Digital Identity and Blockchain Technology: Disruption
Everything you need to know about the disruptive power of blockchain-based digital identities
Table of Contents
What is identity?
An identity is what makes you unique through distinctive characteristics.
These characteristics can be divided in:
- physical characteristics (fingerprint, eye color, height)
- social characteristics (marital status, birth of date, name)
- secondary social characteristics (relationships, hobbies, behaviour)
By the combination of different characteristics you can clearly distinguish yourself from others. In the real world, your identity can be proven by official documents, such as ID card or passport, or other documents that are issued by trustworthy institutions (think your diploma from a university).
The World Economic Forum defines identity as follows:
Who a person or organization fundamentally is — a combination of attributes, belief, personal/organizational history and behaviour that together constitute a holistic definition of the individual or organizational self.
Every seventh human is “invisible”
The fact that you own a passport and can use it to identify yourself is quite natural to us. This does not apply to around 1.1 billion people in the world, which don’t own an official proof of their identity. These “invisible” people are not able to open up a bank account, they can’t use health services and can’t vote.
What is a digital identity?
Just like in the analog world (meatspace) we have to identify ourselves in the digital world. However, that is easier said than done. You can’t just pass over your ID card to someone else in the digital space. That’s why distinctive identity attributes that can be digitized are used for digital identification. Your fingerprint or iris for example. These biometrics constitute your “core” digital identity.
But a digital identity is much more than just your digitized fingerprint, just as your real identity is more than your ID card. Your friends on Facebook, the YouTube videos you watched, your last online shopping session: Everything you disclose in the digital realm forms your digital identity. Even if you’re not aware of it.
Your digital attributes in combination with your online activity make up your digital identity. The more data you share, the more active you are on a digital platform, the more detailed your digital identity becomes.
If you want to know more about the evolution of digital identities, click here.
What’s the issue with digital identity?
To be precise, there isn’t a single issue. Rather, digital identities have evolved arbitrarily since the beginning of the web and an inscrutable and complex mesh of isolated and fragmented data silos emerged over time. The silos contain millions of digital identities and are mostly controlled by private companies. This comes along with serious risks and weaknesses:
Centralized & fragmented
Centralized in this context doesn’t mean that there is a single source of digital identities. It means that your digital identity is stored by third parties and made available to you. What kind of services you can use your digital identity for is determined by the third party. They can also revoke your digital identity at any given time.
For you as the user this means that you can’t use your digital identity outside of the third party’s platform or service. In general, you can’t use your Facebook login credentials to log in to your email account. For each online service, you have to re-enter your information and remember a username and password to access this one isolated digital identity.
Insecure
It would be most beneficial to create a unique password for each account in order to protect your digital identity. This is far from reality, as every Internet user knows. In fact, many people use the same password for up to five different online services. Weak and repeated passwords are the main reason for digital identity theft.
Furthermore, millions of data records are stored in central databases by private companies. If a hacker compromises such a database, he has access to an incredible amount of sensitive data. All it takes is one successful attack. These targets are called honeypots — a pot full of valuable, private digital identities. Through no fault of your own, your personal information falls into the hands of hackers. Even a randomized, incredibly long password can’t change that.
This is exactly what happened in the recent Twitter scandal: The attackers didn’t compromise the users’ passwords. Rather, they gained access to an administrative tool through a Twitter employee (these types of cyber attacks, which target explicitly people within a system, are called social engineering attacks). Afterwards, it was easy for the attackers to access the accounts.
Unauthorized access to your digital identity as well as the disclosure of your data is another long-standing security issue. Data misuse incidents occur because your data is stored by third parties. Usually, you don’t have a say in what happens to your information — most of the time you aren’t even informed about the misuse of your personal data.
Dependent
What also comes along with the central storage of your digital identity is a strong dependence to the third party. You can lose access to your digital identity, it can get banned or even deleted. This was less problematic back then when the Internet was only used for sharing information.
As the Internet is constantly gaining in economic importance, the situation has changed completely: YouTuber, Instagram influencer, streamer, people who sell their products on Amazon — they all are highly dependent on the platform provider. Losing access to their digital identity can have far-reaching and very real consequences.
This dependency can be seen clearly in the example of the video platform, Tik Tok. Its’ US business is either going to be shut down or sold to another US company. If it’s going to be shut down, all Tik Tok influencers in the US are going to lose access to their digital identity and thus their source of income from Tik Tok. (Even if this is a politically motivated action, it makes no difference to the influencers.)
What’s blockchain technology?
Blockchain technology is a tamper-proof and decentralized data structure, which stores transactions in chronological order, resistant and without a central authority. Blockchain technology is a special type of distributed ledger technology (DLT).
Let’s put it in a more figurative way:
Imagine an endless book. All participants of a decentralized network can enter something into the book and receive a copy of the book. The copy is then matched between the participants so that everyone has an identical copy of the book.
Participants are called nodes. They validate transactions in the network and agree on a common status quo of the distributed book. The Ethereum network, for example, is an open network, everyone can participate. A common misconception: You need high-quality and technical know how to run a node. As a matter of fact, you can already support Ethereum with a standard laptop. Even smartphones with sufficient storage capacity can run a node.
If all participants agree on the book’s status quo, all entries are finalized and can’t be altered afterwards. Since everyone agreed on a common status, the entries are authentic and transparent.
What’s special about it is that all participants are able to make entries and vote for the book’s status. There is not a single participant who has the exclusive right to make entries or who can decide what copy is true or wrong.
What’s so special about blockchain technology?
There are several aspects, which make blockchain technology revolutionary:
Decentral
Blockchain technology is a decentralized technology. No intermediary (central authority) is needed to update the book or to make new entries. A blockchain network is administered by equal participants autonomously.
Immutable
As described above, all participants match their copies. This is called a consensus mechanism. In the bitcoin network, the agreement on an updated status is done approximately every 10 minutes. The newest entries are “anchored” in the book by means of a mathematical one-way function: Subsequent changes in the blockchain are not possible, preventing manipulation and offering a repository of authentic data.
Secure
A blockchain doesn’t store its entries on a central database. They can be found on every participant’s computer. Thus, no honeypots exist, which could possibly attract malicious actors. Classic server-based networks suffer from a single point of failure, in which a single attack can cripple the whole network. For a blockchain network there is no single point of failure.
Now you might ask yourself: If every participant in the network holds a copy of all data, they can also see my personal data. That’s not very smart!
Right, that wouldn’t be smart. That’s why it should be avoided to enter personal data directly onto the blockchain. There are ways to bypass this: Rather than storing sensitive data, only encrypted information is stored. This encryption helps maintain data privacy, while still proving that the actual data has not been tampered with. This sounds complicated and it definitely is. But even if you are not a cryptography expert, it is good to understand that no personal data finds its way onto a blockchain without being encrypted.
What’s going to change with blockchain-based digital identities?
Using blockchain technology to store personal information can solve long-standing problems with digital identity management, while also offering additional benefits. Now, we are able to store data transparently, constantly, tamper-proof and without a central authority. Ideal for your digital identity!
Security
As we know, central storage places are lucrative targets for hackers. With a decentralized network, we can get rid of these targets. Therefore, there would be no data scandals in which countless personal data records would be stolen.
For an attacker to compromise your blockchain-based digital identity, he has to disturb the whole network or manipulate every single copy in the network. This is extremely unlikely in mature networks with a large number of participants.
The Ethereum network is considered to be the most advanced open blockchain network. There are more than 8.500 (last checked August 2020) nodes from all over the world supporting the network.
The issue of data misuse can be solved as well. Without a central authority, there is no one who can just access your digital identity. With a blockchain-based digital identity, you are able to store your personal information independently. You are no longer forced to hand over your data to a third party. However, this also means that you have to take more responsibility for securely managing your digital identity.
Common blockchain networks use public key infrastructure to ensure a secure and trustworthy exchange of information. You own two cryptographic keys: the public key, which can be seen as a username (others can know your public key), and the private key, which corresponds to a password (others should never know your private key). If someone knows your private key, he has access to your digital identity. The problem is that if you lose your private key, there is no one who could offer you a “recover private key” function. It’s a double-edged sword: on the one hand, you profit from more digital independence, while on the other hand you have to accept more individual responsibility.
Independence
The reliability of a digital identity is just as good as the provider of the identity.
Unfortunately, this statement is still valid. But this is going to change with blockchain-based digital identities. We’ll see a fundamental change in digital balance of power in favour of the users. You could become your very own identity provider. Keyword: digital sovereignty. There won’t be a central authority that can arbitrarily decide to revoke your digital identity!
Another benefit for users is that a digital identity is no longer bound to a single platform or service. You could, so to speak, wrap up your digital identity and take it with you to the next online service. This eliminates the need for repeated logins and allows for simple digital identifications. Top of the line: You can decide what kind of data you want to disclose.
Indisputable digital trust
Blockchain technology can potentially create a trust anchor in the digital world. It’s a source of tamper-proof information which can be repeatedly used for digital identification of people, organizations and things. No one is able to corrupt the data. Even parties that have nothing to do with the blockchain network can trust the data’s authenticity.
That’s the biggest promise of blockchain technology: You don’t have to trust humans anymore, but technology which is secured by cryptography and open source standards. A paradigm shift for our digital lives.
Self-sovereign identity
With the advent of blockchain technology, smartphones and cryptography, a new concept for digital identities emerged: self-sovereign identity (SSI).
Basically, it states that you can store and organize your personal information independently from other authorities or identity providers. You are free to decide what information you want to share and to what extent.
With SSI, users retain unlimited data sovereignty:
- Decentralized and tamper-proof storage with blockchain technology
- accessible via smartphone (also used for sharing and organizing)
- secured by cryptographic functions
A promising concept, which could change many one-sided dependencies in the digital realm. You can find an extensive guide on SSI in this article.
We at Blockchain HELIX have developed a SSI app — helix id. The blockchain-based solution hands you back control over your personal information. In future, you will be able to use your digital identity conveniently for online services or products — without putting your data at risk. For more information visit https://helixid.io
If you want to stay updated on what we are doing and helix id, you can follow our blog and Instagram. Also, you will get insights on the topics of digital identity and blockchain technology.
