What's the point of Web5?

Table of Contents

• Meet Dawson
• The Meeting
• The Ultimate Crisis - a stolen username
• What exactly is Web5?
• What is the point of Web5?
• Why would someone need ownership over their digital identity?
• How can you build a decentralized app using Web5?
• What is a Decentralized Identifier?
• Experimenting with web5
  • Creating a directory via her terminal
  • Installing the web5.js SDK
  • Verifying her package.json looked like this:
  • Creating an index.js file
  • Importing the Web5 package in our pages/index.js file
  • Creating a decentralized identifier
  • Logging the decentralized identifier
  • Running this command in her terminal
  • Here’s her result
• Dawson's Remaining Questions
• Documentation and Further Reading

Meet Dawson

Meet Dawson Webhart, a software engineer who's part of the frontend team at StyleByte, a cutting-edge fashion company that uses augmented reality to style its customers. The team focuses on the part of the app that users see and interact with, and Dawson is a key contributor.

Today, Dawson is at her desk, but she's not exactly working. She's scrolling through her phone, watching short workout videos to inspire her next gym session.

"Here are my top 10 tips to getting a peach like Megan Thee Stallion," says the fitness instructor on the video.

Dawson rolls her eyes just as her co-worker, Nadia Noelly, bursts into her office. "Hey, Dawson! The meeting is starting soon, and I want to get there early. They're making a big announcement!"

"Another announcement? What now? More ping pong tables in the lounge?" Dawson sighs, not particularly thrilled but curious enough to find out.

The Meeting

In the meeting room, the atmosphere is electric and cult-like as every tech company is. StyleByte's Vice President of Engineering, Wilson, takes the stage. "We're moving to Web5," he announces.

While Nadia's eyes beam with excitement, Dawson feels a mixture of concern, exhaustion, and frustration. "Web5? We just integrated Augmented Reality, migrated to the cloud, and now this? What even is Web5?"

Dawson has always been cautious about change, especially when it comes to technology. She tunes out for the rest of the meeting, pondering what this shift could mean for her work.

After the meeting, Nadia is practically buzzing. "Wasn't that cool? We're moving to Web5! You know what that means, right?"

"More late nights and stress?" Dawson sarcastically replies.

"No, silly! A promotion! We could lead this initiative and finally drop our 'junior' titles. How does 'Mid Level Developer' sound?"

For the first time, Dawson feels a spark of interest. She's been at StyleByte for three years without a promotion. "Okay, you've got my attention. But what is Web5?"

"Weren't you listening? They emailed us the presentation. Check it out," Nadia says, already halfway out the door.

Back in her office, Dawson opens the presentation and finds a diagram explaining the evolution of the web:

• Web 1.0: Static, read-only content.
• Web 2.0: Interactive, social, and user-generated content.
• Web3: Decentralized, blockchain-based, user-controlled data.
• Web5: Enhanced decentralization, peer-to-peer communication, and self-sovereign identity.

Dawson finds it interesting but isn't entirely convinced. "Seems like a solution looking for a problem," she thinks.

The Ultimate Crisis - a stolen username

Just then, a notification pops up on her phone. It's from her favorite social media app, Incognito. Incognito’s new and very erratic CEO, Francis Francino, has just announced a name change for the app—to WebHeart.

“We will be changing this app’s name to WebHeart because it exemplifies what this company has evolved into. We capture the heart of the web. We will be changing our username to @webheart to reflect that.”

Dawson's eyes widen in disbelief. "@webheart" was her own username, a clever play on her last name, Webhart, and her role as a frontend web developer focused on enhancing user experience. She quickly replies to the announcement, "Hey, that's my username!"

Francis Francino responds almost immediately, "Oh, too bad. How about some free merchandise to make up for it?"

Nadia texts her, "Sorry to hear that. If we were on the decentralized web, this wouldn't have happened. Your username would've been yours, controlled by a Decentralized Identifier. Look it up."

Dawson feels gutted. That didn’t console her at all.

Dawson feels a mix of indignation and inspiration. If there's anything that fuels her, it's the prospect of revenge served cold and promotions served hot. She decides to dive deeper into Web5. Maybe she could build a transparent social media platform where usernames are truly owned by users. Or maybe she'll snag that promotion. Either way, Dawson is now on a mission.

Throughout her research, Dawson asked the following questions:

What exactly is Web5?

Web5 is an evolving incubator project spearheaded by TBD, Block's newest business unit. The goal is to equip developers with the essential tools for building decentralized applications that prioritize user control over identity and data.

From Dawson’s perspective Web5 could be considered:

• Tooling: Web5 provides a suite of tools and APIs designed for implementing Self-Sovereign Identity (SSI), decentralized data storage, and secure peer-to-peer communication. This enables the creation of secure, user-centric, privacy-first applications.
• An Ecosystem: Web5 is part of TBD's broader ecosystem, which aims to empower developers to create their own decentralized applications and protocols.
• Toolbox for Developers: Web5 provides pre-built functionalities for identity management, data storage, and secure communication. This way developers can focus on building their application's features rather than worrying about the complexities of security and identity management.

What is the point of Web5?

Web5 exists to enable Self Sovereign Identity. Self Sovereign Identity (SSI) is the concept that users should have full control and ownership over their digital identities.

Why would someone need ownership over their digital identity?

Because we are not used to owning our digital identity, it may seem like a futile and foreign concept. Here are a few moments when ownership of digital identity is beneficial:

• Social media:
  • There’s no way someone can steal your handle, just like what happened with Dawson's "@webheart" username.
  • You can take your followers and content with you if you decide to switch platforms.
  • You have full control over how your data is shared, reducing unwanted advertising and privacy breaches.
• Healthcare systems
  • You can take your medical records with you, ensuring that you have access to your own health information wherever you go.
  • You control who has access to your medical data, making it more secure and private.
• Banking
  • Your financial transactions are secure, and only you have access to your financial data.
  • You can easily prove your identity for online transactions, reducing the risk of fraud.

How can you build a decentralized app using Web5?

You can build a web5 application using the web5.js SDK.

What is a Decentralized Identifier?

A decentralized identifier (DID) is a w3c open standard. It’s represented by a string of numbers and letters that identifies and verifies who you are on the web. No one can take it away from you, and no one can change it. A DID is not limited to just a person. It can point to an organization, data model, entity, or whatever it is that user is managing online.

She experimented with DID by executing the steps below (you can do it too 😉):

Creating a directory via her terminal

mkdir decentralized-social-app

cd decentralized-social-app

Installing the web5.js SDK

npm install @web5/api

Verifying her package.json looked like this:

{

  "dependencies": {

    "@web5/api": "0.8.1"

  },

  "type": "module"

}

Creating an index.js file

touch index.js

Importing the Web5 package in our pages/index.js file

import { Web5 } from '@web5/api';

Creating a decentralized identifier

const { web5, did: dawsonDid } = await Web5.connect();

Logging the decentralized identifier

console.log(dawsonDid);

Running this command in her terminal

node index.js

Here’s her result

did:ion:EiBiHtKwEIdrqLRph3id0HoyCeuk69t6oWbw38WbyYAjvQ:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJhdXRoeiIsInB1YmxpY0tleUp3ayI6eyJjcnYiOiJzZWNwMjU2azEiLCJrdHkiOiJFQyIsIngiOiIxOTQxS29LZ1RyX1V5cDhwcDJITTdGc3U3TzhMb3JyRXNuaXpTZ3o0T1NNIiwieSI6Im1XLTB3dGZobWxBYklFVFczY1JmZUFDRXVzcGNVTVlnM2kzTXlYUTc2X2cifSwicHVycG9zZXMiOlsiYXV0aGVudGljYXRpb24iXSwidHlwZSI6Ikpzb25XZWJLZXkyMDIwIn0seyJpZCI6ImVuYyIsInB1YmxpY0tleUp3ayI6eyJjcnYiOiJzZWNwMjU2azEiLCJrdHkiOiJFQyIsIngiOiJONFhPWWgzeWRMMHA1UGZrVzRZWmZqWjN3WXpQWmNRb1pNcmpQX04xUmI4IiwieSI6InUzRHBKc1ZkN0FRVUZEYkVaSEVhUkJNM0VCajN1ZEpJMXpUbFVsSnZJaFEifSwicHVycG9zZXMiOlsia2V5QWdyZWVtZW50Il0sInR5cGUiOiJKc29uV2ViS2V5MjAyMCJ9XSwic2VydmljZXMiOlt7ImlkIjoiZHduIiwic2VydmljZUVuZHBvaW50Ijp7Im1lc3NhZ2VBdXRob3JpemF0aW9uS2V5cyI6WyIjYXV0aHoiXSwibm9kZXMiOlsiaHR0cHM6Ly9kd24udGJkZGV2Lm9yZy9kd240IiwiaHR0cHM6Ly9kd24udGJkZGV2Lm9yZy9kd24yIl0sInJlY29yZEVuY3J5cHRpb25LZXlzIjpbIiNlbmMiXX0sInR5cGUiOiJEZWNlbnRyYWxpemVkV2ViTm9kZSJ9XX19XSwidXBkYXRlQ29tbWl0bWVudCI6IkVpQ25tcGxmb1VOemlnX01HWnA1QU1Gel9yRm5rUmtHV01jSXJSbFcyT1dGd3cifSwic3VmZml4RGF0YSI6eyJkZWx0YUhhc2giOiJFaUNnUy1nT21lY3lBeXo0V1VwTEJUQTl3MnFIVUR3ek0wd0JyUkYxbXZZY1V3IiwicmVjb3ZlcnlDb21taXRtZW50IjoiRWlBZnZHWEx2cEhEOFVRbnU3RG1OTDVKdEFMQjRaOTg2bG1VRjFMTERPN1JrQSJ9fQ

Dawson's remaining questions

Dawson was having so much fun learning until she realized it was 5:00 pm and her work day was over. She still had questions like,

• Where should she store her DID?
• Can she create an alias for her DID for ease-of-use and self-expression?
• How does Web5 integrate with frameworks like React or Next.js?
• What else could Web5 do?

But Dawson has a rule: never work past 5:00 pm. Her quest for answers—and perhaps a little revenge—will have to wait another day...

Documentation and further reading

Check out the documentation if you're hoping to learn more about Web5 before Dawson returns to work! 🤪

Artist Credit

I did not do any of the art. My little sister did. You can check out her work at: https://linktr.ee/scribblndibbl

Comments

[Pachi 🥑]

Riz, this article is AWESOME, I feel bad for calling it an article, bc it is waaaay cooler!
The storytelling, the illustrations. Did you do that?

You are the best, and TBD is lucky to have you

[Pachi 🥑]

Just saw that your little sister did the art. she rocks!

[Rizèl Scarlett]

Thank you! Yeah she does!!

[val von vorn]

Yes, I agree;
I also like the art very much!

[Rizèl Scarlett]

Thanks Pachi! Miss you <3 <3 and yeah like you saw my sister did the illustrations!

[Andria Brown]

All of the reasons in the Why would someone need ownership over their digital identity? section don't seem to be that well thought out in my opinion. In fact, the whole premise of this thing seems off.

I'm gonna try to explain where I'm coming from by going through each of the reasons you listed.

1. There’s no way someone can steal your handle, just like what happened with Dawson's "@webheart" username.

   • The whole premise that someone can steal your username in this weird way seems entirely made up for the purpose of making this point. I have never heard of someone stealing another person's active username, this would be a catastrophic development failure and has nothing to do with not using SSI. And while I do get that a CEO could just fuck with the databases, using a DID doesn't get you back "@webheart"; it gets you a random 1,285-character identifier. Perhaps the argument that is more pertinent is that requiring everyone to be solely represented by their username limits what you can be known as online because someone else may have the username you want; however, using this as an argument for switching to SSI makes no sense because display names are already a popular concept. On top of that, SSI would actually be less secure than the common unique username with a display name scheme as impersonation would be significantly easier when using a DID since no one will ever remember someone's DID so all you would have to do is copy their display name.

2. You can take your followers and content with you if you decide to switch platforms.
   You have full control over how your data is shared, reducing unwanted advertising and privacy breaches.

   • Reading further up on how the decentralization of data with DWNs works, it seems like this is not possible currently using just schema.org schemas (as they are ambiguous and allow for too much variation too be useful for interoperability). Instead, you would need to establish very rigid deterministic schemas designed for interoperability for each data/usage type and come to a consensus with all of the other companies/developers that are working with similar data.
   • Beyond that, the current state of access control with DWNs is decidedly not a privacy improvement. The unit of access control is the site and not users or groups; therefore, after granting a site access to your data, that site has the same level of access as it did before, and it can show anyone your data regardless of whether you approve or not. You might be thinking, "At least I can revoke access to my data," but you can already generally do that; in most cases, it is a requirement that a site delete your data if you request that they do so. This is an improvement in the ease of revoking access to your data; however, it does not seem worth migrating everything over for that.
   • And one last thing: it is never really explained who is running the DWNs. In order to give sites access to your data, you have to trust some random third party with your data on their DWN. This could easily lead to a supply chain security vulnerability in which your data is less safe than if it were in the hands of the company that would be more easily held to data privacy regulation.

3. You can take your medical records with you, ensuring that you have access to your own health information wherever you go.

   • While having easy access to your own medical records sounds great, you'll likely run into issues with HIPAA compliance by trying to store PHI on a DWN. And no DWN would willingly store your PHI because of the hefty fines and possible prison time. Ease of digital access to medical records can be done in other ways.

4. You control who has access to your medical data, making it more secure and private.

   • This is just like the second bullet for #2. Site-based access control lists are not an improvement in privacy and health providers are already legally required to protect the privacy of your PHI. Also, hospitals often need to share your medical data with other healthcare providers (pharmacies, laboratories, clinics, etc.) and sometimes even other hospitals. Pawning off all of this security management on the user and the DWN sounds like a UX nightmare.

5. Your financial transactions are secure, and only you have access to your financial data.

   • This... just doesn't make sense. Banks are generally required to follow regulations that require them to save and monitor your financial transactions. But even looking past regulations, a bank manages your money so they have to have access to all of the data regarding your finances that they control. And it's not like access control really applies here either since you're not gonna be sharing your transaction data between two banks (maybe between a bank and budgeting app, but that's already a thing).

6. You can easily prove your identity for online transactions, reducing the risk of fraud.

   • This also doesn't make sense. Are you suggesting that payment processors require you to prove ownership of an SSI wallet before being allowed to make purchases? This doesn't sound like a security improvement at all; it sounds more like adding extra steps in the name of security. If someone stole your debit/credit card and has your PIN, a digital SSI wallet isn't going to be able to stop them from using your card at a physical store.
   • An overarching issue I've noticed is that using an SSI wallet means that if you lose access to your wallet you lose access to all of your data permanently (no "I forgot my password") so if you went down that road for banking, you're potentially costing some people their livelihoods over maybe stopping someone from doing a little bit of fraud that the banks can just reverse anyway once it's reported.

Overall, "Web5" looks like it's just repeating the same issues as every other fully decentralized system before it that failed, ignoring those issues, and making outlandish claims about the things it will solve if implemented. It's a solution in search of a problem, or at the very least, a solution designed with total disregard for actual issues that people face.

P.S.
What was that "@webheart" stuff about? That was so random.

[Rizèl Scarlett]

Ah, the @webheart stuff was a pop culture reference. As the kids would say, "The girls who get it, get it" haha.

It sounds like a made up situation and super ridiculous, but it's not! Recently, Elon Musk changed the name of Twitter to X, and he also took someone's username @X and only offered them merchandise as compensation for stealing their handle. I was poking fun at the situation and exploring if that would happen if you owned your digital identity.

Check out this blog post by Ebony Louis called "Who really owns your social media handles". It talks about the real life situation a little more in depth.

I get that a DID is a long alphanumeric string. But take BlueSky for example, you have aliases on top of your DID. I will expand on that in future issues.

Thanks for your perspective! I appreciate it, and it helps me to dig in a little deeper to some of the applicable use cases for Web5. I literally posted this my first day on the job. And my job is to learn in public. Those "claims" were my own or what I thought of as I've been exploring Web5. I understand most of your rebuttals, except for the aspect of data portability with followers/social media. That's one of the main benefits of Web5. At the moment, it's still under technical preview, so as it evolves, we will see how that's possible.

Future issues of blog series should allow me to expand on some of my thoughts concepts or even give me room to correct myself.

[Sam]

As inspirational as the reasons given are, I think Web 3, 4, 5, and other look to the future posts are quite meaningless, (in my very limited opinion) based on the fact that Web 1 and Web 2 are basically coined terms to describe a bunch of characteristics seen on the internet - characteristics that evolved organically as society jumped onboard the world of the internet, whereas web 3 and so on attempts to predict and even direct the internet. In my opinion, the attempts are not only feeble at this point, they do not matter much to the masses and the only people who can do anything about these predictions are engineers and readers of these articles.

[Rizèl Scarlett]

This is a thoughtful and valid comment! Thank you for sharing your thoughts. I respectfully agree AND disagree with you.

I agree that we can’t force the internet to go in a certain direction and that people outside of software engineers don’t care about or even know about this.

However, I think technology is adopted if it’s accessible, has valuable use cases, and enough developer involvement. This is what drives a nice to have technology to become a must have technology.

Example back in the day, there were skeptics of web 1. It was mostly used by academics but once things like email came out, the masses saw the value and it became accessible to them. Or even something like AI. It’s popular now but it’s spent years being this thing that people tried to make popular but it was hard to adopt. There weren’t a lot of use cases and you had to have specialized knowledge to build with it. The companies like OpenAI made it more accessible for engineers to build with it and engineers found use cases like GitHub Copilot to build.

So it’s up to the engineers building this and the developer community to figure out what makes this usable and valuable. So far, the biggest example I’ve seen that some people are using is Blue sky which is a decentralized social media app. We just gotta stay tuned and see what happens!

[David Chuka]

enjoyed reading this. loved the storytelling style

[Rizèl Scarlett]

Thank you, David!

[Nicolas Fodor]

Best of class article, joyful to relevant.

[Rizèl Scarlett]

Thank you! That is high praise

[konung]

Nice illustrations and article , but I have a question - what happened to Web 4?

Was web 4 built by Google and then abandoned right after the launch ? 😀

[Rizèl Scarlett]

LOL ha ha 🤭

it's web5 because they're hoping to take the best elements of web 2 and the positive principles of web 3. So web 2 + 3 = web5

[Adaptive Shield Matrix]

"This enables the creation of secure, user-centric, privacy-first applications."

There is no difference to the current WEB 2.0.
No one stops you to build secure, user-centric privacy-first applications right now with current WEB 2.0 technologies.

The Problem ?

• The Incentives of corporations is to build apps, where they have total control over them. Why would a corporation who invests heavy money into something give it up freely (and possible die because of it) ?
• Applications are not secure, because there are not enough incentives to secure them. More features / sales / growth / revenue is more important than a small possibility to get data breaches. The security does not win the cost-benefit-ratio. That stops a shitty WEB5 app to be completely insecure? You still have to trust the developer to implement everything properly (and his firm to not succumb to shortcuts / leaving money on the table).
• Privacy first -> is not that users want. Only EU (or people in the EU) seem to care about data/privacy protection. US - does not care at all (except maybe California?). Nearly half the world is on facebook and eagerly share that they ate on breakfast.

Why would any of that change?
Incentives rule the world

[Rizèl Scarlett]

Those are really good points. Here's the interesting thing though: I found that there are legit companies ALREADY building with web5. And I found out that a lot of big name companies like Microsoft and Auth0 are heavily investing in decentralization and decentralized identity. Like they have whole teams dedicated to it. And w3c developed a lot of open standards around the protocols and principles that web5 is built upon.

Right now, if I'm being honest..I'm still fairly new to the company I work at, so I'm not YET equipped to rebuttal you. HOWEVER, I'll keep this in mind because I do want to figure out what the incentive is..especially for the companies that are already building with web5.

Thanks for your comment!

[val von vorn]

This is a parody? What is the point of inventing another version number for the web, even more so after controversy about Web3 and no relevant mention of a Web4 apart from some marketing buzz rebranding Web3 as Web4.

Someone claim the web has does not have the version numbers](hidde.blog/the-web-doesnt-have-ver...) why do people tend to invent the numbers anyway?

Sorry if your post was meant in good intention;
I was just triggered about something seeming like the Web3 BS.

[Rizèl Scarlett]

I know the author of the blog post -- Hidde is a great Developer Advocate.

It's not a parody. The name of the technology -- Web5 is a bit tongue in cheek, but the technology is legitimate: developer.tbd.website/docs/web5/

I wrote this blog post on my first day on the job, so some of my views have evolved, but I wrote it with the intention of getting acclimated with the work that Block and TBD are doing.

Here's my latest blog post on the technology if that helps: dev.to/tbdevs/how-web5-and-bluesky...