paint-brush
Everything You Ever Wanted To Know About Decentralized Identitiesby@michielmulders
347 reads
347 reads

Everything You Ever Wanted To Know About Decentralized Identities

by Michiel MuldersOctober 4th, 2020
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Decentralized identity is an important use case of blockchain technology. It will change the way people share, access, and control their information. The most important benefit that decentralized identity will bring is that it will lead to a reduction in large scale data breaches. With a decentralized identity system in place, ownership of data is rightfully placed back in the hands of the individual to whom it belongs. We are replacing the marketers who collect and sell our information. We're not able to formally prove their identity. It’s estimated that around 1 billion people do not have any proof of identity.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Everything You Ever Wanted To Know About Decentralized Identities
Michiel Mulders HackerNoon profile picture

There's no denying the benefits to mankind brought about by the digital age. The ease of which we can transfer, process, and apply information has led to many breakthroughs impacting all aspects of daily life.

However, the regularity with which we now share personal information has led to a massive increase in identity theft, which is becoming one of the most talked-about issues in recent times. Nonetheless, there's technology that can help return the authority over your personal identity to the individual. 

We are talking about blockchain technology! Decentralized identity is an important use case of blockchain technology. It will change the way people share, access, and control their information.

The current world has come a long way from the days of floppy disks. Today, cloud computing has become the new norm, and the current data processing and storage systems give rise to additional issues. 

Many organizations such as stores, banks, and governments have (un)intentionally become a part of identity management networks. They store and process huge amounts of personal data daily. But is your data truly secure with them?

Many recent data hacks prove that these organizations are not yet prepared to properly secure our personal information.

Luckily, blockchain-based identity has come at just the right time, as it has the power to safely return the authority of your personal data over to you. Let's explore decentralized identity in detail. 

Contents
#1. What is a decentralized identity?
#2. Why do we need decentralized identities?
#3. Why would you use a centralized credential system?
#4. Why does an identity matter?
#5. What about Europe’s General Data Protection Regulation (GDPR) standard?
#6. Challenges of implementing a blockchain-based identity system?
#7. What are Decentralized Identifiers (DIDs) by W3C?
#8. Projects building decentralized digital identity solutions?
#9. What to expect for decentralized digital identities in the future?

#1. What is a decentralized identity?

Let's start with the fact that decentralized identity is a pretty broad term. Specifically, it aims to give authority over personal data back to the individuals to whom it belongs. You alone can decide what to do with your data or with whom you share personal information. A blockchain-based decentralized identity even empowers you to monetize your data if you choose to.

For example, Coca Cola wants to access information about a particular person to create targeted advertisement. Within traditional advertising, marketers try to collect personal information from potential clients. Contrary, using blockchain-based decentralized identity, the user can decide if they want to share their data or not. If they do so, a price can be set for Coca Cola to access the required data. In other words, we are replacing the marketers who collect and sell our information.

The most important benefit that decentralized identity will bring is that it will lead to a reduction in large scale data breaches. Companies don’t have to design secure mechanisms to store and handle user data. Now, user data can only be accessed from the user itself, removing most user data storage needs, and so, reducing the impact of data breaches on users.

You see, with a decentralized identity, the person to whom the data belongs is the sole authority to decide over how the information would be shared and used. But do you know who owns most of the personal data today? It's the corporations and not the individual to whom the data belongs. With a decentralized identity system in place, ownership of data is rightfully placed back in the hands of the individual to whom it belongs.

With a decentralized identity system in place, ownership of data is rightfully placed back in the hands of the individual to whom it belongs.

#2. Why do we need decentralized identities?

There are three key issues that decentralized identities will help tackle inaccessibility, data insecurity, and fraudulent identities. It’s estimated that around 1.1 billion people do not have any proof of identity.

1.1 billion people are not able to formally prove their identity! - WorldBank.org

Then there is the issue of data insecurity. Do you know that in 2018, 2.8 billion consumer records were exposed through data breaches resulting in an estimated cost of more than $654 billion? With increasing digitization in the world, the instances of data breaches and hacks are growing too. 

People are using many different passwords and user IDs across multiple digital platforms. Even though Single Sign-On (SSO) authentication is on the rise, people are still using many different passwords and user IDs across multiple digital platforms. On top of that, the link between offline and online identities is quite weak, resulting in an increase in fake identities and fraudulent activities.

#3. Why would you use a centralized credential system?

In the dark web, online bank account passwords are sold for $160.15 on average. This was published on NBC News Report in 2018. You can understand from this just how valuable the millions of records stored with a centralized credential system can be on the dark web. It’s why these centralized records are prime targets of unscrupulous elements.

One of the most infamous corporate data breaches happened in 2017. The Equifax data breach exposed the personal data of more than 147 million people. Even Facebook got embroiled in the Cambridge Analytica scandal in 2018. The FBI held Facebook accountable as they weren't able to safeguard the profiles of 87 million users. Such instances prove that we cannot trust the centralized credential systems to keep our personal data safe. 

Add the fact that companies buy & sell our data in order to target us with manipulative ad campaigns.

#4. Why does an identity matter? 

Over a billion people lack any proof of identity today, and this is an undeniable truth. Most of the countries in the developed parts of the world consider sovereign identity as an integral part of human rights. 

Even the United Nations identifies “preservation of identity,” as a fundamental right of a child (Article 8 of the United Nation's Convention of Rights of the Child). It is because, once the child attains adulthood, it will become very difficult to get voting rights, gain employment, open a bank account, among many other things. 

Without identity proof, a person can’t access banking services, gain employment, or receive voting rights.


#5. What about Europe’s General Data Protection Regulation (GDPR) standard?

There are several issues with the General Protection Regulation Standard of Europe. But for the sake of the topic, we will limit our discussion to the issues related to identity theft and online fraud. 

There's no doubt that GDPR, indeed, gives the right to control personal data through user requests. At the same time, it doesn't have any provisions for user authentication. Thus, hackers and identity thieves can take advantage of this loophole to steal data. To comply with GDPR, companies are maintaining data pools. These data pools are becoming a high-value target among cybercriminals. You can see that GDPR has led to the rise of new problems related to identity theft and online fraud. 

Recommended reading: Why GDPR Is Still Creating Problems in the Enterprise by David Roe

#6. Challenges of implementing a blockchain-based identity system?

(Source: Screenshot of “success factors and challenges of blockchain ID systems by KuppingerCole.com)

Of course, a blockchain-based identity system is not a utopian system that comes without any challenges. It, too, has a fair number of challenges to solve. We will look at some prominent questions that come to mind when talking about the challenges related to blockchain-based identity solutions. 

Challenge 1: What would be the role of GDPR in these blockchain-based identity systems?

Challenge 2: What exactly would the node operators do in the blockchain-based identity system? Straightforwardly speaking, what would be their business model?

Challenge 3: Who will be governing the blockchain? Will a world government govern it? That would defeat the purpose of the blockchain-based identity system. 

Challenge 4: Current blockchain technology isn't yet capable of supporting ID transactions at a global level. 

Challenge 5: Watch out with metadata you upload as pseudonymity is one of the main issues in blockchain-based identity systems. Leaking little data over time can quickly reveal your identity.

#7. What are Decentralized Identifiers (DIDs) by W3C?

The existing identity management systems are based on centralized authorities like domain name registries or certificate authorities and each of these centralized authorities serves as its own root of trust. An easy example of this is passports generated by governments and ruled by a system that allows you to use them as identification anywhere you go.

As Metadium explains, “Blockchain provides the opportunity to use a decentralized identity management where entities are free to use any shared root of trust. In this system, entities are identified by decentralized identifiers, or DIDs, and authenticated via proofs (e.g., digital signatures, privacy-preserving biometric protocols, etc.).”

For this reason, the W3C has been working hard on designing their DID specification. The W3C design enables the controller of a DID to prove control over it without requiring permission from any other party.

So, which other projects are actively building decentralized identity solutions?

#8. Projects building decentralized digital identity solutions?

Let’s take a look at projects actively building digital identity solutions. Allow me to introduce the following projects.

  • Selfkey
  • Blockstack
  • Nexus
  • Ontology

SelfKey - The project has been around since January 2018, reaching its ‘Public Sale Max Cap’ of $22 million in a matter of 11 minutes. Selfkey has set out on a mission to empower individuals to truly own, control, and manage their personal data.

To fulfill this mission, Selfkey has developed a non-custodial wallet that gives you full control over your data, but also documents and any type of digital asset. First of all, the wallet allows you to manage your identity like updating your personal details, such as your address.

Recently, the project has launched an interesting use case where you can start a new business and get the documents notarized through the SelfKey Marketplace. This marketplace ensures greater transparency over documentation requirements, costs, and the total processing time. Further, this allows you to apply for an international bank account through the SelfKey wallet. You can upload your KYC-related documents with a single click from the wallet. SelfKey has perhaps the most advanced marketplace of the projects listed here. 

SelfKey has perhaps the most interesting token economy of all the projects here, since they propose to have users back their identity credentials with KEY tokens. If the credential is valid, then the user can earn additional tokens against this credential, a form of staking. If the identity turns out to be invalid, then the user would lose their stake. In this way, they are really battling identity theft and creating a token economy at the same time. SelfKey also has proposed to their community a governance token called LOCK, that the community seems excited about. 

In short, SelfKey aims to build a decentralized digital identity ecosystem that you can access through the SelfKey wallet.

Blockstack - First of all, Blockstack brands itself as an open-source and developer-friendly network for building decentralized apps and smart contracts. Besides this strong focus on building DApps, Bockstack runs a name registry in a decentralized way, called onename. This name registry is built around user IDs that only the individual owner has access to. The main purpose of Blockstack’s ID system is for other people to verify a person's identity or personal information. All user data is stored encrypted on the Bitcoin blockchain and this allows for other users to verify if the information they have about a certain person is correct, creating trust.

Nexus - Nexus is designed as a seven-layered software stack. Built to verify the authenticity of data, rather than to compute it, the register-based process virtual machine innately performs many useful actions through a set of pre-configured operation codes on data stored as registers. This seven-layered stack comes wrapped as a virtual machine, looking to replace the traditional OSI model created for Web 2.0.

This virtual machine has been designed as a verification system instead of a computation engine. Nexus noticed that most projects who build on Ethereum do not require the EVMs Turing completeness. Therefore, Nexus identified that people need blockchain technology that mimics real-world actions between them. To support this blockchainification of real-world actions, the Nexus software stack comes with an immutable data layer composed of Signature Chains for user-level states, that manages data rights and ownership. On top of signature chains, users can define conditions (contracts) that define when and how data should be transferred based on real-world actions.

Ontology - Lastly, the project brands itself as a blockchain for self-sovereign identity and data. The Ontology blockchain has been equipped with a suite of decentralized identity and data sharing protocols to enhance speed, security, but also trust.

Just as Blockstack, Ontology comes with its ID system called ONT ID. This is a mobile digital ID application and builds on top of the popular DID specification created by W3C. The ONT ID allows for trustless data and asset exchange between blockchain identities. In other words, they have a similar mission to Nexus.

#9. What to expect for decentralized digital identities in the future?

The current direction at which the world is moving, we can expect digitization to spread rapidly around the globe. Eventually, every human being will have a decentralized digital identity. To mitigate the risks arising from global scale digitization, the world will move to adopt a single Digital ID. It will help people navigate the ever increasingly connected world. They won't need multiple IDs and passwords anymore. The only thing that they will need to access the connected world is their username, password, and PIN. That's it! 

Remove the concept of passport and embrace a global decentralized digital ID system.

Digital IDs will ease many important activities in life. Anyone with a decentralized digital ID would be able to use this single identity to access multiple services online, cross international borders without the need for multiple documents, among many other things. The great thing about this is that one's privacy won't be at risk anymore. 

In the long run, we can expect a great degree of change in how people verify, share, and manage their personal information. Furthermore, this would spark a monumental shift in the way that businesses operate. The world may see a new norm when it comes to personal data. There will be lots of challenges ahead that will play an important role in shaping our journey. If we pull it off well, we will see a digital utopia in the future. 

Further reads?

  1. Blockchain in Digital Identity by Consensys
  2. 9 Digital Identity Trends That Will Make or Break Businesses
  3. How Organizations Can Build Trust And Security Through Digital Identities