As you may know, here at LOAD we have been using blockchain technology in various projects, exploring different ways to use it, testing different architectures and keeping up to date over the years to best respond to new challenges. This article is the conclusion of our latest research and training session focused on web3 topics.

What did we study about Web3?

For this training, we first recalled the status of web3 nowadays, its core basics without going too deep into the technical part of the blockchain (for that, we had already done some trainings on the Bitcoin concept, EOS and Solana smart contracts). We focused more on the pros and cons as well as the challenges that web3 needs to overcome in order to no longer be the future but the present. Based on this analysis, we presented the different architectures for the development of Dapps today and the ones we have already implemented and what we can research to apply in the future based on the technologies available for development.

Web 1.0. vs Web 2.0. vs Web 3.0.

Web 1.0.

So web1.0 was the first version of the internet. Its origins go back to a project called the Advanced Research Projects Agency Network (ARPANET), which was the first wide-area packet switched network. It was invented to decentralize information due to fears of nuclear attack during the Cold War. The main feature of Web 1.0. is that it is based on read-only data, static information and links to navigate through it. It can therefore be thought of as a digitization of a real-world dictionary or encyclopedia.

Web 2.0.

Web2.0 is the evolution of Web 1.0. and aims to add user interaction and content creation capabilities to the web. We are still living in the Web 2.0. era, as it is the dominant era nowadays. Web 2.0. is characterized by the fact that it really focuses on the UX/UI design for the final user and offers many different new ways to interact with the web, for example: social networks, reputation systems, comments, media or blogs.

So if everything in Web 2.0. seems to be great, why do we need a third one?

Well, there are some disadvantages that need to be suppressed. In Web 2.0., a lot of data is centralized in huge data centers owned by only a few big tech companies. There have already been scandals about the sale of user data without consent, and because of these two problems there is the RGPD law in Europe to oblige companies not to misuse user data, but it would be much better if users were not dependent on the good behavior of the big tech companies and could take their lives into their own hands.

Web 3.0.

Web 3.0. was created on the basis of the centralization problems we have talked about. Web 3.0. is not yet fully defined and we still face many problems to enable mass adoption of these technologies. We can say that the basis for Web3.0 is blockchain, and this technology allows us to solve some of the previously defined problems.

Blockchain is a decentralized network in which it is possible to reduce dependence on large companies and give power back to the user. With Web 3.0., users can decide for themselves what data they want to share. Permissionless blockchains are public and remove the need of having a third-party company mediating operations. They enable new ways of monetization where users can be paid for content creation and all data is censorship-resistant and verifiable.

Data and Data Privacy

Having first considered the problems of Web 2.0. and what Web 3.0. entails, is Web 3.0. in itself a solution to all the problems associated with data ownership and privacy issues?
Well, from a data ownership perspective, perhaps we can agree that it solves the problem almost directly. Users get their power back and can decide for themselves how they want to share their data and even whether they want to receive compensation for sharing it. If we think from the data protection policy side, this is not quite right and there are still some problems to solve.

Web 3.0. itself brings with it a lot more responsibility for users, which is great per se and a problem at the same time. It seems to be more difficult to interact with the technologies and recovering some losses is sometimes really difficult (in other cases even impossible). So it’s really important that we can protect users and comply with today’s privacy regulations to make it safer for people to participate.

A lot of times we hear that blockchain is anonymous, but that is not completely true. Most of the blockchains are pseudonymous, which means that our user or ourselves are represented by something (in most cases addresses), making it harder to connect all the stored data to the person themselves, but because the blockchain is public and all records can be traced, if there is a connection between a pseudonym and the person behind it just once, all the data becomes public and connected to the real person. This is one of the issues that needs to be solved. So how can we store data in a public blockchain that must be verifiable without the data itself and its affiliation becoming known?

How can we use the blockchain to comply with the RGPD rules? To solve these problems, there are already several projects and architectures for Dapp’s development.

Some examples are:

• SSI (Self-sovereign Identity): This technology allows us to show only a portion of our data to identify ourselves without sharing non-relevant information. This helps us to protect our data and gain control over the transactions we want to make. Examples of projects that already apply these principles are: Metamask and Phantom wallet. Both allow us to log into Dapps without having to share our secret phrase or secret keys and let us interact with the Dapp by signing the transactions on the client side. This is achieved through the use of DID’s (Decentralized Identifiers) and VC’s (Verifiable Credentials);
• ZKPs (Zero Knowledge Proofs): We haven’t gotten very far into this topic as there will be another session on this topic, but ZKPs allow us to prove that we know something without showing what we know. There are already some projects using this concept and applying this idea to the blockchain. This will probably solve most of the issues we mentioned earlier. If we are able to confirm that we know a secret without revealing it, we can confirm that certain data belongs to us without showing the data itself;
• Encryption: One of the ways that Dapps deal with the problem of storing data on the blockchain is to only store metadata that relates to off-chain data. For example, if we store a hash that can only be defined by a text, we have a fingerprint of the data (the example text mentioned) that is stored off-chain, and we can use this fingerprint to prove that the data exists, has not changed, and is true.

To achieve this, we can use different approaches: Storing data in a decentralized blockchain, storing files in a decentralized file storage or storing data in a centralized database. The first two would make more sense, but since they are decentralized and public, we would probably have the same issue. Perhaps with encryption we could only store encrypted data and decrypt it only when needed, but at least we would have a stamp (hash) of the stored data that we could store on-chain and maintain the overall auditability of the data. The last solution is a more centralized way of solving the problem. On one hand, if we are explicit enough and communicate how the user can confirm that the data has been kept  by giving them the formula to calculate the hash, we can maintain the veracity and all the traceability required, but on the other hand, if the server is no longer available, the data is forever lost.

Based on the previous information, we are able to understand what different technologies we can use to make Dapps more competent in dealing with privacy issues. Some of the next technologies we will share have already been used in our projects and some we need to research further to implement in our next Dapp projects.

• Blockchain: Solana;
• Smart Contracts Framework: Anchor;
• JS Libraries: @solana/web3.js, project-serum/anchor, solana-labs/wallet-adapter, bip39, etc;
• Frontend Framework: React, Angular;
• Wallets: Phantom;
• Centralized Backend: Nodejs with Fastify;
• Centralized Database: MongoDB;
• Decentralized Database: Ceramic with ComposeDB;
• Decentralized File Storage: IPFS.

Conclusion

Based on this training, we were able to identify the challenges that exist from a data protection perspective in Web 3.0. We were able to identify different perspectives and solutions to the issues presented and we were able to understand what we have done right so far and what we can improve or try in the future.
As well as solving problems, we should always be trying to improve and learn the best approaches to problem solving, and our learning and training methodology brings just that to our approach going forward.