Identity: the distinguishing character or personality of an individual
Although I can barely remember what it’s like to socialize in person, I do recall how wonderful it was to connect with friends and family, face-to-face. I’ve been thinking a lot about how we define our identity through those in-person interactions: Our character, mannerisms, and personal experiences—the things that make up our real-world identity. It is who we are, and we control how much of it to share, and with whom we share it. .
Then there is our online identity, which is not a representation of our true self, but rather our online activities. What websites we visit, who we message, what we ‘like’, what we purchase—this creates our online identity, and it is a commodity. It is the fuel that feeds big tech and ensures they make billions of dollars. Not only are they curating our online personas, but they are managing them as well. So when did we lose control of our online identity, and more importantly, how do we take it back?
How Online Identity was Born
When the world wide web went mainstream, it was truly the wild west. Remember Excite, Pets.com, and Webvan (RIP)? Silicon Valley cowboys were throwing everything at the wall to see what would stick, and only a few dot-coms survived the dot-bomb era.
Security was paper-thin. Malware was rife. Something as simple as an Excel attachment in an email could unleash a world of pain. It was the golden age for hackers.
Eventually, Internet executives started listening to security experts and realized that something as simple as a username and password could thwart security issues. Voila! Online identity was born.
While usernames and passwords seemed like a winning solution, they ultimately created a new set of problems. Hackers could still break into servers and steal usernames and passwords. Even worse, sometimes they didn’t need to break in at all. Hackers started pharming. Pharming redirects a legitimate website’s traffic to a fake website (built by hackers). By tricking users into signing into these fake sites, hackers are able to collect personal information such as banking details and credit card numbers.
It was clear that a better solution was needed.
The Single Sign-On Scheme
As the Internet became centralized, and a handful of companies began to dominate, a new method for online identity became popular. Single Sign-On (SSO) allowed users to log into “third party” sites using one central ID—usually managed by Facebook, Apple, Amazon, Microsoft, or Google.
At first glance, the benefits appeared enormous—SSO cut down on username and password management. It also protected user identity from untrusted or compromised sites since the bulk of websites don’t store user passwords.
Eventually, the security risks with SSO became evident. For instance—if your account is hacked, there is a chance that any linked accounts could be subject to an attack as well. SSO systems are like a castle, it doesn’t matter how deep the moat is—if hackers are determined to get into the castle, they will find a way to bypass the moat. A great example is what happened last year in the US federal government data breach.
As time went on, online identity became more than just about security—it became about metadata. That is to say “data about data”. Companies running SSO systems began using peoples’ online identities to track them around the Internet, build profiles, and catalogue every single thing they do.
What happens when hackers gain access to your Facebook identity? They don’t just have your password, they have your metadata too.
Decentralization is the Solution
As it turns out, the best way to protect your online identity is the same way we protect our real-world identity—by self-identification. Who we are in real life is defined by us and only us—so why should our online identity be defined by security or metadata? It shouldn’t.
The best, most secure way to manage our online identity is to make it self-sovereign. Enter decentralization. Decentralization removes the ‘middleman’ and ensures that your identity and your data remain in your control at all times and is never shared with third-party servers. If companies like Google, Facebook, and Twitter (to name a few) don’t have free rein with your data, they can’t create (or control) your online identity. Who you are consists of many identifiers (name, date of birth, etc.), and only you should have the authority to reveal those identifiers to another party.
So how do we create self-sovereign identities? In the coming weeks and months, we’ll be revealing the future of identity. We’ve created a solution that will put users in control of their digital identity and connections. Every human should feel secure and in control of their information when online. It’s time to take back the Internet, it’s time to take back our identity.
Get ready! What we are developing is a game-changer.