Web3 is on the horizon and will likely have a large effect on the cybersecurity field. But what exactly is it — and what are the implications of this latest iteration of the internet for organizations?

It’s perhaps easiest to describe Web3 by contrasting it with its predecessors, Web 1.0 and Web 2.0.

Web 1.0 refers to the early days of the internet — from roughly 1991 to 2004 — when most internet users were passive consumers of web content. Users surfed to a specific web page to read or view what some other person or entity had posted there.

A more interactive internet arrived once Web 2.0 kicked off in late 2004. Think here of social media sites, wikis and blogging platforms — suddenly, people could produce their own content rather than just passively consuming it.

The age of Web 2.0 is still ongoing, and, over the years, it has come to be dominated by a handful of large tech companies who in one way or another impact the experience of nearly everyone who uses the internet today.

Cutting out the middleman

Web 3.0 (commonly shortened to just Web3) is what potentially lies on the horizon, if today’s proponents of an increasingly decentralized version of the internet are able to gather enough momentum to make it a reality.

This decentralized version of the internet would use blockchain — the same distributed ledger technology that supports cryptocurrency and NFTs — to underpin many online activities, cutting out the “Big Tech” middlemen and putting control over data back into the hands of users.

So far, so good. However, there are still some significant challenges around managing data and identity in a decentralized, self-regulating environment.

Trust, transparency and reliability

Reliability is one of the first concerns for any system that relies on blockchain. While centralized cloud providers contractually offer service level agreements (SLAs) to their users — typically in the 99.9% uptime range — public blockchains do not. The result is that all sorts of online transactions and activities could grind to a halt because a blockchain is “down.”

Another key issue centers around trust and transparency. If the promise of Web3 is that users will have more control over their data, then simple and intuitive interfaces that allow users to understand what information they are sharing with web service providers will be required. This framework, called Decentralized Identity or Self-Sovereign Identity, is aimed to provide user-centric control over their identity and related information.

Blockchain alone can’t make this happen. Cryptographic keypairs, like those commonly used in public key infrastructure (PKI) technology, are also fundamental to the architecture of Web3.

Digital certificates powered by PKI are the gold standard to secure and authenticate human (and machine) identities. They can be used to manage multiple aspects of a user’s digital identity — from age, address and email address to geo-location and more. In this way, digital certificates can serve as a critical element that helps transparently establish and verify who is sharing what content with whom.

The promised land?

An example is helpful here to show what the promised land of Web3 looks like in practice.

Today, when users want to create content — for instance, a new social media post — they need to go through an intermediary, such as the social media platform itself. The platform then takes responsibility for ensuring that the user authorized the creation of the content.

In Web3, by contrast, the user will be able to authorize the creation of content without relying on an intermediary (like the platform). This is made possible using digital certificates because both the data and the identity are authenticated and secured.

A continuing story

A Web3 world that removes traditional “middlemen” in favor of decentralization has potential for creators and regular end users to gain more control over their data — but only if issues around digital trust, transparency and reliability are successfully addressed. As the story of the internet continues to be written, organizations able to anticipate these issues ahead of time and prepare to address them will be well positioned to adapt as Web3 continues to become a reality.