Why Civic Believes Privacy-Preserving Innovation Is the Key to the Future of Digital Identity
In Brief
Civic is revolutionizing digital identity with solutions like Civic Auth, ensuring secure authentication across Web2 and Web3 platforms and addressing challenges in identity verification.
Civic is redefining digital identity in the industry where trust and security are more important than ever. With solutions like Civic Auth, the company bridges the gap between Web2 and Web3 and enables seamless and secure authentication for both traditional and decentralized platforms. At the helm of these efforts is JP Bedoya, Chief Product Officer, who brings years of expertise in identity management and a commitment to advancing user-focused, privacy-preserving technologies.
In this interview, JP highlights Civic’s approach to tackling key challenges in identity verification, from combating sybil attacks to ensuring data privacy. He also explores the broader implications of Civic’s work, including the future of self-sovereign identity and its potential impact across industries like healthcare, finance, and education.
Can you start by giving us a quick introduction to your background?
My background is rooted in product roles, and I’ve worked in diverse areas like agricultural tech, media, and portals. I joined Civic in 2018, and for the past six years, I’ve been deeply involved in identity management. Identity has always been essential to me. It underpins everything we do, whether it’s onboarding someone, determining access rights, or ensuring security in our digital interactions.
As technology becomes fundamental to our lives, and with AI’s growing role, understanding who we’re interacting with is even more critical. AI isn’t inherently bad—it can be fantastic for many things—but it’s vital to know whether you’re dealing with an AI agent or a real person. This is a core focus of our work at Civic, particularly as we rethink identity management with innovations like Civic Auth.
Civic Auth was recently announced at Devcon. Can you tell us more about it? How does it integrate with traditional identity systems?
Civic Auth doesn’t aim to replace traditional identity systems. Instead, it aggregates existing federated identities like Google Login, ORGX, GitHub, Microsoft, and Apple. This way, we cater to both Web 2 and Web 3 users.
For instance, a Web 2 company might want to enable crypto-natives to use their app. These users could authenticate using their MetaMask or Phantom Wallet, which serve as their identities. On the flip side, Web 3 companies might want to provide a traditional Web 2 experience, using Web 3 infrastructure behind the scenes.
Civic Auth bridges these worlds. It allows users to log in with traditional SSOs while seamlessly integrating features like embedded wallets. Whether the end user knows they have a wallet or not is up to the application—what matters is ensuring a smooth and secure experience.
How does Civic ensure user privacy and security during identity verification, especially given growing concerns about data misuse?
Privacy and transparency are key to everything we do. It’s not inherently bad to store data, as long as users are informed and consent to its use for specific purposes. Civic provides tools for our customers to be transparent with their users, ensuring all personal information sharing is user-initiated and consent-driven.
We also allow users to store their personal information with us in an end-to-end encrypted format. This makes onboarding faster and more efficient, especially for processes like KYC. Users can reuse their stored data for future interactions without compromising security.
Additionally, our platform supports privacy-preserving tokens. After verification, we issue a non-transferable token to the user’s wallet. This token confirms their verified status, making re-authentication simpler. For instance, our re-authentication checks can confirm a user’s control over their account, addressing issues like black-market sales of verified accounts.
Sybil attacks are a significant problem in many systems. How does Civic address this issue?
Sybil attacks involve gaining an unfair advantage over a network by controlling multiple accounts. To counter this, we developed a proof-of-personhood solution that links one human to one wallet. Using biometrics, like a video selfie, we create a unique 3D facial map to ensure only that individual can access their account.
If someone tries to game the system, such as creating multiple accounts, we can block their attempts. Over time, we’ve identified patterns like “face farms,” which are similar to CAPTCHA farms but involve groups trying to bypass biometric checks. By detecting and blocking such bad actors, we protect our customers.
Moreover, our solution supports cross-chain functionality, enabling stronger networks of good actors. This multi-chain approach works across EVMs and Solana, fostering trust within ecosystems while making Sybil attacks increasingly difficult.
Could you touch on how Civic’s solutions have been tested?
We’ve been refining these solutions since 2021 when we first launched them during the NFT minting boom. Back then, we faced millions of bot attacks targeting mints, which helped us scale our platform and enhance its resilience.
Today, our solutions are robust, with proven performance under high attack volumes. Our multi-chain support also provides added flexibility, allowing customers to safeguard their ecosystems across different networks. Civic Auth and our broader suite of tools are designed to address both current and emerging challenges in identity management.
What do you see as the most critical barrier to the adoption of Web3 identity systems? And how can companies like yours overcome these barriers?
One of the main barriers is the lack of regulation. A lot of projects focus only on vanity metrics—numbers that look good to venture capitalists. You see this in airdrops and farming opportunities where projects just want inflated user numbers because that’s what VCs care about. Regulation will change that. It will require DeFi projects—and likely NFT projects soon—to follow rules, including basic measures like age checks.
This is a big issue in gaming, too. Many Web3 games ignore age verification, which can lead to inappropriate content being accessible to kids. As a parent, I want my kids to enjoy games, but there have to be proper guardrails. Another challenge is VCs themselves, who often encourage the “pump and dump” culture. This creates a vicious cycle where projects inflate their numbers to attract investment, but there’s no focus on genuine user engagement. If VCs prioritized real usage instead of quick returns, the industry could shift toward long-term value.
What role do you see for biometric authentication, like facial recognition and fingerprints, in enhancing the security and verification processes of digital identity?
Biometrics are already playing a key role. For instance, our proof-of-personhood product uses video selfies. We’re also exploring options like fingerprints and palm readers, though not iris scanners yet. Mobile devices are central to this shift, especially as manufacturers like Apple, Google, and Samsung expand their biometric APIs.
Apple, for example, now allows digital IDs in their wallet, and they’ve moved beyond just Face ID to include facial recognition matching. But even with this, Face ID alone isn’t enough to prove that it’s the same person behind the device—it only confirms there’s a human. Biometrics will be crucial for distinguishing between humans and AI agents in the future, though not every use case will require them. For some applications, simple age verification or location checks might suffice, allowing AI agents to act on behalf of users without the need for additional biometric checks.
How do you see self-sovereign identity impacting industries beyond finance, such as healthcare, education, or charity? What are the most exciting possibilities for these sectors?
Self-sovereign identity is still in its infancy, and the main challenge is that people don’t want the responsibility it entails. They have to handle backups and deal with issues themselves. To make this viable, we need easier ways to manage self-sovereign identities. Eventually, many of these identities will be tied to governments, especially in sectors like healthcare, where a person’s history is critical.
For example, in healthcare, self-sovereign identity could allow individuals to securely store and share their medical history, which is essential for accurate treatment. But storage is a key issue—where do you securely keep this data? Our encrypted data store is a step forward. While it’s hosted by Civic now, we have no access to it; only the user’s wallet can decrypt it.
Once decentralized storage solutions advance to allow true data deletion, the potential for education, social welfare, and even charity will expand. Fraud reduction is another area where this can shine—billions of dollars are lost to fraud in social welfare programs like those in California. Self-sovereign identity could provide a fraud-resistant system while coexisting with existing structures.
Your platform aims to expand access to rights like voting and financial services. What challenges do you foresee in achieving universal adoption of these solutions?
Voting, in particular, is a tough challenge because it hinges on trust and auditing. Digital certificates and signatures could solve the problem, but society isn’t yet ready to trust these technologies. Estonia is experimenting with solutions like allowing voters to change their votes within a set period, which reduces the risk of coercion.
However, we also need to address the cybersecurity of voting systems and ensure proper auditing so every vote can be verified. Financial services are somewhat easier because they’re less tied to government control, but voting is highly sensitive. Smaller governments or local communities may lead the way in adopting digital voting, which could gradually pave the path for larger governments to follow.
How do you see the identity industry evolving over the next one to three years? What challenges will arise as Web3 identity solutions gain traction?
I think we’ll see Web2 and Web3 merging into a unified web, and identity systems like Civic will integrate beyond the Web3 space. Privacy will remain the biggest challenge, though. Transactions on public ledgers are permanent, which raises concerns about how much of our digital footprint should remain public.
Privacy-preserving solutions like zero-knowledge proofs will become increasingly important. Although they’re not yet commercially scalable, they hold immense promise. The public nature of blockchain also makes users vulnerable—someone who discovers the identity behind a wallet can trace their assets, which is dangerous. Balancing transparency with privacy will be the next big hurdle for the identity industry.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Victoria is a writer on a variety of technology topics including Web3.0, AI and cryptocurrencies. Her extensive experience allows her to write insightful articles for the wider audience.
More articles
Victoria is a writer on a variety of technology topics including Web3.0, AI and cryptocurrencies. Her extensive experience allows her to write insightful articles for the wider audience.
