DREP Institute | Insights from the Twitter hack to the development of DREP DID
The recent Twitter hack shocked the world with accounts of Elon Musk, Bill Gates, Jeff Bezos, Kanye West, etc. posting a scam BTC deposit address. We keep asking ourselves why, with centralized systems becoming more complex and sophisticated each day, they seem not to be any safer. The solutions must lie in blockchain technology like DID, which creates and manages your information in a decentralized way.
Twitter is famous for suspending accounts with “abnormal activities”, yet with so much money and resources invested, it’s still a matter of time before hackers take advantage of breaches. The mainstream centralized systems fail to provide a more secure model for customer protection.
The infrastructure of DID
The advent of blockchain to use a tamper proof DLT is a great social experiment in creating a mutual trust cooperation, which culminates in the development of Decentralized ID. A DID is the most important part that eliminates the power that be in ensuring fair business practices. It has the potential to be more efficient than any authority.
DREP works to improve community standards for interoperability in blockchain-based identity systems. With the DREP DID, users from different “multiverses” are connected through blockchain accounts, allowing seamless access. This is what initially powers DREP Super Dapps, but DREP has an even larger goal.
Cryptographic Solutions
Suppose Joe creates his key pairs. The private key encodes the information by an electronic signature; the public key decodes it. The pubkey is then called to test if Joe actually has the right to perform certain actions on the blockchain.
To safeguard the private key, Joe saves it on a trusted PC or phone with password, encrypted by second authentication factor, or even a physical wallet. For ease of use, the simplified address is a hashed form of the public key which Joe presents to others in daily trades and transactions.
Tips: Some argue that tighter security measures can be taken on a centralized platform. However, on a centralized platform, the business controls your assets for you and takes action on your behalf. Many exchanges defaulted and vanished with users’ assets. Thus, the security offered by cryptographic proof should still be the target for future development.
DID users can have self-sovereignty and exert a level of control hitherto impossible. It is what blockchain is all about; a plan B when centralized traditional banks fail us by quantitative easing. DID is encouraging people to fight against financial censorship.
DREP applies decentralized key memory repositing to secure your information. The correlating zero-knowledge proofs are saved as verifiable certificates in the DID file to ensure that private data is not compromised.
DREP DID becomes the hub that connects different projects and goes one step further to include centralized systems. It deals with the common shortcomings of internet identification, enabling people to fully take advantage of blockchain services.
The application and goal of DID
Universal Proof of Identity
We voluntarily submit our sensitive information to centralized authorities for the sake of “convenience”. However, the Twitter catastrophe taught us a valuable lesson; not only could not central party protect us, it actually increased the risk by putting everything in one nest, like a gold mine or bank vault waiting to be ransacked. Even worse, the malicious attackers could be the custodians themselves.
Tips: With DREP DID, things become incredibly different. Twitter’s servers could be DDos attacked. If that happens, validating identification turns into practically impossible. The confusion will likely enable scammers to forfeit user ID. DREP DID, on the other hand, can allow users to link their own virtual identity. For instance, if Joe is a DID owner, and Joi is a decentralized verification service provider. Joe will go to Joi and try to obtain a certificate. If everything goes well, Joi will publish the authentication results and broadcast them to the whole blockchain. Here the authentication will not take the form of a bulky and cumbersome physical document, but a tamper proof file that is preserved everywhere around the world. The imprinted message is “Joe’s claim and title have been authenticated.” The Twitter staff would have uploaded all the information to their “encrypted” storage server. It is common that servers stop running during downtime or DDoS attacks. In the meantime Joi can have difficulty performing her task. The issue then will be further compounded when Twitter succumbs to a social engineering phishing attack like in real life. No user on Twitter can verify if those influential accounts’ posts are genuine or not, leaving the door wide open for identity forgers. But with DREP DID installed to be the information keeper, the above breach would not happen.
In addition, the closed loop logic of Twitter, or FB, or Google, or any other internet giants meant probably the main weak point of the current model is data cannot be shared across platforms, obstructing economies of scale. DREP DID completely solves the problem of traditional platforms. Based on DREP DID, users can seamlessly manage transactions between accounts on different platforms through cross-chain interoperability. Here, the integration of assets and data cut through the seemingly insurmountable walls of different internet ecosystems. An open ecology is then achievable without changing the essential features.
Use Case
Again, suppose Joe now grasps fully the great potential of DREP DID and intends to use it for identity authentication in place of centralized servers. He can borrow/lend money and start a business. He can also make company address and email public so people can visit him. The blockchain is always a better choice considering the ever growing number of social engineering hacks. Attackers may have access to administrator account and mislead followers to scam sites. Blockchain would make life much harder for them.
An even more significant use case takes root in the ability of DREP DID to transcend the boundary or life cycle of social networking services. For instance, Twitter has the power to ban any accounts it deems “in violation of certain community rules”, which are less than transparent at best. If your account gets suspended in any of the SNS platforms, you may lose your online identity altogether. DID fosters a concept that, in short, grants the user independent access to their sensitive data. It allows you to secure your account locally, not uploading it to the public cloud. In addition to safeguarding privacy, DREP DID also has the inadvertent advantage of hack resistence. It’s simpler to break the shell of a single server hosting numerous accounts than breaking, one by one, all the individual devices. The problem of identity theft can be uprooted as DREP DID targets the lack of oversight in preventing corporations from misuse and manipulation of data. Certainly, we have been closely monitored without our knowledge.
The blockchain industry is still in the initial phase of exploring the idea of decentralized identification and its legal concerns. There is a long and winding path ahead of DREP. The DREP Foundation will improve technical structures according to our revenue models, because we look forward to providing docking and various other kinds of services to our strategic partners over the next few years. The next stage is creating a scientific organization and starting validation and registration applications. Due diligence is necessary. The people deserve to understand that online security is not guaranteed but something that is constantly manipulated by large corporations. DREP will change the industry’s mindset about improving security and interoperability, and our users deserve them all.
