Web5 – The Future of the Web?

TBD, a recently established business for financial services by Block Inc., formerly known as Square Inc., has proclaimed the Web5 as the combination of Web 2.0 and Web3. But what exactly are the Web 2.0 and Web3 and how does Web5 differentiate itself from them or improve upon them? The goal of this blog post is to shed some light on Web5 by explaining what its purpose is and how this could change the future of the Web. First and foremost it should be clarified that the numbers for the Web are not indicating a version after which the previous iteration becomes obsolete, but rather the numbers are describing a state of the Web and the interaction with it. This means that on the Internet we have several Webs coexisting side-by-side without interfering with each other. Web pages can be part of multiple Webs if they provide the necessary support for interaction. In the following paragraphs we will get a better understanding of these interactions, and in particular what the Web 2.0 and Web3 are representing.

The Web 2.0 describes web pages that are inviting users to contribute to their content. In contrast to static web pages that are prevalent in the Web 1.0, the Web 2.0 is serving dynamic content, which allows for much more direct interactions. This has also been made possible by implementing application programming interfaces (APIs) to automate interactions and usage. These web pages establish or interact with social networks and are commonly referred to as the social web, which forms a subset of the Web 2.0. Social interactions are made possible by tagging or labeling photos and videos, by clicking buttons to express likes and dislikes, or by bookmarking content and sharing it. The data managed by social web pages is being provided by users who can exercise only some control over it once it has been shared. Furthermore, this data is usually centralized in cloud data centers and managed by Big Tech companies. The social web is a double-edged sword which can be used for sharing knowledge, for example through blogs or Wikipedia, but it is also being misused for spreading fake news and disinformation. There are many more instances, for example spamming and trolling, that further demonstrate this ambiguity of the social web.

Web3 and Web 3.0 should not be confused, as they have very little in common. Web 3.0 was proposed at the end of the last millennia and describes the semantic web, while Web3 is standing for a decentralized Web that is backed by blockchain technology. The Web3 is not clearly defined but stands in contrast to the Web 2.0 and is enabled by decentralized platforms, secured interoperability and verifiable computing. New services have in particular emerged around cryptocurrencies and finance. The shift from centralized platforms – such as clouds and data centers – towards decentralized platforms has led to the introduction of decentralized autonomous organizations (DAOs). Members of a DAO that are in possession of governance tokens have voting rights and can propose changes to the rules, which are written down as a computer program. These rules are then automatically being applied by the DAO under the governance of its members. Similarly, decentralized finance (DeFi) is offering financial instruments which allow direct interactions between parties without the need for intermediates. Contrary to the Web 2.0, users maintain sovereignty over their identity and no longer need to create accounts for every service they use and delegate to tools the management of tens or hundreds of different passwords for third party web pages. It is said that Web3 is both secure and scalable, which are claims that are being controversially discussed and have yet to be demonstrated.

The Web5 defines a decentralized web platform (DWP) that is based on the idea of web applications as they were conceived for the Web 2.0 and coupled with the core concept of decentralization as in the Web3. Our current identities on the Web are either accounts or email addresses, which can be taken from us at anytime, for example, when services or companies seize to exist. There are little to no ways for users to prevent the loss of these identities and with it any related data. Thus, new entities such as decentralized web applications (DWAs), decentralized identities (DIDs) and decentralized web nodes (DWNs) have emerged in DWP with the purpose of handing control and ownership over data back to users. Driving forces of the DWP are the open source model, which allow anyone to inspect standards and the underlying program code of DIDs, DWAs, and DWNs, as well as permissionless blockchains, which grant anyone the rights to participate in the Web5.

DWNs are important to the Web5 infrastructure, as they essentially act as proxy servers, without the need for users or other endpoints to remain constantly online. By relaying data over remote DWNs, users can receive data destined for them asynchronously simply by querying their remote DWN for updates the next time they go online. In order to identify a user’s remote DWN, it is necessary to resolve their DID, similar to how domain names are being translated to IP addresses by browsers contacting name servers. DID plays a central role in this decentralized infrastructure, where all users manage their own identities in a digital wallet, for example accessible as an application on their smartphone. By using their identity wallet, users can verify credentials, perform authentications, and create new identities. This new identity model allows, for example, users to grant companies access to dedicated data only when necessary, such as a public transport company adding seat reservations to a user’s DWN. The Web5 relies here primarily on standardized schemata established with the semantic web in order to favor interoperability over proprietary and non-transparent protocols requiring each their own applications.

Thus far, the Web5 appears to be an umbrella for a new Web, which is not reinventing itself but rather combining existing ideas of the Web 2.0, Web 3.0 and Web3. Consequently, it is also repeating the same mistakes, for example by being based on Bitcoin, which is not resource-efficient and consuming large amounts of energy that would not be sustainable at the scale of the Internet. There are still many open questions for the Web5 which need to be clarified and defined in a rigorous manner. Currently, a major issue of the decentralized infrastructure are DWNs, which are relaying personal data of users. The three main questions are (1) where are DWNs located, (2) who is owning and maintaining the servers these DWNs are running on and (3) how are server owners being compensated? The Web5 concept so far only considers optional encryption of data using the DID key of users. However, this is a flawed confidentiality and security design, as even if the data was encrypted at some point, it needs to be accessed and modified by the DWN, and this can only happen if the data is available unencrypted in cleartext. Therefore, it is possible for owners and maintainers of servers running DWNs to get access to personal and confidential data. Furthermore, servers that are not thoroughly maintained are subject to attacks from malicious users and could easily be compromised, potentially giving remote access to personal and confidential data. These are exactly the kind of issues the Complex Systems research group is trying to solve using trusted execution environments (TEEs). Whether the Web5 will gain in popularity and when the first DWPs will be deployed remains to be seen, but before that time arrives there are many questions that need to be answered and issues that must be resolved.