Web3 Identity: The New $77B Revolution

LayerOneX avatar
LayerOneX
@LayerOneXOct 1, 2025

The Spaces convened builders and practitioners to debate whether society is ready to replace data over-sharing with selective disclosure via Web3 identity. Cody framed the need for user-owned data and platform accountability, highlighting zero-knowledge proofs (ZKP) and cross-chain interoperability (L1X/xTok) with AI anomaly detection as enablers. Spawn Star argued for soulbound tokens (SBT) with layered privacy and user-ledgers, while warning of rampant spam and the need to privatize and encrypt identity. Joel from Dash emphasized the main technical blocker: robust, non-custodial key and identity recovery, and proposed a mixed model of public and encrypted data, social recovery, aliases, token-gated badges, and anti-spam paywalls. Mo (Only Founders) cautioned against state-mandated digital IDs (UK example) and platform verification without accountability, predicting an invisible, SSO-like DID experience powered by ZKP. On Chain Lottery saw gradual adoption with NFTs for verification due to pervasive data leaks. Across the discussion, panelists called for standards, court-recognized digital certifications, privacy-by-default architectures, and better UX/security to reach mass adoption and protect creators’ rights.

X Talks: Proving Everything Without Revealing Anything — Web3 Identity, Selective Disclosure, and the Road to 2030

Panel and context

  • Host: Cody (X Talks). Co-host: Andrew (standby due to connectivity). Layer1X (L1X) founder Kevin referenced by Cody.
  • Joelle: Business Development and Marketing for Dash (digital cash); long-time crypto user since 2016.
  • Mo: Founder of OnlyFounders (permissionless fundraising platform and founder community).
  • Sponstar: Founder/representative of a treasure-hunt platform (Pokemon Go–like for brands and live events); deep focus on user-ledgers and privacy.
  • On Chain Lottery: Builder of an on-chain, verifiable lottery.

Framing the discussion: selective disclosure vs. oversharing

  • Core question: Are we ready as a society to replace data oversharing with selective disclosures (prove attributes without exposing personal data)? And can one identity/credential work across banking, employment, social platforms, email, and crypto?
  • Market backdrop: Digital identity is a $21B market today, projected to reach ~$77B by 2032 (3x growth). The panel explores what innovations and conditions will drive this curve.

Readiness assessment: are we ready for selective disclosure?

  • Sponstar: People are ready; government services are not. The last cycle drifted from soulbound token (SBT) development, but SBTs should return as a core building block. Envisions identity as a unique ledger tied to a person with privacy “tranches” (layers) the user can selectively share, including ephemeral access (disappearing proofs akin to passworded PDFs). Quietly building user-ledgers where an abstracted account (email/phone) generates a wallet; the user’s physical presence can be recorded and shared with brands by the user’s choice. Mass adoption requires standards and some government buy-in.
  • Joelle: Only partially ready. The main barrier is robust, non-custodial recovery. People lose keys; legacy identity has multiple recovery paths (documents, biometrics). Crypto needs reliable recovery without centralized intermediaries before people trust it for everything. Government readiness will likely follow judicial precedent (e.g., napkin bill-of-sale analogs); start using decentralized identity (DID) outside government mandates and let court cases establish legitimacy.
  • Mo: Devil’s advocate. UK’s push for mandatory state digital ID (with employment, banking, travel, healthcare constraints) raises critical risks: government-controlled systems presented as “decentralized”; censorship potential similar to China’s erasure of public figures. Opportunity exists if aggregated identity captures on-chain/off-chain, online/offline reputation and proximity/contribution proof, but real control must be demonstrable. The debate is whether systems empower individuals or consolidate invisible power.
  • On Chain Lottery: The world is ready to start with web3 identity as an additional ID layer alongside passports, driver’s licenses, etc. Rampant data leaks (e.g., SSNs) erode trust in legacy models; web3 verification will grow over time, possibly leveraging NFTs.
  • Cody: Personal experience highlights the pain of repeated medical forms and opaque data custody, even under HIPAA. Data broker profiling leads to spam/scams; ownership and consent are essential. Crypto builders should lead in setting standards for protection and selective disclosure.

Government, legal recognition, and platform accountability

  • Legal path: Joelle suggests legitimacy can come from judicial precedent even before formal statutes (e.g., accepting digitally signed evidence/sales as valid). Start where law does not mandate; let courts recognize consistent practice.
  • State ID risks: Mo warns of coercive digital ID regimes (UK example) that can constrain civil liberties; central control is antithetical to user sovereignty.
  • Platform responsibility: Mo argues platforms that monetize verification (e.g., X Premium) should be accountable for scams occurring under their verified badges. Sponstar shares an Instagram hack incident where platform intervention only came after public pressure—highlighting a paradox: achieving privacy often requires public exposure to force platform action.

Privacy tech and architecture discussed

  • Zero-Knowledge Proofs (ZKP): Cody emphasizes ZKPs to prove facts without revealing data (e.g., proving “21+” for bar entry without disclosing name/DoB). ZKPs enable selective disclosure and fraud reduction.
  • Soulbound Tokens (SBT): Sponstar and Cody propose SBTs as personal, non-transferable credentials that can carry medical, civil, and driver’s license records, layered with privacy controls and ephemeral access.
  • Dash approach (Joelle):
    • Usernames resolve to self-addresses (new addresses per payment) for private payments without publicly exposing destination addresses.
    • Encrypted on-chain notes: transaction metadata is recoverable by the user but unreadable on-chain to outsiders.
    • Architectural outlook: mix of fully public data and fully encrypted/ZK data, using public indices to locate encrypted payloads. Notes limitations: ZK-heavy systems complicate wallet sync and block explorer transparency; maturity will reduce these trade-offs.

Interoperability and cross-chain identity

  • Layer1X (Cody referencing Kevin’s work): Bridgeless interoperability (xtok), custom VM and consensus (EVM and non-EVM compatible) enabling movement or remote access of assets, data, and logic across chains. This underpins a DID that can unify user data/logic across Ethereum, Solana, Avalanche, etc., without forcing data relocation. Envisions AI-based behavioral safeguards layered on activity history (geo/IP anomalies, time-of-access patterns, new-project interactions) to flag or block suspicious transactions—akin to Google account anomaly alerts.

Fraud and spam landscape; user protection patterns

  • Cody recounts LinkedIn impersonation: CEO outreach that failed basic checks (mismatched real CEO name, reverse-image match across many fake profiles, shallow work history). Recommendation: basic OSINT (reverse image search, role verification) is essential.
  • Sponstar describes a sophisticated scam via Telegram/LinkedIn: last-minute switch to a purported “new video platform” with real-time AI translation to lure clicks. Advises cautiously “walking scammers to the end” (safely) to learn their angles and warn others.
  • Joelle battles impersonators; suggests “stacked aliases” to preempt permutations (register common variations, acronyms) and anti-spam economics (pay-to-message/troll toll) so hostile contacts must pay increasing fees to reach you.

Drivers of market growth to ~$77B by 2032

  • Self-protection demand: Sponstar notes users already paying for verification on Instagram/Twitter to reduce spam; identity protection is becoming a consumer spend category.
  • Regulatory pressure: Coercive state ID implementations may paradoxically accelerate private, user-controlled identity solutions as self-defense.
  • Cross-sector digitization: Healthcare, finance, employment, and creator economy require verifiable credentials and selective disclosures the legacy stack fails to provide.
  • Privacy-preserving adoption: ZKP/SBT/NFT credentials, encrypted metadata, and interoperable DID frameworks create usable, scalable identity rails.
  • Legal recognition and platform accountability: Judicial precedents and public pressure can enforce responsibility and trust, expanding enterprise and institutional adoption.

2030 visions of DID

  • Joelle’s vision:
    • Permissionless pseudonymous identities (multiple personas per individual).
    • Robust recovery: hardware factors (e.g., YubiKey-style) and social recovery (e.g., 3-of-5 trusted contacts authorize restoration) without centralized custodians.
    • Unified profile: user-controlled public fields, profile picture, and stacked aliases to defeat impersonation.
    • Credential badges: NFTs (or similar) representing memberships/permissions, with private and public modes; token-gated communities by country/affiliation; granular, revocable access.
    • Encrypted messaging with anti-spam tolls; seamless, privacy-preserving payments into/from profiles.
  • Mo’s vision:
    • Invisible, seamless identity layer akin to Google SSO; aggregated across platforms, with a single control point/payment for verification rather than per-platform fees.
    • ZKPs make blockchain usable without exposing full financial behavior; insurance-like assurances beyond simple “verified” checkmarks.
  • Sponstar’s vision:
    • Unified user-ledger with ZKPs as table stakes. Platforms take accountability; societal norms mature to value privacy without requiring public self-endangerment.

Key highlights and insights

  • Recovery is the linchpin for mainstream adoption; without strong, user-controlled recovery, people won’t entrust identity and life-critical functions to crypto.
  • SBTs and ZKPs together enable fine-grained, ephemeral, selective disclosures across multiple domains (finance, medical, civic).
  • Interoperability is essential; cross-chain DID must address assets, data, and logic without fragile bridges.
  • Platform accountability matters: monetized verification must come with responsibility for harm mitigation.
  • Users must upskill on scam detection; OSINT habits and anti-spam economics (pay-to-message) can materially reduce attack surface.
  • Judicial precedent will likely precede formal regulatory acceptance; builders should ship usable systems now and let courts recognize them.

Practical recommendations for builders and stakeholders

  • Build identity stacks with privacy by design: adopt ZKPs, encrypted metadata, and permissioned, revocable access controls.
  • Implement multi-layer recovery: hardware + social recovery, clearly documented flows, and non-custodial by default.
  • Use SBTs (or equivalent non-transferable credentials) to encode attestations; design privacy tranches and expiry windows.
  • Engineer for interoperability: cross-chain data/logic access, not only asset movement; avoid single-chain lock-in.
  • Embed anomaly detection: geo/IP/time heuristics, behavior baselining, consented AI safeguards; always user-first and opt-in.
  • Pre-register alias permutations; provide anti-spam mechanisms (rate limits, paid messaging, allowlists).
  • Push for industry standards: schemas for attestations, selective disclosure protocols, and minimum recovery requirements.
  • Advocate platform responsibility: if platforms charge for verification, they should have incident response, restitution policies, and better anti-impersonation tooling.

Open questions and next steps

  • What minimum standard should define “adequate recovery” for identity wallets (e.g., social threshold, hardware factor, legal fallback)?
  • How should the sector standardize SBT schemas and privacy layers to ensure portability across ecosystems?
  • What governance (industry consortia, open standards bodies) will steward DID standards without central capture?
  • How do we balance anti-spam economics with inclusivity (ensuring legitimate low-income users aren’t priced out)?
  • What are safe, auditable AI guardrails for identity protection that preserve user autonomy and avoid false positives?

Closing note

The panel converged on a privacy-first, recovery-secure, interoperable vision of decentralized identity. SBTs, ZKPs, encrypted data, and robust recovery are the backbone; platform accountability and user education against scams are immediate needs. With judicial precedent, market demand for self-protection, and cross-sector use cases, the identity market’s growth appears justified. The path to 2030 is to make identity both powerful and invisible—seamless enough for everyday life while preserving the individual’s sovereignty over data and credentials.