Decentralized Identity – Should you (really) own your identity?
Last night I woke with a start, sweating heavily. I dreamed that Facebook had contacted me to ask if they could sell Amazon some of the data I shared to create an account along with some behavioral insights from my activity throughout the years on Mark Zuckerberg’s platform. Yes, some of the data because I was actually given the choice of how I wanted to monetize my personal and digital activity information. That felt so empowering. Then reality hit me rather hard. I looked to the left and my girlfriend was sound asleep next to me. I looked to the right and my watch was indicating it was indeed the middle of the night.
A few hours later, while sipping my morning coffee, I gathered a few thoughts:
- I have no choice but to share many elements of my identity to interact and shop online, which, frankly, is unavoidable if you want to function in our modern day world,
- Currently, I cannot monetize my personal information with the online platforms that store my personal information,
- However, those same platforms do not hesitate to sell my data to whomever is willing to pay for it, and I never see a cent,
- My data is most likely stored unencrypted in highly vulnerable centralized repositories offering single points of failure (a common denominator in all data breaches since 2018…),
Ironically, the last bullet point actually makes the storing of my personal information one of their biggest liabilities.
To summarize, I am not able to monetize my own personal information, which is a really valuable asset. Also, by virtue of participation in modern day commercial interactions, I am forced to allow third parties to monetize…all the while knowing it’s at risk of being stolen at any moment. Actually, there is nothing I can do to prevent it all from happening. This truly feels dystopian, because at the end of the day isn’t data the key to everyone’s privacy and identity?
Decentralized identity in a nutshell
The alternative is called decentralized identity. By definition, decentralized identity enables you and me to maintain full control over our privacy, as well as decide how and what data we want to share. In other words, decentralized identity enables us to monetize our personal information ourselves, while eliminating the risk of large data breaches that infringe on our privacy.
Decentralized identity addresses five crucial points that on paper sound absolutely normal but, in reality, are never in effect. A user should:
- Be able to fully own his or her personal digital identity.
- Be able to monetize his or her own data.
- Be able to choose which data to share with other parties, and trust that their data is not sold to other parties without consent.
- Have the ability to isolate himself or herself from data breaches.
- Be able to revoke access to trusted third parties and have proof that it has been deleted from their servers.
The data that pertains to a user identity is stored encrypted in the blockchain. Blockchain technology actually offers unique characteristics that solve problems of trust and make it a great fit for identity solutions, because blockchain is immutable (once a data is written, it cannot be altered in any way), decentralized (no central authority controls the data, so there is no single point of failure or someone who can override a transaction) and the data is stored encrypted.
An example of decentralized identity use-case
Decentralized identity is already a reality. Passwordless authentication solutions that leverage the decentralized identity model allow users to share with consent just the information required to authenticate, so they can access a system or an application.
But let’s take a look at a very simple use case. To buy a bottle of wine at the store, you may sometimes be asked to show your driver’s license to prove you’re at least twenty-one, since your date of birth is verified on the government-issued document. However, the problem with showing this piece of identification is that it displays much more personal information than what is required to buy the wine. The person running the cash register doesn’t need to see your name nor your address, for example. It’s a privacy issue and potentially a security issue as well. With a decentralized identity-based solution, this is how the process would be handled: With a smartphone, the client would scan a QR code presented at the cash register. The client would then authenticate with biometrics and once the authentication successful, would receive a notification asking for his or her consent regarding sharing whether he or she is twenty-one. If approved, then a YES or NO message would get displayed on the cash register screen.
Stay awake… Mark 13:35-36
When asked about decentralized logins, Mark Zuckerberg said a fully distributed system raises the question of consent and how people can really know that they’re giving consent to an institution. He added, “In some ways, it’s a lot easier to regulate and hold accountable larger companies.” Because this Mark knows something about larger companies being held accountable…like Facebook, right?