The Importance of Privacy and Decentralized Identity. You are your data.
Imagine if everyone knew everything about you at all times, even what you think, wouldn’t you be very vulnerable? Of course you would.
You are your data.
Preserving information about yourself is not a crime, nor does it originate from any criminal act, but simply provides you with security.
You cannot be secure if you do not have privacy. Privacy is part of security, but it is not the only component.
Anonymity is not privacy, it is hiding identity. Identity is directly related to privacy. Anonymity is the opposite of identification.
Anonymity and privacy are often confused, considering that anonymity is total privacy, but this is not so, since anonymity is absence of identity and without it privacy is not possible.
In other words, for there to be privacy there must be identity. Privacy is reserving information of that identity.
Privacy is the personal decision to reveal one’s own data selectively to others. Each individual decides what he wants others to know about him. This decision is respected as a right based on the protection of personal data in most Western countries, but lately regulators seem to want to change it, limiting its scope.
You don’t go through life talking about your finances with everyone you meet, well, you shouldn’t, and if you do, it is imperative that you change your attitude.
In everyday life it is important to be clear about these concepts, just as it is in computing. It turns out that today computers are part of everyday life, but many people do not assume it. Your passwords, your Internet browsing, your social networks, among other metadata, contain sensitive information that you must protect, with privacy and security tools, (which you now know are different). In some cases anonymity would be advisable.
Although there are laws that oblige people to identify themselves in certain circumstances, for example taking a plane flight, entering a country’s borders, or buying a vehicle, privacy is still an individual right.
Nor should privacy be associated with criminal acts, since criminals prefer to operate in anonymity rather than privacy.
In everyday life, it is important to be clear about these concepts, just as it is in information technology. It turns out that IT is now part of everyday life. Many people don’t realize it.
Your passwords, your Internet browsing, your social networks, contain sensitive data that you must protect, with privacy and security tools, which you now know are different. In some cases anonymity is advisable.
Every year companies and governments around the world collect more and more data from people. The reasons are different, but the problem is the same, the violation of privacy that implies a reduction in security.
The storage of real identities in centralized databases poses a considerable risk for crypto-asset owners, since the leakage of information or its misuse can lead to risks to the security of funds and even to the lives of people who may be threatened or extorted.
The Crypto Industry and Privacy
The blockchain technology was designed on the basis of not needing trust to perform activity on the network, based on cryptography. It is precisely this concept that allows privacy, since it is not necessary to identify oneself with personal data in order to operate on the blockchain.
However, most blockchains allow the traceability of recorded transactions, which means that transactions recorded in their ledger can be tracked with full transparency of data, their execution date, their amounts, their source and destination addresses, and other metadata to be included. Cardano, like Bitcoin, are traceable blockchains.
While holders cannot be identified by native methods, as no personal data record is required to participate in the blockchain with a non-custodial wallet, which is why they are known as "pseudo-anonymous" blockchains, the user's identity can be linked to funds by alternative methods, usually arising from people's "carelessness."
The most common vulnerability that identifies holders in these pseudo-anonymous networks, is the sending of cryptocurrencies purchased on an exchange with KYC to a non-custodial proprietary wallet, and thus the entire transaction can be traced and the total amount of funds can be seen.
The problem is further aggravated in Cardano, because as it is Proof of Stake, with the staking key all the wallet addresses can be traced.
In Bitcoin there are several solutions to protect privacy, and one of the best is Samourai Wallet, which implements Stonewall technology, with which the application's metadata can be protected in order to prevent third parties from being able to identify the related wallets.
In Cardano, a team of developers had started to design a mixer protocol called Cardano Mixer, to obfuscate the traceability of ADAs, however the team decided to suspend its development to "avoid legal problems", after the sanction of Tornado Cash considering that it was used to launder money, and the arrest of a person as the alleged main developer of the protocol.
There are several privacy solutions already existing natively in the design, as in the blockchains Monero, Dash, Zcash among the best known.
But this type of protocols are not well regarded by government regulators, because they disable KYC (Know Your Customer) and AML (Anti Money Laundering) processes, which by law require institutions that trade cryptoassets, to require their customers to provide personal data, such as address, ID, passport or driver's license, with a selfie when opening an account.
One of the problems arises with the hacking of the servers of these information providers, which is more common than you think, and puts your security at risk.
So, what is the solution, a society with anonymity?
No, of course not, since we cannot live without identity, because that is what human relationships are all about, knowing who we are in order to understand each other.
Identity encompasses all the immutable traits that represent who we are, such as ethnicity, date of birth, and changing traits such as profession, residence, among others.
Decentralized identity allows us to own our data.
Decentralized Identity as a Privacy Solution
There are two elements that make up decentralized identity:
—the Digital Identity (DId), which is an online representation of assertions about the bearer of that data, and
—the Verifiable Credentials (VC), which represent these assertions in the digital world, similar to the physical documents we use today.
Entities, whether individuals or organizations, use these VCs to share information with other entities. This sharing of information presents two important questions regarding security, how secure is it to share identifying information with other entities, and who controls the data.
This is where self-sovereign identity (SSI) and DId come in.
SSI is a set of principles that involve having the undisputed authority to control the personal information you share with others.
The algorithms produce random strings of unique characters. When exchanged with a peer, DId creates a secure channel that allows two-way communication. Everything you did is effectively a pseudonym, and the user has complete control of their data, and who they share it with.
On the Cardano blockchain there is a development on digital identity called Atala PRISM.
Another technology that will surely be applied as a DId protocol will be Zero Knowledge Protocol (ZKP), the one used in ZCash.
A ZKP proof serves as an authentication method in which it is not necessary to reveal secrets to achieve the goal of proving that one has a certain secret information.
This is important because not sharing secrets means that secrets cannot be stolen.
The objective of this type of protocols is to prove that you know some secret or secrets to someone, without actually revealing that secret. The very term "zero knowledge" originates from the fact that no information is revealed. The essence of zero knowledge testing is that it is based on proving that one possesses knowledge of certain information without explicitly disclosing it.
Two parties are involved in this process; the "Prover" of the argument, and the "Verifier" of the argument. I will not delve into the technology, which is complex, I just mention the idea about it.
In this way, personal identity could be proven without revealing data that could be exploited or stolen, and you will still be able to own your data, because you are your data.