Murphy’s law states: “Anything that can go wrong will go wrong.” It always happens with centralized services. A year ago, we saw how half a million Facebook accounts were leaked online, exposing personal data. We will see it many times more with other services. The recent Twitter hack underscores this once again. The accounts of Elon Musk, Bill Gates, Jeff Bezos, Kanye West, Kim Kardashian, Mike Bloomberg, Joe Biden, Barack Obama, among others, were hacked to push a fraudulent offer with Bitcoin (BTC).
Writing for the BBC, cybersecurity commentator Joe Tidy opined: “The fact that so many different users have been compromised at the same time implies that this is a problem with Twitter’s platform itself.” All accounts were vulnerable; it was just a matter of choice for the hackers: Using celebrities is better to “endorse” scams.
The problem is that even if Twitter or any other service with similar architecture continues building the cybersecurity walls around its system, it will become more complicated and expensive, but not safer. The current paradigm of centralized services cannot offer a safer solution for users’ authentication.
I have recently written about new technologies that could protect data and digital identity, using the example of Australia and the European experience and how public key certificates could be protected with blockchain technology against distributed denial-of-service and man-in-the-middle attacks. Although my analysis was quite technical and thorough, perhaps it would be better to take a step back and comb through some general yet pertinent details that may enhance data protection.
Here is some terminology for you to use when asking your service provider, your online store or your government about whether they are protecting your personal data:
- Decentralized identifiers, or DIDs, is a general framework by W3C with various methods to create and manage personal identifiers in a decentralized way. In other words, developers of online services do not need to create something new if they want to use the potential of decentralized technologies. They can utilize these methods and protocols.
- Selective disclosure protocol, or SDP, which was presented last year at the EOS Hackathon by Vareger co-founder Mykhailo Tiutin and his team, is a decentralized method for storing personal data (using DIDs) with cryptographic protection on a blockchain. With SDP, the user can disclose carefully selected pieces of information in any particular transaction.
- Self-sovereign identity, or SSI, is a concept that, in simple terms, allows users to be the sovereign owners of their personal data and identity, not third-parties. It implies that you can store personal data on your device, not on Twitter’s or anyone else’s server. To illustrate the power of the SSI concept, think about this statement: It is easier to hack one centralized system storing millions of accounts than to hack millions of personal devices. But the issue is much…