Before you read past this paragraph, take a moment to think about how you’d define . Is it just an aggregation of access rights? How much of your physical, real-world identity does it represent? How much it represent? digital identity should Christian Lundkvist, a engineer at , it from a high level as a “digital object that maps to a physical entity.” Lacking a universally accepted definition, I’ll move forward here with this understanding of the concept. But, of course, that really only represents what digital identity should be, not necessarily what it is. blockchain ConsenSys defines In most of the web applications we use, our accounts don’t have to correspond to a single physical thing at all — any person, group of people, or program can do whatever they want with them if they can provide a password. That password is all that stands between most peoples’ private data and the rest of the internet, and that’s a huge problem. Password protection has , and lately, it’s become a trivial barrier for hackers to overcome, even with all the meant to make them more complex. Other approaches — two-factor authentication, for instance — have . always been unreliable popular guidelines fallen short, too In 2017, these methods just aren’t enough to provide any real security. So how could we possibly expect that these accounts, which are easy to create, easier to access, and completely vulnerable to attack, would map to discrete physical entities with any level of reliability? Maybe the reason there isn’t a universally accepted definition of digital identity is simple: we don’t really have any working concept of it to begin with. Sure, your browsing history and all those accounts — tiny fragments of your digital self — are strung together in giant folders at a dozen corporate server farms, but we can’t access them. That means we also can’t use them to validate that composite image, which might actually be something like a true digital identity, in any usable way. And validation is really the fundamental challenge in establishing a trustworthy identity, digital or otherwise. Any time you need to prove an attribute of your identity — for instance, if you claim you’re older than 21 in order to buy some beer — the first response you should get is “Ok, who says?” You can then provide your driver’s license as proof, because if the license passes security checks and states your age, the “challenger” can reasonably trust your claim. Wouldn’t it be great if we could create some digital object like that driver’s license, complete with its security measures, its authority, and its universal acceptance? A young man proves he’s old enough to purchase alcohol in this flawless example of the effectiveness of modern authentication The answer — — is blockchain technology. This isn’t meant to be a comprehensive overview of blockchains, but if they’re new to you, here’s everything you need to know in the context of this article: a blockchain is a big ledger of data (collected in chunks called “blocks”) that anyone can download. Once it’s synced, you can contribute to it and compare it against other peoples’ copies of the chain to verify its contents. Based on some pretty cool algorithms, this network of users can on what’s valid in the chain and deter invalid behavior. of course come to a consensus This is how cryptocurrencies enforce scarcity — in other words, they make sure you can’t spend the same dollar twice and that the supply is limited — and its use has expanded to include executable code (i.e. “smart contracts”). When a contract is deployed to the blockchain, its users know it will be executed in the same way by every party involved: this means you can trust the network and the code, so you don’t have to worry about whether you can trust the people you’re interacting with (just like traditional legal contracts offset trust in non-digital business relationships). Ethereum In other words, a smart contract could be a digital object like that driver’s license: if a valid source attests to your age in a trusted contract, the clerk now has proof that you’re old enough to drink, and will then finally sell you that Smirnoff Ice you’ve been trying to buy since four paragraphs ago. A smart-contract-based identity on the blockchain could validate practically anything — that you’re a real person and not a robot, your association with a particular Facebook account, your credit score — and you could selectively prove whatever attributes are relevant on a context-by-context basis. In fact, you don’t even need to reveal any of it to anyone: Ethereum has validating , which are that can satisfactorily prove that you know (or digitally possess) a thing without actually revealing that thing. already begun zero-knowledge proofs crazy math operations And even as some critics call it far-fetched, progress continues: for example, (a project built on Ethereum) has successfully built a usable alpha and a talented team of developers, and at least one has already started to leverage the technology to manage its population’s legal identities. Concerns about privacy on a blockchain — motivated by the public nature of the data on the chain — fail to account for Ethereum’s capacity for zero-knowledge proofs. uPort city government Skepticism is granted in any bleeding-edge space, but the unavoidable truth is we desperately need a new approach to how we manage identity online. The riskiest path forward is the one we’re stuck on now. How many followers would Trump have if Twitter forced its users to prove they were human? election-related tweets in 2016 came from fake accounts, and at least suddenly disappeared after pushing for Brexit. This problem has been around for longer than that, though: for years, have been using bots to spam hashtags their people rely on to organize, or to misrepresent their support and spread propaganda, or to engender viral, divisive content meant to . Even back in the 2012 US election, an incredible were bots. One in five 13,000 bots authoritarian regimes destabilize populations 92% of Newt Gingrich’s followers These networks of bots are cleverly designed to push their fake news on people who will retweet it, and to obscure the real truth from anyone who might try to verify its often-bonkers claims. They’re getting , too, and today represent an to the freedom and agency of everyone, worldwide. And people talk about this problem like it’s impossible to fight: how could we filter all the news on a social media platform? How could we possibly fact-check every post? bigger, better, and cheaper imminent and substantial threat Artist’s rendering of a bot network spreading fake news If we could just require a user to prove they’re a human before giving them an account, though, we wouldn’t really need to do any of that. Suddenly, there’s a real concept of digital reputation, and of course, these false narratives are to catch on in the first place. It’s just that weird dude from high school posting about PizzaGate, without the support of fancy-sounding strangers with phony credentials, and the unfiltered story now looks to everyone like the lunacy it truly is. dramatically less likely And that’s just one of many implications that come from a robust mechanism for digital identity: maybe we could begin to do something about the worldwide without a verifiable identity in form, which could help them get access to healthcare and education while protecting them from the forced labor and human trafficking they’re exposed to now. Or maybe we could avoid the next Equifax-level data breach, since we wouldn’t need those giant repositories of hacker-bait anymore. 1.1 billion people any If you’re thinking, “this guy is just caught up in blockchain hype,” you’re not totally wrong. But I’d remind you that I never claimed a purely self-sovereign model is necessary to fight these problems. What I’ve discussed is really quite similar to how we have always validated our identity: by providing the attestation of a mutually trusted third-party. All we need to make the current system better is a way of avoiding fraudulent attestations and providing trustworthy ones, and a blockchain happens to be a tool . And whether or not you’re with me on the hype, we can at least agree that the problem of digital identity could really benefit from a fresh approach. designed to do just that And, really…what’s fresher than blockchain?
