of the internet – although what form that will actually take has been a matter of much debate.
Web 1.0 and Web 2.0 are relatively straightforward concepts. Web 1.0 was the first period of the World Wide Web, as pioneered by Tim Berners-Lee when he was working as a computer scientist at CERN in 1989. This first generation of the web lasted until about 2004, and was defined by static websites that the majority of users consumed without producing their own content.
Web 2.0, which continues to this day, is defined by the shift towards the web as a platform for users to connect and generate their own content. Facebook, YouTube, Twitter and TikTok, for instance, all exemplify the interactive nature of Web 2.0 – the era in which virtually every user became a creator.
What comes next isn’t as well defined. In 2001, Tim Berners-Lee said he expected Web 3.0 to be the Semantic Web, in which data can be easily processed by intelligent machines, without any need for human input. But in practice, this hasn’t really panned out, because it’s still virtually impossible for even the most sophisticated machine to understand human concepts and contexts.
More recently, Web 3.0 has come to be understood to mean a shift towards decentralisation and a greater degree of data security and privacy; a web where you own and control your data and you determine who profits from it.
Currently, the infrastructure of the web is built around centralised servers, and a small number of large technology companies wield an outsized influence. But there’s been much speculation that a blockchain-based Web 3.0 will distribute services and applications, with data residing on the devices – or ‘nodes’ – on a blockchain network rather than a centralised location. Proponents of a blockchain-based Web 3.0 argue this would put control of data back in the hands of users, in much the same way that blockchain-based cryptocurrencies operate without the need for a central authority.
Breakthrough or buzzword?
Web 3.0 has been the cause of plenty of excitement amongst technologists, venture capitalists and crypto enthusiasts, but it’s also generated its fair share of skepticism.
Tesla and SpaceX CEO Elon Musk and former Twitter CEO Jack Dorsey have been amongst the most prominent critics, with Musk tweeting that the concept “seems more a marketing buzzword than reality right now”.
On this occasion, at least, Musk might be correct. Web 3.0 is more vapourware than viable model right now, at least in the sense that it’s come to be popularly understood.
The problem is with blockchain’s viability as a basis for the next evolution of the web.
For starters, blockchain has issues with scalability. For a blockchain to store and verify data without a central authority, each node on the network has to have a full record of the data stored on the chain. The more nodes you add to a chain, and the more blocks of data you add, the more inefficient the chain becomes. In the case of large public blockchains like Bitcoin and Ethereum, this has led to higher transaction fees on those blockchains to pay for the computing resources required to power them.
Similarly, blockchains can become extremely energy-intensive. Many blockchains are built on a proof-of-work system, in which a certain amount of computational effort has to be expended to confirm each block in the chain.
As the blockchain network grows, so does the amount of energy expended – and while proof-of-stake systems have been created as a less energy-intensive alternative, the trade-off is that they’re more complex and less secure.
And if Web 3.0 is driven by a desire to give users greater privacy and control of their data, then blockchain is, well, a stumbling block. All transactions are visible on a public blockchain, and everybody on the network is required to be able to see the data that’s added to it. That might be ideal for verifying financial transactions, but not for data you want to keep private, like medical records and confidential business agreements.
Perhaps most importantly, moving to a blockchain-based model would require an intentionality that wasn’t present in the shift from Web 1.0 to Web 2.0. There, the movement was seamless and gradual – we didn’t know we were leaving Web 1.0 and entering Web 2.0 as it was happening.
Web 2.0 changed how we used the internet, but it didn’t change the underlying structure of the web in the way that shifting data from centralised servers to decentralised blockchains would. In this case, you’d essentially be asking people to stop using one ‘web’ and start using another, like switching from Google Chrome to the dark web.
Decentralised data ownership
Blockchain may be impractical as a basis for the next generation of the internet, but that doesn’t mean the ideals of Web 3.0 can’t still come to fruition. In fact, they already are.
In practice, most data is unlikely to be decentralised. It will still be stored on central servers, not distributed across infinite nodes. But what will be distributed – and can already be distributed, with the right technology – is the control of that data.
Data privacy is a growing concern for users, even as companies become increasingly comfortable with violating that privacy.
Surveys conducted by KPMG last year found that 86 per cent of users feel a growing concern about data privacy, and 78 per cent have fears about the amount of data being collected. Just over half – 51 per cent – of users said they’re worried about their data being sold, and 40 per cent said they don’t trust companies to use their data ethically.
On the other hand, 70 per cent of the companies analysed by KPMG actually expanded their data collection practices over the past year, and 75 per cent of business leaders said they’re comfortable with the level of data they collect.
This trust gap, between users who want to control who can access their data and businesses who don’t want them to be able to, is what will actually drive the implementation of Web 3.0.
Last year, Tim Berners-Lee told The New York Times that too much power and too much personal data resides with the Googles and Facebooks of the world; and that a web that gives individuals more control over their data would be “the web that I originally wanted”.
His vision is a move towards personal online data stores, or ‘pods’, in which individuals could control their own data – the websites they visit, the music they listen to, the exercises in their workout routine – in an individual data safe. Companies could only access that data with the user’s permission, and only for specific purposes, and they could never store it.
This is no flight of fantasy. The technology that would enable this distribution of data ownership has already been developed. In fact, it’s already available – and it’s ours.
Taking back control of your data
Cryptoloc’s patented three-key encryption technology guarantees privacy, authenticity and control of all data transactions. Even though the data is stored on a centralised server, ownership and control is decentralised, in that access to the data is truly restricted to the user and the people they authorise. Even Cryptoloc as the cloud provider can’t access the data, because we can never see the complete decryption key for any piece of data.
Instead, decryption keys for every piece of data stored with Cryptoloc are split and stored by three different parties – the owner, the cloud host and an independent escrow agent (a neutral third-party entity). The decryption key can only be assembled with access to the user’s private key, which is only stored locally on their device, and password-authenticated access to a cloud-hosted, Cryptoloc-based solution.
If a user loses their private key or their password, their access can be restored through our escrow recovery process – but even during this process, neither Cryptoloc or the escrow agent have any interactive access to the user’s unencrypted data.
This is in stark contrast to the major cloud storage providers, who hold onto the encryption keys for their users’ files, and have the ability to access that data or hand it over to government agencies whenever they want.
Each piece of data stored with Cryptoloc also has its own immutable audit trail, complete with time and date stamps, to record every time it’s accessed, modified or shared. This enables users to know exactly what the people and companies they authorise to access their data choose to do with it, providing added accountability. Crucially, users can also revoke access to their data at any time.
Cryptoloc’s patented encryption technology can be deployed to virtually any application, and has already been incorporated into file storage, document management, and counterfeit prevention and detection solutions.
The possibilities are essentially endless – and with the Cryptoloc Platform, developers can already build their own products on our platform, baking the world’s strongest data security into their products from the beginning.
Because this technology is available now, users can start following best data control practices immediately, without having to wait for the entire internet to move to a blockchain-based model. Better yet, it’s been smoothly integrated into existing systems and procedures, such as Salesforce, as an API (Application Programming Interface), so users can continue using the software they’re used to while enjoying the benefits of Cryptoloc’s data protection.
It’s the ideal of Web 3.0, built to work with a Web 2.0 world – so your data remains firmly under the control of numero 1.0.