Decentralized identity: is privacy worth the risk?
Users are increasingly sharing their sensitive personal information in exchange for convenience services. The developers of decentralized identity believe there’s a way to preserve privacy when leading increasingly interconnected lives.
Data breaches happen daily, and companies endlessly exploit our information, which is the ultimate price for their “free services.” Will decentralized identity put an end to this?
An average person in the US has 70-80 accounts. This means at least 70-80 different opportunities for malicious hackers to steal your identity. And it’s no rocket science for them to figure out how to do that, having in mind our poor cyber hygiene - we express our affection to pets by using their names as passwords and can’t break the habit of reusing sign in details. The fact that each of us has approximately one hundred passwords, according to the NordPass researchers, partly explains this phenomenon.
But even if you are being smart by using complex passwords, reputable password managers, and multi-factor authentication, you are still in danger. You’ve already given some kind of personal information to the different services you’ve registered for - from your social media account to your local clinic - and they are not hack-proof.
Therefore, the blockchain community advocates the need for a decentralized (self-sovereign) identity. It is supposed to give more power to users over their private data. But with greater benefits comes even greater responsibility.
What is decentralized identity?
Now, each time you sign up for a service, a provider (government, university, hospital, social network, etc.) collects some personal information about you and stores it in their databases. This means that your data ends up in many different databases, with you having very little control over it.
The decentralized identity (or self-sovereign identity) allows you to manage all your identities yourself. You receive credentials from issuers, such as the government or university, and store them on your digital wallet. You verify your identity through a blockchain-based ledger, which does not store user data when you need to. In this case, your information is controlled only by you and doesn't end up in countless databases ready for companies and malicious hackers to exploit.
"You manage your identity yourself. You can choose in what kinds of scenarios or situations you want to use it. You can also use different identities in different scenarios," Jun Li, the founder of Ontology, specializing in decentralized identity and data, told CyberNews.
In this case, you can have as many identities and accounts as you want without worrying that a certain service provider can be hacked because it doesn't store any information about you.
"You use crypto information. You have a public key. It is like your account name. And you have another - private - key. It is controlled only by you. In all the scenarios, applications, and systems, you will have to verify your signature. Your private key creates the signature. The private key is like the password. The difference is that the password is not stored in third-party databases. You control it. They don't know what private key you have. You use it to verify your signature," Jun Li explained.
According to him, decentralized identity is already being used in many applications. The blockchain community, naturally, is an early adopter of the concept.
"To be honest, the blockchain community is small compared with the mainstream internet community. I think in the next two or five years, we will have more mainstream scenarios with decentralized identity," he said.
Over 1,5 million users are managing their digital identities using ONT ID, Ontology’s decentralized identity application.
Decentralized identity is still in quite a nascent stage. In 2018, Microsoft published its first blog post underlining its commitment to the concept.
"Each of us needs a digital identity we own, one which securely and privately stores all elements of our digital identity. This self-owned identity must be easy to use and give us complete control over how our identity data is accessed and used," the company said.
Earlier this year, Microsoft's Decentralized Identity team launched the ION Decentralized Identifier (DID) network on the Bitcoin mainnet.
In November, Ontology announced a partnership with bloXmove, a business-to-business mobility blockchain platform. bloXmove is integrating Ontology’s decentralized digital identity protocol (DID) into its platform, providing users with a decentralized identifier that will allow them to share their verifiable credentials, such as driving licenses, in a private, secure, and encrypted way.
“The rapid increase in the digitization of transport and emergence of digital mobility apps enabling individuals to avail of cars, scooters, bikes, flight and train tickets, and more has resulted in a fragmented infrastructure that requires users to sign-up to various applications over and over again. This has led to a proliferation of data exchange, as users are increasingly required to hand over sensitive data,” the company said.
In this case, consumers will be able to use different transportation options without sharing their sensitive information with the service providers.
In 2019, Irene Hernandez, a founder of cybersecurity company Gataca which provides decentralized identity solutions, listed as many as 35 different use cases of decentralized identities, notifying that the list is not limited. You could use it while traveling, studying, declaring taxes, accessing public events, sharing a ride, checking in to concerts, etc. These different services now collect vast amounts of sensitive personal information, such as your visa, passport information, income, work permit, car registration, etc. If you used decentralized identity for all of these services, you wouldn’t need to share this information - only to verify that it’s you.
And here comes the tricky part with decentralized identity. You have all the control over your data, which also means that you have to take full responsibility for it.
Who is responsible for your identity?
Once you switch to decentralized identity, you control your personal information. It also means you are responsible for its security.
“Now, for example, Facebook controls your information. But you can choose to manage that information by yourself and store your social network information on your mobile device. In this case, you need to make sure information is safe by yourself,” Li Jun explained.
While Facebook doesn’t support decentralized identity at the moment, there are social networks that leverage blockchain technology and multiparty computation to preserve user privacy. For example, Partisia Blockchain partnered with Insights Network, a market research firm, to launch Instars, a decentralized social media platform. Users can opt-in to every interaction rather than opt-out of certain features, as it is common with current mainstream social networks. If a user decides to interact with a particular advertiser, the economic value is transferred directly to the user and not the social media platform itself.
The great thing about decentralized identity is that companies can’t trade your data without your explicit consent. If you choose to share with an advertiser, you will get paid. Instead of ending up on endless databases, your data will be stored on your device or, for example, on a cloud. You will be the one to decide how sensitive it is and how many layers of protection you want to put on it. You will have to do backups, choose reliable protocols, etc.
But Li Jun assured me that securing your data is not that difficult. You need to choose trusted and safe protocols.
“For example, Bitcoin, Ethereum. They secure billions worth of digital assets for trading and transactions. They already have some security records. You can trust to use that protocol to manage your identity. My information is not so valuable, compared to those billions of dollars,” he said.
Will we ever be in charge?
In the light of significant leaks, such as Twitch or T-Mobile, the concern about privacy is only growing. It seems that the technology for us to be in charge of our data while making it more secure at the same time is already here. Either you engage with something built on Partisia Blockchain, TIKI, ImagineBC, Permission.io, or any other privacy-focused platform there is.
Recently, I've interviewed the CEO of Brave Software, Brendan Eich. He believes that consumers will have to drive the market towards privacy-preserving tech.
"We can have both the fun, innovative parts of technology and privacy or anonymity where we want it, or pseudo-anonymity. But we need to have people develop these products, and we need users to use them. It's not in the interest of Google or Facebook to develop these protocols," he told CyberNews.
Some experts are optimistic and believe that recent hacks and leaks push towards this change. However, others are convinced that companies such as Facebook and Apple firmly standing on the ground will not budge easily as they desperately need users' information.
"For instance, as early as in 2016, Facebook supposedly generated US$62.23 per user in the United States and Canada from advertising. It is probably reasonable to argue that users' time for viewing advertisements should be compensated and, therefore, that part of Facebook's profits should be redistributed to consumers," Nir Kshetri, a professor at the University of North Carolina-Greensboro and a research fellow at Kobe University, told CyberNews via email.
More from CyberNews:
Alliances between threat actors have led to the rise of the ransomware empire
Only up to five percent of ransomware cases are caused by phishing - interview
NSO Group's spyware used to hack US State Department iPhones
Over 50,000 European business users exposed in a data leak
Your organization’s network can be used to mine Monero: report
A glitch in the Revolut banking app sparked fears of a hack
Subscribe to our newsletter
Your email address will not be published. Required fields are marked