Introduction
Tim Berners-Lee, the man who created the World Wide Web, first coined the term "Web5" in a TED Talk.
Web5 is an "open, connected, intelligent web," according to Berners-Lee, who emphasized the need for a more sophisticated and user-focused online ecosystem.
TBD, a division of fintech company Block, which is led by Jack Dorsey, announced a revised version of the Web5 concept in 2022. Web5, a decentralized web platform was publicly announced as an open-source community initiative.
The actual definition given in the TBD presentation pack is as follows: “Web5 is a Decentralized Web Platform that enables developers to leverage Decentralized Identifiers, Verifiable Credentials, and Decentralized Web Nodes to write Decentralized Web Apps, returning ownership and control over identity and data to individuals”
Fairly decentralized developments in the internet over the past couple of decades such as BitTorrent and Tor have shown that blockchain technology is not a necessary component for decentralization.
To Dorsey, Web5 is a way of addressing his core concerns about web3- he believes it will never be fully decentralized.
This article aims to give an in-depth analysis of web5, including:
The fundamentals
Its potential
The technologies that enable it
This article is aimed at:
Developers
Individual users who value data privacy and digital sovereignty
Businesses that want to interact with users in a trust-minimized way
Organizations focused on data privacy, digital rights and online civil liberties
Prerequisites(optional)
To understand the code snippets, this article requires the following:
Experience with JavaScript and Node.js.
An installation of the latest Node.js.
Overview
Definition of Web5
Web5 is a decentralized, peer-to-peer platform. Web5 provides a new identity layer for the web to enable decentralized apps and protocols. The new identity layer returns ownership of data and identity to individuals, not centralized entities.
Web5 utilizes the Bitcoin Lightning Network, a Layer 2 payment protocol that operates off the main Bitcoin blockchain.
The goal of Web5, according to Dorsey, is to ‘return ownership of data and identity to individuals’ and enable developers to ‘focus on creating delightful user experiences.’
Web5 exists to enable users to leverage decentralized web applications and protocols while retaining control over their self-owned identities.This concept is termed as Self Sovereign Identity (SSI).
Additionaly, Web5 combines the data portability of Web3 with better privacy properties than Web2 or Web3.
A slide from TBD’s pitch deck on Web5. | Image: TBD
Key Distinctions between Web1.0, Web2.0, Web3.0 and Web5.
The following table highlights the key differences between the evolution of the Web:
| Web1.0 | Web2.0 | Web3.0 | Web5 |
| Static, Read-only content. | User-generated, social, and interactive content. | Blockchain-based, user-controlled, decentralized data. | Peer-to-peer communication, enhanced decentralization, and self-sovereign identity (SSI). |
Self Sovereign Identity(SSI)
SSI is a method of digital identity where users have full control and ownership.
The following are ten principles of SSI according to the The Path to Self-Sovereign Identity:
Existence: Users must have an independent existence.
Control: Users must control their identities.
Access: Users must have access to their own data.
Transparency: Systems and algorithms must be transparent.
Persistence: Identities must be long-lived.
Portability: Information and services about identity must be transportable.
Interoperability: Identities should be as widely usable as possible.
Consent: Users must agree to the use of their identity.
Minimization: Disclosure of claims must be minimized.
Protection: The rights of users must be protected.
SSI removes the need to store personal information entirely on a central database and gives individuals greater control over what information they share safeguarding their privacy.
For instance, users transferring their social media data from one platform to another.
Components of Web5
According to TBD, the components of web5 include:
Decentralized Identifier (DIDs)
Verifiable Credentials
Decentralized Web Nodes (DWNs)
Decentralized Web Application (DWA)
Decentralized Identifier (DIDs)
Decentralized Identifiers are a W3C international standard for identifiers created, owned, and controlled by individuals, without reliance on centralized entities. It grants access and enables a user to easily engage with decentralized apps (dApps), much like a username or digital passport. DIDs allow for a model of self-sovereign or decentralized digital identity where individuals own and control their identity data.
A DID consists of:
A DID string that acts as a unique identifier, is represented as a URI.
A DID document that contains information about the DID subject like public keys, credentials, and service endpoints.
Source: TBD
The key aspects of DIDs are:
Decentralization: DIDs are created and managed independently without a central registry.
Control: The DID subject proves control over the DID and can authenticate itself.
Persistence: DIDs persist as long as the DID subject wishes.
Security: DIDs use cryptographic keys to prove control and authenticate the subject.
DIDs enable decentralized identity by:
Allowing the DID subject to own and manage their digital identity data through the DID document.
Enabling the DID subject to prove who they are by demonstrating control over the DID and its cryptographic keys.
Issuing, storing and verifying credentials containing verifiable claims about the DID subject.
Providing a standardized way to identify entities that are decentralized and not controlled by any authority.
Verifiable Credentials
Web5 uses standard methods for generating independently verifiable claims about individuals or entities. A proof or certificate for multiple users that validates a statement or permits a conversation. They take the shape of models protected by cryptography and established data formats. They work as follows:
Verifiable credentials use information from digital documents about a user. This information takes the form of verifiable claims that are cryptographically signed and issued by an authority.
For example, a university could issue a credential containing the claim "John Doe has a bachelor's degree in computer science".
The credential is then cryptographically signed using the issuer's private key to prove that it was issued by the university. The user can then choose to share this credential with third-party applications and services.
Important properties of verifiable credentials are:
They are self-sovereign, meaning the user controls who they share the credentials with and can revoke access at any time.
They are cryptographically verifiable, meaning any party can verify that the credential was issued by a legitimate authority.
The claims within the credential cannot be modified without invalidating the issuer's signature.
Verifiable credentials work together with decentralized identifiers (DIDs).
This allows users to:
Prove certain attributes and qualifications to web5 applications without revealing their entire identity
Selectively disclose only the required information
Revoke access to credentials at any time
A slide from TBD’s pitch deck on Web5. | Image: TBD
Decentralized Web Nodes (DWNs)
Decentralized web nodes (DWNs) are personal data stores that store an individual's public and encrypted data. These personal data stores give users full control over their information.
In simple terms, a DWN is a personal server or device that stores a user's data. This could be:
a computer
phone or other device.
Multiple DWNs belonging to the same user can sync with each other to ensure data consistency.
DWNs aid Web5 in the following ways:
They allow users to store their data locally instead of with centralized providers like Google or Amazon. This gives users full ownership and control over their information.
They form the peer-to-peer network that underlies Web5. DWNs relay messages and facilitate interactions between decentralized apps and protocols.
They provide the data storage needed for a user's decentralized identifier. DWNs store the information linked to a user's DID (decentralized identifier), which acts as their unique digital signature.
They enable data portability. Users can take their data and move it to different decentralized apps since the information is stored locally on their DWN, not within a specific app.
They decentralize the web by distributing data storage across many personal nodes instead of relying on centralized cloud providers.
Decentralized Web Applications(DWA)
Decentralized web applications or DWA, allow users to store and manage their data on their terms, giving them sovereignty over their digital identity and information.
In a traditional web application, the data and logic reside on a centralized server owned by the application provider. Users interact with the application through a client, but the application controls the data.
In contrast, a decentralized web application (DWA) uses a peer-to-peer network of nodes, web5 instead of a centralized server. Each user runs their node that stores and manages their data. The application logic is executed in a distributed fashion across the nodes.
Source: TBD
This has a few key benefits:
Data sovereignty: Users own and control their data. They can revoke access to applications at any time.
Portability: Users can take their data with them and move between DWAs since the data resides on their node, not the application.
Resilience: There is no single point of failure since the application runs on a network of nodes.
Censorship resistance: The application cannot be taken down since it has no centralized infrastructure.
DWAs are made possible by other Web5 components:
decentralized identifiers
verifiable credentials
decentralized web nodes
Getting started with web5 development
This section covers the following:
generation of DID
writing DWNs
Generation of DID
The following code snippets explain how to generate DIDs using the web5.js SDK:
- Create a directory through your terminal
mkdir decentralized-social-app
cd decentralized-social-app
Initialize npm to create a
package.jsonnpm -y initInstall the
web5.jsSDK
npm install @web5/api
Create an index.js file
touch index.jsImport the Web5 package into our
index.jsfileimport { Web5 } from '@web5/api';Create a decentralized identifier
const { web5, did: dawsonDid } = await Web5.connect();Log the decentralized identifier
console.log(dawsonDid);
Run this command in your terminal
node index.jsThe result
did:ion:EiBiHtKwEIdrqLRph3id0HoyCeuk69t6oWbw38WbyYAjvQ:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJhdXRoeiIsInB1YmxpY0tleUp3ayI6eyJjcnYiOiJzZWNwMjU2azEiLCJrdHkiOiJFQyIsIngiOiIxOTQxS29LZ1RyX1V5cDhwcDJITTdGc3U3TzhMb3JyRXNuaXpTZ3o0T1NNIiwieSI6Im1XLTB3dGZobWxBYklFVFczY1JmZUFDRXVzcGNVTVlnM2kzTXlYUTc2X2cifSwicHVycG9zZXMiOlsiYXV0aGVudGljYXRpb24iXSwidHlwZSI6Ikpzb25XZWJLZXkyMDIwIn0seyJpZCI6ImVuYyIsInB1YmxpY0tleUp3ayI6eyJjcnYiOiJzZWNwMjU2azEiLCJrdHkiOiJFQyIsIngiOiJONFhPWWgzeWRMMHA1UGZrVzRZWmZqWjN3WXpQWmNRb1pNcmpQX04xUmI4IiwieSI6InUzRHBKc1ZkN0FRVUZEYkVaSEVhUkJNM0VCajN1ZEpJMXpUbFVsSnZJaFEifSwicHVycG9zZXMiOlsia2V5QWdyZWVtZW50Il0sInR5cGUiOiJKc29uV2ViS2V5MjAyMCJ9XSwic2VydmljZXMiOlt7ImlkIjoiZHduIiwic2VydmljZUVuZHBvaW50Ijp7Im1lc3NhZ2VBdXRob3JpemF0aW9uS2V5cyI6WyIjYXV0aHoiXSwibm9kZXMiOlsiaHR0cHM6Ly9kd24udGJkZGV2Lm9yZy9kd240IiwiaHR0cHM6Ly9kd24udGJkZGV2Lm9yZy9kd24yIl0sInJlY29yZEVuY3J5cHRpb25LZXlzIjpbIiNlbmMiXX0sInR5cGUiOiJEZWNlbnRyYWxpemVkV2ViTm9kZSJ9XX19XSwidXBkYXRlQ29tbWl0bWVudCI6IkVpQ25tcGxmb1VOemlnX01HWnA1QU1Gel9yRm5rUmtHV01jSXJSbFcyT1dGd3cifSwic3VmZml4RGF0YSI6eyJkZWx0YUhhc2giOiJFaUNnUy1nT21lY3lBeXo0V1VwTEJUQTl3MnFIVUR3ek0wd0JyUkYxbXZZY1V3IiwicmVjb3ZlcnlDb21taXRtZW50IjoiRWlBZnZHWEx2cEhEOFVRbnU3RG1OTDVKdEFMQjRaOTg2bG1VRjFMTERPN1JrQSJ9fQ
Writing DWNs
To write records to a DWN in Web5, use the web5.dwn.records.create() API. This allows to store various types of data in the DWN:
- Text records:
const { record } = await web5.dwn.records.create({
data: 'Hello, Web5!',
message: {
dataFormat: 'text/plain',
}
})
- JSON records:
const { record } = await web5.dwn.records.create({
data: {
content: "Hello Web5",
description: "Keep Building!"
},
message: {
dataFormat: 'application/json'
}});
- Blob/image records:
const blob = new Blob(/\* ... \*/)
const { record } = await web5.dwn.records.create({
data: blob,
message: {
dataFormat: "image/png"
}
})
- File records:
const file = /\* ... \*/
const { record } = await web5.dwn.records.create({
data: file,
message: {
schema: "[https://schema.org/path/to/schema](https://www.tbd.website/)",
dataFormat: "application/octet-stream"
}
})
Each record needs a message containing details like the data-format, schema URL, and a unique recordId.
The data in a DWN is synchronized across a user's multiple DWNs. An agent handles the sync by invoking the sync interface between nodes.
You can configure the sync interval, or force a sync by calling record.send(). By default, sync occurs every 2 minutes.
Security Considerations and Best Practices
The following are some key security best practices to follow when developing applications for the Web5 ecosystem:
- Store client-side data responsibly
In Web5, much of the data will be stored on decentralized web nodes (DWNs) owned by users. As a developer, you should:
Minimize the amount of personal data you store. Only store data that is necessary.
Avoid storing sensitive data like passwords and credit card numbers.
Use sessionStorage instead of localStorage to store data temporarily. Data in sessionStorage is cleared when the browser tab is closed.
Consider using a server-side solution to store long-term data, not the DWN.
- Protect user identity and credentials
When handling user credentials and identities:
Enforce strong passwords and encourage the use of password managers.
Use multi-factor authentication where possible.
Implement rate limiting and account lockouts to prevent brute-force attacks.
Log out users after periods of inactivity.
// Example: Creating a decentralized identifier (DID)
const did = await dwn.createDid({ ... })
- Sanitize all input
Sanitize all input from users to prevent SQL injection, cross-site scripting (XSS), and other attacks:
Implement client-side validation to give immediate feedback.
Perform server-side validation before using any user input.
Escape special characters in user input when storing or displaying it.
- Maintain data integrity
Use subresource integrity to verify the integrity of resources your application loads:
<script src="app.js" integrity="sha256-..."></script>
Following these best practices will help secure your Web5 applications and protect your users' data and privacy.
Realizing the Potential of Web5
Web5 has the potential to fundamentally shift how the internet works by putting users in control of their data and digital identities. Here are some of the key ways Web5 could realize its potential:
- Decentralization
Web5 aims to be truly decentralized, with users owning and controlling their data stored on decentralized web nodes. This gives users sovereignty over their digital identities and information. Centralized platforms like Facebook and Google would no longer have control over user data.
- Privacy and Security
With users owning their data, Web5 promises enhanced privacy and security. Users can choose what data to share and with whom. They can also revoke access at any time. This is made possible through the use of decentralized identifiers and verifiable credentials.
- Data Portability
Since data is stored on decentralized web nodes controlled by users, it becomes portable. Users can take their data with them as they move between different apps and services. This level of data portability is not possible in the current centralized web.
- New Business Models
Web5 has the potential to enable new business models that reward users for their data. Since data ownership shifts to users, companies will have to find ways to incentivize users to share their data. This could unlock new revenue streams.
- Speed of Innovation
The open and collaborative nature of Web5, built on open web standards, could fuel rapid innovation by developers. There would be fewer restrictions and gatekeepers compared to the current centralized web dominated by a few big tech companies.
Some Web5 Applications
The following are a few applications experimenting with Web5's decentralized web features:
Zion is a peer-governed social network for Web5. It gives users ownership of their data through decentralized identifiers, web nodes and the Lightning Network.
Features include:
Zion Lightning wallets for sending Bitcoin payments with no fees
Ability to support other assets like NFTs and stablecoins in the future
Users can post content, view content from others, and chat in communities
Bluesky is a social media app built on the ActivityPub protocol. It aims to be a decentralized and open social media standard. Bluesky applies decentralized identifiers (DIDs) to every user, giving them control over their data.
Bluesky began beta testing in early 2023 and was kickstarted by Jack Dorsey in 2019. Dorsey has mentioned that Bluesky "could be built on top of web5".
Damus is a censorship-resistant social media app built on the Nostr protocol. It gives users full control over their data:
Data is not collected
There are no entities that can ban or censor posts
Users are not required to provide identifiable information to register
Messages are end-to-end encrypted
Users can also tip each other with Bitcoin using the Lightning Network.
Conclusion
In summary, Web5 promises to revolutionize the web through:
technological advancements
immersive experiences
seamless integration of the physical and digital worlds
enhanced data privacy and security
portable user data
However, there are still challenges around business models, user experience, and regulation that need to be addressed for Web5 to realize its full potential.