Blockchain platforms against governments and Facebook

We live in a moment of unprecedented concern on identity. Fears abound that our personal data is being misused by distant third parties, whereas these data have become more valuable to us at a time when our identities and identity policies on which they are based have become more central to our lives . It is in this context that blockchain technology has appeared, and while its application beyond cryptocurrencies is still limited, protecting our online identities and data more securely seems to be one of its most central applications.

In its basic scheme, the use of blockchain in the personal data protection area is simple: our data is stored in an encrypted form on a decentralized network and we can grant other parties the same information. access to (some of) these data through the use of our private keys, in much the same way that the use of our keys allows us to send cryptocurrency to someone else. By virtue of this basic framework, blockchain technology promises to put control of our data in our hands, at a time when Facebook and other technology giants have abused and misused. And since crypto-giants like Coinbase have recently moved into the decentralized ID area, it would seem that it already has strong support and support within the cryptocurrency industry.

However, as far as all this seems in principle, there are a number of challenges – some techniques, some commercial ones – that need to be overcome before the blockchains can be used on a large scale to protect personal data. The companies working in this area are facing these problems from different points of view, but it seems that in resolving them it is necessary (partial) to move away from the "complete" decentralization ideals.

And even when the technical challenges are all over, there will still be the problem of weaning people on platforms like Facebook, which – thanks to the profits of centralization – can afford to offer the public a seductive "free" and refined service.

Control and Privacy [19659006] Alastair Johnson, CEO and founder of the e-commerce platform and ID Nuggets, Johnson understands the pitfalls of storing masses of ID data in centralized silo all too well.

"Today, the reality is that people do not control their personal data On average, a person has personal data – in the form of payment card details, home addresses, e-mail addresses, passwords and other personal details – distributed over about 100 online to Can access these data but do not own them. "

In contrast, the use of blockchain technology gives the user a new control, which will be authorized to share their data ID only with the parts that will approve. This is achieved primarily through the use of "decentralized identifiers" (DIDs), as explained by the Sovrin Foundation, which is building a blockchain platform to provide individuals with "self-sufficient identities" (ie, an ID they can carry with them from platform platform). As we read in its white paper, "decentralized identifiers" (DID) do not only encode information that identifies someone like, for example, a woman, an Asian, 35, and live in France, but they also evade the need for a & # 39 centralized authority to verify the ID

"A DID is stored on a blockchain together with a DID document containing the public key for the DID, any other public credential that the owner of the identity wishes to disclose and the network addresses for interaction documenting by checking the associated private key. "

In other words, a protocol is created for a special blockchain, users record their ID data on this blockchain and then use their private keys to decode these data for the chosen parts. This is the type of system also used by Nuggets, even if in your case we are talking about "zero knowledge storage", since nobody else knows what your data says about you. And it is also the system on which Coinbase is working, which on August 15 announced the acquisition of Distributed Systems, a startup focused on ID. Having purchased the San Francisco-based company for an undisclosed amount, it will now develop a decentralized access system for its cryptographic platform that will allow users to retain ownership of their identification credentials.

"A & # 39; decentralized identity will allow you to demonstrate that you own an identity or have a relationship with the Social Security Administration, without making a copy of that identity," he wrote in his press release .

With this approach, there is little chance of a Cambridge-style scandal analysis in which data is shared with unwanted groups or individuals, while also conferring unprecedented power to the individual user, who is likely to be dealt with much more respect from companies now that its data are on offer so scarce. As explained by Johnson, this provides a huge improvement over the current level of business.

"[Personal data] is stored and controlled in a series of centralized databases controlled by institutions such as retailers, marketing companies, public services companies and data reporting companies. In order to make online purchases, people simply authorize these different bodies to link the different information in their possession to authorize a transaction. "

However, while the individual user is currently dependent on hundreds of different companies to store and transmit their data to access the services, the introduction of the blockchain technology completely cancels the balance of power. Johnson shares with Cointelegraph:

"Blockchain-based solutions overturn this model so that individuals can store and control their data associated with a digital identity." It is not stored in the centralized databases of third-party organizations. be stored on the blockchain in a decentralized network, with the individual controlling their data in this way, so they have full control over not having to share or archive anything using claims, tokens or references and share them only if and when you choose to do it. "

Yet, this is just the tip of the iceberg, as is the use of blockchain technology to confirm who provides us with many additional benefits besides the user's control. For one, privacy increases, since with many of the platforms proposed, ID credentials will not even be disclosed to those parties and organizations that require verification.

This is enabled through the use of zero-knowledge evidence (ZKPs)), a cryptographic method that can prove a claim without actually sharing the data ("knowledge") through which the request is demonstrated. ZKP have been implemented by Sovrin and are also planned for use by startups such as Civic, Verif-y and Blockpass. Using them, these companies will make the verification process of identity easier and more efficient, while opening the possibility of memorizing the biometric ID on the blockchain. Organizations that verify our IDs will save the headache of having to securely store personal data after validating it, which in turn eliminates potential vulnerability, as these organizations would normally store all data received in a centralized database .

And although not all decentralized identity platforms will employ ZKP, others will still use functionally similar methods. For example, SelfKey uses a technique that describes as "data minimization", which "allows the owner of the identity to provide the least amount of information possible to satisfy the relying party or the verifier". This circumvents the need to develop advanced technologies such as ZKP, although it raises questions about what is meant by "minimum". SelfKey writes that "complaints can be signed in a way that you can choose to reveal only a minimum of information". But without a more formal specification of "minimum" and "choice", it is conceivable that such functional approximations of ZKP can reveal more data than some users would like.

Security

In addition to providing greater user and privacy control Blockchain-based ID verification platforms are more secure than their centralized counterparts. This is because, being distributed across multiple nodes, they will not suffer from having a single point of failure like traditional ID systems – eg. government databases, social networks. As a result, one or two nodes of a blockchain may become inactive and users will still be able to use it, while the encryption in question prevents sensitive sensitive information being collected from sensitive public information.

By removing the single point of failure, decentralized ID platforms make a big one, Yahoo! hack style almost impossible. Instead of being able to penetrate a centralized database that contains all the user information in a single location, hackers will have to obtain private keys for each individual on a one-for-one basis, which is extremely unlikely in practice. Alastair Johnson concurs:

"The main advantage of a decentralized ledger of personal data on a centralized database is the security against the hackers it provides.We are all aware of the main data breaches that have occurred in recent years, such as those of Equifax in 2017. These centralized databases act as magnets for hackers who often only need to exploit a single vulnerability to eliminate or extract data from them. "

In contrast, decentralized registers are not as sensitive to cyberattacks. "The hijacking of a single node will not interrupt the continuous functioning of the ledger, since the other nodes can continue to operate without the involvement of the compromised node and the network requires the consent to demonstrate the blocks."

Security is part of the reason why the Indian government, for example, is turning to the blockchain for its AADHAAR database – the world's largest biometric identification system, containing data for over a billion people – because the country has been the victim of repeated hackings in the last year. [19659002] With such a renewed platform, there will be a number of security advantages. The transparency and immutability of blockchains would mean that users are able to see when their data has been consulted and by whom, providing a deterrent to any potential hacker. Likewise, this transparency and immutability can only be violated in the unlikely event that a bad actor takes control of 51% of the blockchain nodes, which in theory would allow access to the data and thus delete the corresponding records of this illegitimate access.

Currently AADHAAR is not based on the blockchain, while a project comparable by the Dubai government to use the blockchain-based ID at the international airport is still under construction. However, a government-driven ID system using DLT (distributed ledger technology) is currently in Estonia. The KSI blockchain (Keyless Signature Infrastructure) forms the backbone of various electronic services, including e-Health Record system, e-Prescription database, e-Law and e-Court systems, e-Police data, and- Banking, e-Business Registry and e-Land Registry.

Again, the use of KSI Blockchain provides greater transparency than previous systems, since it detects when access to user data was made and when it was changed. And as the e-Estonia FAQ explains, it is much faster than traditional platforms in detecting data abuses:

"[It] currently employs organizations […] about seven months to detect violations and manipulation of electronic data.] as that which Estonia uses, these violations and manipulations can be detected immediately. "

Not only are the violations able to be detected immediately or quickly on a blockchain-based identification system, but it is more likely that are detected more quickly with a centralized platform thanks to their public and continuous access to the control of a wide range of experts in armchairs and professionals, as highlighted by PolySwarm's CTO Paul Makowski in a post on the December blog on intelligence of decentralized threats:

"Geographicalally diverse security experts experienced in reverse engineering or can provide a v unique experience will be able to exercise their knowledge from the comfort of their own home or (and every time) they choose to work. "

Standardization, interoperability

At the present moment in history, the digital identity systems of the world are separated from one another, separated in a way that forces people to create new accounts and new ones. data for practically every digital service they use.This causes the proliferation of personal data to dangerous levels, making data breaches and cybercrime much more likely, for example, the cost of identity theft has reached $ 106 billion only in United between 2011 and 2017, at a time when the average consumer has 118 impressive online accounts (at least in the United Kingdom, where data were available). [19659002] Blockchain-based digital ID systems offer 39. Release While most of the chains are currently cut from one another, the standards for sovereign digital identity have been devised by the Digital Identity Foundation (DIF) and the Wo rld Wide Web Consortium (W3C). Likewise, a number of startups are building interoperability platforms that link together separate blockchains, including Polkadot, Cosmos and Aion. By working to reach an ecosystem where the standards of an identity platform are accepted by all other platforms requiring ID verification, such organizations could drastically reduce the amount of personal data that people have to produce. Instead, users would create an account with a blockchain-based ID service, which they then use to register with a range of other services and systems.

Never Stop Marketing CEO Jeremy Epstein said in a December blog:

"Interoperability standards release capital and time to generate value. Furthermore, it offers the possibility to share security (making the whole system more robust against attacks) and to allow untrusted transactions on chains. "

Blockchain interoperability is still a nascent field and different organizations are pursuing different approaches However, to give an example, Polkadot aims to achieve interoperability through its" heterogeneous multi-chain ", which has three fundamental components: the "parachutes", which are actually the individual blockchains connected, "bridges" that connect each parachute to the Polkadot network and therefore the same Polkadot network, which is a "chain of relaunch" of the various connected parachutes. [19659002] Other roads to interoperability diverge from this, with Cosmos achieving inter-chain communication through the use of the Tendermint consensus algorithm and the Aion network that monetizes interchain transactions, however, assuming that an interoperability platform receives dop-in the blockchain ecosystem, users will find that they will only have to register their personal data once. from now on, they will be able to provide the ID certificates to other platforms safely and quickly, without having to disclose any of their data to the companies and services they use.

Climbing to a new type of blockchain

The advantages promised by blockchain-based identification systems – control, security and standardization – are all enticing, but questions remain about how feasible these systems are and how long we will have to wait for are released in a fully functional form. Furthermore, there is also the concern that – for all the improvements offered by blockchains – as a society we can still remain married to "traditional" online services and to the organizations responsible for them, who can actively resist the adoption of platforms decentralized that allow us to keep the data to ourselves.

It is not surprising that the biggest problem in terms of feasibility is that of scalability, so often the Achilles recover from many crypt based projects. Since an identification service should, by definition, be able to serve millions of people, any blockchain that forms the basis of this service must be remarkably scalable. However, so far the most popular blockchain for decentralized applications (DApps) – Ethereum – was almost overthrown by a popular video game last year, CryptoKitties. This is the reason why most of the platforms mentioned above are not built on one of the best known blockchains, but rather on proprietary registers, some of which do not meet the conventional definition of decentralized blockchain.

For example, Enigma is a "decentralized computing platform" that was designed for use with identity verification, among other things. As described in the white paper, it solves the problem of scalability by delegating all "intensive calculations to an off-chain network". This network also stores all user data, while the blockchain itself simply stores "references" to this data. In other words, the Enigma platform is not really a blockchain and while its offline network is still distributed (although each node sees separate parts of the overall data), this is not decentralization in the way, for example, it is the Bitcoin blockchain.

Something similar could be said for other blockchain-based ID platforms: the KSI blockchain of Estonia is not a full-fledged blockchain that uses asymmetric key cryptography, but rather a ledger based on Merkle. Meanwhile, the Sovrin network reaches consensus through a limited set of "validation nodes", probably making it less decentralized than certain other blockchains. Compromises reveal that if an ID platform needs to be scalable (and even private), it needs to be less distributed in certain areas – and probably less secure as a result. But more importantly, from a practical point of view, it is also or needs to redefine and adapt precisely what is a "blockchain", since the most familiar chains are not currently at the height of the task of protecting and communicating our personal data on a large scale.

Acquired interests

This is why even the most advanced projects have roadmaps that go beyond 2020, since a usable ID platform requires a new type of distributed ledger that requires cryptographic transparency with the need for individual privacy. And even if any of the above platforms will reach this goal at any time, they will have another huge obstacle to clarify: the dominance of existing identity referees, including social media giants like Facebook, as well as national governments.

Government Initiatives [19659006] For example, the British and Australian governments have invested millions in building their centralized ID verification systems in recent years, making it unlikely they can easily give way to an alternative decentralized. Likewise, the idea of ​​Facebook to review itself with a truly decentralized platform – in which users keep their personal data secret – is frankly unthinkable to see how the social network collects billions of annual profits from the sale of our data to the highest bidder. It is also widely used to identify people online, so it is unlikely that it will easily abandon its domain to blockchain-based platforms.

That said, a small number of national and state governments (eg, Singapore, Illinois) have been tested blockchain-based identification systems. Furthermore, data within the nascent cryptographic sector are confident that public and private organizations will be forced to decentralize or fall down the road.

"When you manage a centralized system that gives your organization control and allows you to benefit from this position, it is understandable that you can be resistant to change," says Alastair Johnson. "But when there is a penalty if this information is violated in the form of fines, loss of the share price and cost of recovery of the situation and of all PR damages that occur with a violation, companies will start to see that the model must fundamentally change. "

A key factor in this change could be public sentiment, which has already moved in the wake of the Facebook-Cambridge Analytica scandal. "The blockchain offers clear advantages for customers in terms of control over personal data and digital identities and I expect the public recognition of this transition from a cohort of new users to an early majority in the near future," says Johnson. "On the other side, I expect organizations that have already suffered violations in their centralized databases to be among the best available to adopt blockchain-based solutions, while trying to rebuild trust with consumers."

One could argue that spotting free services based on ads like Facebook will be increasingly attractive to the average user – a view reinforced by the fact that Facebook has seen a 13% year-on-year increase in users in April, despite the recent loss of younger users following the data collection scandal mentioned above. However, Johnson believes that a gradual change of course in attitudes is taking place.

"The" Delete Facebook "movement is a sign of change, as is the constant scrutiny that the technological giant is undergoing from the American and European authorities, and people are starting to realize that their personal data is precious: not only it could block monetization for oneself, but also eliminate the kinds of expensive personal data that I have lost personally. "

And although blockchain technology is still largely unproven outside of the cryptocurrency domain, it will start to win conversions as soon as it demonstrates its superiority over previous systems when it comes to privacy and security.

"At this time, there may be hesitations to adopt decentralized platforms, but its common sense is that personal information should be owned and controlled by the person, and will therefore prevail."