Imagine for a moment that you want to take part in a decentralized vote on the future of a protocol that handles millions of dollars. You need to prove that you are a real citizen of a specific country, that you are of legal age, and that you are voting only once. But, of course, you are on a public blockchain where even the slightest piece of data is recorded forever for everyone to see.
How on earth do you make your right visible without making your whole life visible? In that instant, you smack into an uncomfortable reality that many sell as solved but which, in my opinion, is anything but: verifying identity on a public blockchain without exposing personal data remains a problem with no standard solution. And what is worse, I believe the obsession with finding one standard solution is holding back more honest conversations about what we actually need.
Don’t get me wrong. I am not saying it’s impossible. In fact, we have the most fascinating technological building blocks modern cryptography has ever seen. The W3C’s Verifiable Credentials and Decentralized Identifiers are a conceptual masterpiece: they give individuals back control of their attributes and allow a trusted third party ā a government, a university, a bank ā to issue a digital statement that you can then present without needing a central authority to mediate every single interaction.
Add zero-knowledge proofs, those mathematical wonders that let you say “I am over 18” without giving away your date of birth, or “I belong to the set of verified citizens” without revealing who you are. Projects like KILT, Polygon ID, World ID, and Sismo have shown that selective disclosure works, that with zk-SNARKs you can anchor a proof on Ethereum without spilling a drop of personal information.
So where is the problem? Why do I dare to say there is no standard and that this is a gaping hole in the promise of decentralized identity?
Because it’s a completely different thing to move from technical demos and isolated ecosystems to an interoperable identity layer that is legally binding and carries the distributed trust a global society needs. Today’s landscape is an archipelago of brilliant solutions that speak incompatible languages. A digital passport issued under KILT’s model on the Kusama network cannot be easily verified by a dApp on Optimism that only understands attestations from the Ethereum Attestation Service.
And if tomorrow a Colombian bank issues a credential following the DIF specification, but a startup in Switzerland uses Ceramic and another in Japan uses a proprietary zero-knowledge solution, the average user ā who has no idea what an elliptic curve is ā gets left out. Worse still, each of these solutions assumes a different trust model: who is a valid issuer, how a credential is revoked, how long-term privacy is managed. Without basic agreements, digital identity ends up just another walled garden with beautiful cryptographic locks but utterly useless outside its own playground.
This is where my opinion may become a little uncomfortable
I firmly believe that the true standard in decentralized identity is not going to be ā nor should it be ā a monolith akin to an ISO standard or a single protocol carved in stone. The very nature of human identity is contextual, multiple. Demanding that all cultures, jurisdictions, and use cases converge on the standard solution strikes me as an error of Western, technocratic arrogance. The sensible bet, and I can see the green shoots, is an ecosystem of interoperable standards that work as a set of composable protocols, much like how the internet is not a single standard but the combination of TCP/IP, HTTP, DNS, and a host of RFCs that make everything fit together.
For identity, the backbone already exists: W3C DIDs and VCs are that common substrate. On top of them, we can mount different anonymization layers with ZK, different methods for verifying credentials, and, above all, different governance frameworks that respond to local laws without breaking global decentralization.
Yet that laboratory dream crashes time and again into the wall of reality: the enormous difficulty of getting real-world issuers ā governments, large corporations, civil registries ā to issue verifiable credentials in open formats. The European Union, with eIDAS 2.0, is taking giant steps, yes, but it is creating its own regulated ecosystem with a high risk of centralization in the hands of states.
Meanwhile, giants like Worldcoin place the focus on proof of personhood and offer anonymous verification already used by real applications, but at the cost of depending on hardware and a corporation that collects iris scans.
Is that the standard we want? Personally, I am terrified by the idea that the de facto solution to this problem might end up being a mix of mass biometrics and corporate black boxes, no matter how wrapped in zero-knowledge they are. The price of standardization cannot be the renunciation of individual sovereignty.
That is why, when I reread the phrase “verifying identity without exposing personal data is a problem with no standard solution,” I feel it contains more truth than its critics admit. There is no single path, and there probably will not be one in the nineteenth-century sense of the word standard. But there is ā and this is the spark that keeps me optimistic ā a growing convergence around a design pattern: credentials issued off-chain, stored in the user’s wallet, and presented via zero-knowledge proofs to smart contracts that only validate the outcome without storing the data.
That pattern repeats itself in Polygon ID, in the work of the Decentralized Identity Foundation, in the El Salvador government’s pilots of self-sovereign identity, and in the experiments of the banking sector. It is not an official standard, but it is an emerging practice that has all the makings of becoming the technical backbone.
What is missing is political will and industry maturity
We need regulators to understand that decentralized identity is not a trick to evade the law, but the best tool to comply with it without massacring privacy. We need developers to stop competing to create “the definitive standard” and instead sit down to sew the bridges needed between their islands. And above all, we need civil society to demand solutions that truly give us back control, because if we fall asleep, the digital identity of the future will be a single ID card issued by the most powerful alliance between corporations and states we have ever seen.
In short, we don’t have a standard solution in the traditional sense because the problem is too human to be solved with a single cryptographic signature. What we have is a promise under construction that forces us to rethink what it means to identify ourselves.
As long as there is no broad agreement on governance, trust, and interoperability, it will remain true that this miraculous standard does not exist. But I am convinced that this absence is not a failure, but the inevitable symptom of an adolescent technology that has not yet found its place in the real world.
The question is not when the standard will arrive, but whether it will arrive faithful to the principles of privacy and decentralization we dreamed of, or as a Trojan horse that ends up locking us into an even more subtle form of surveillance.
