Virtual worlds

Virtual worlds but real opportunities

What exactly is the metaverse and where exactly should the digital financial services industry focus its efforts?

One March 2022 Information from Wunderman Thompson A survey of over 3,000 people between the ages of 16 and 65 in China, the US and the UK found that while three quarters of them had heard of the Metaverse, only 15% said to be able to explain the concept of metaverse to another person (and half of them were probably wrong). These same people, when asked about their main concerns about this metaverse they didn’t understand, put children’s privacy first and highlighted a number of other data protection, privacy and security issues.

It seems that their answers illustrate a challenge for us (i.e. the digital financial services industry): how can we explain what the metaverse is and how can we provide confidence in our approach to privacy and security. So let me try to meet this challenge and tackle these two complex issues head-on.

First of all, what exactly is the metaverse? I’ve seen so many different descriptions of the new cyberspace for work, rest and play over the past few months that it’s really hard to know what most people mean by this. In fact, despite Gartner’s advice

prediction that by 2026 a quarter of the population will spend at least an hour a day in the metaverse “for work, shopping, education, socializing, and/or entertainment”, I doubt many in financial services industry can give more than a compelling and concise description of what this metaverse itself will be like survey respondents mentioned, other than it will be a bit like “Call of Duty” with Mark Zuckerberg dressed as a skeleton and there will be a roaming tiger at a JP Morgan branch in Minecraft.

Rather than complaining about the vagueness of the vision, I thought it would be a good approach to think from first principles about what the Metaverse is and what business strategies around it will be important. But where to start ?

real but virtual

The obvious starting point is virtual worlds. These have been around for many years, so it’s reasonable to wonder what will now turn these virtual worlds into metaverses? These are not Mr. Zuckerberg’s virtual reality headsets. I could use one of these now to play World of Warcraft in 3D or whatever and it would be great fun, but it would still be a virtual world. A metaverse is surely more than Second Life UHD.

The Financial Times has defined the metaverse as a collection of shared virtual worlds that are interoperable in the sense that people can navigate them while taking with them their digital identity and digital assets. Now, that seems like a very simple and practical description to me, and I really like it. It is a world where transactions take place between what Jaron Lanier called “economic avatars” (ie virtual identities that can own goods).

So we have a good starting point. The metaverse consists of virtual worlds with digital assets and digital identity. But what exactly are these digital assets?

Well, that’s pretty easy to answer: digital assets are tokens, and the protocols for moving those tokens are what’s called decentralized finance (or “defi”). Digital assets and decentralized finance together are loosely known as “web3”. Anonybit’s Frances Zelazny clearly described the relationship between the two when she wrote, “the metaverse depends on [web3]“, going on to say that users can expect “more democratization, inclusion and control of users, instead of having big tech and centralized gatekeepers.”

We could therefore say that the metaverse is composed of virtual worlds containing Web3 transactions. Now we are getting somewhere.

A return to this definition of the Financial Times. The metaverse is virtual worlds plus digital assets (i.e. Web3) plus digital identity. Now, it is in this last clause that we need some new thinking. Tokens and challenge are not a good way to implement identity and without identity we cannot complete the metaverse. We need identity to make our metaverse work.

It’s the identity, stupid

Professor Bill Buchanan OBE of Edinburgh Napier University’s School of Computing is a leading expert in cryptography and cybersecurity (and also a great lecturer, by the way). I always take what he has to say about things very seriously and totally agree with him on his comments about the nature of the infrastructure we need for the online economy.

Bill writes that we put together a set of interweb tubes with very little trust, then patched them up with what he calls “simple methods” (but what I might call string and sealing wax) . He says that “our digital future must move toward an infrastructure that properly embeds trust“and that ultimately web3 means the digital signing of transactions to support the true integration of the citizen’s digital identity into the digital world.

We already have the tools and techniques to implement these digital identities. We have private keys and digital signatures and computers and all the other components. We already have smartphones that contain Trusted Execution Environments (TEEs) capable of handling advanced cryptography (yet we send them totally insecure text messages and call it “security”). What we need is a way to use them in a really secure way and that’s where credentials come into play.

Why am I focusing on credentials? Well, in a recent post on the topic Vitalik Buterin (the genius creator of Ether

eum) and his co-authors write that “the economic value on which finance trades is generated by humans and their relationships. Because web3 lacks the primitives to represent such a social identity, it has become fundamentally dependent on the highly centralized structures of web2 which it aims to transcend, replicating their limitations.

This is the missing piece of our puzzle. Relationships that enable transactions, or what I might paraphrase as “the economy of reputation.” It is an economy where the fundamental catalyst of economic activity is not the identity of the counterparties but their references, not who they are but what they are: a regulated financial institution, a five-star carpool or one person.

check me out

Credentials, and more specifically verifiable credentials (i.e. if you show me your driver’s license, I can cryptographically verify that it is not a fake and that it is truly yours) are the way to go.

These verifiable credentials (VC) have a crucial role in resolving the “clash of the Titansbetween the emerging metaverse and growing demands for data privacy. The metaverse wants to harvest new, unexplored personal information, even to the point of noting and analyzing where your eyes go on a screen and how long you look at certain products. Privacy data, on the other hand, wants to protect consumers from this relentless pecking.

As David Blonder (legal counsel and chief data protection officer at BlackBerry) notes, since people will always trade security for convenience and the metaverse means a lot more user interaction than, say, a phone mobile, we (i.e. the industry) need to assemble a robust infrastructure that does not negatively impact user convenience. I think this will be achieved through the use of smart wallets, but that’s a topic for another day.

There you have it then. The metaverse consists of virtual worlds plus web3 plus verifiable credentials.


What I think is one thing, but what people who actually know virtual worlds think about them should take precedence. Epic Games CEO Tom Sweeney is one such person and his opinions, not the subject matter, are fascinating. He, for example, points to the domain of zero-knowledge proofs (the idea that you can verify that something happened without receiving any private details about it), which are a powerful technique for ensuring both privacy and security in a decentralized system and he’s absolutely right. There’s groundbreaking work going on right now to bring together zero-knowledge evidence and verifiable benchmarks, so when Tim says “I think this is going to be the backbone of much of the next century in technology” , he is almost certainly right.

Another visionary in the field is Philip Rosedale, the guy who founded Linden Lab (the home of Second Life) a generation ago and thus spent more time in the metaverse, or at least the proto-metaverse, than practically anyone else on the plant. That is why his opinions on the subject are of paramount importance. After Linden Lab he started a VR startup which later turned to spatial audio (so perhaps Scott Galloway’s insistence that the metaverse come via AirPods rather than headsets is considered more than i didn’t think so).

In an interesting twist, this startup is now investing in Linden Lab and Mr. Rosedale is returning as a strategic advisor. There was a very interesting article about his perspectives on the metaverse in “information“. What particularly caught my attention, given my obsession with digital identity as a fundamental platform of the new economy, was his vision of “real” names. He says that persistent pseudonyms are at the heart of the metaverse and that “real names, for so many reasons, are not where we want to go, because not everyone wants to use their real name or their real face”.

When you put all of that together – virtual worlds where people want to do business, decentralized finance moving tokens, and persistent pseudonymous IDs with verifiable credentials as token owners – I think you can see a clear and consistent definition of the metaverse as well as the strategic outline for the financial services industry’s response: manage digital assets and customer digital identities to keep safe in this new world.