GUEST ESSAY: A call to decentralize social identities — to curtail social media privacy abuses – Source: www.lastwatchdog.com

By Chris Were

Social media giants have long held too much power over our digital identities.

Related: Google, Facebook promote third-party snooping

Today, no one is immune to these giants’ vicious cycle of collecting personal data, selling it to advertisers, and manipulating users with data metrics. By making people feel like mere products- this exploitative digital environment further encourages a bubble of distrust amongst social media users.

With numerous incidents to cite, tech behemoths have time and again proven their inadequacy to securely handle their user’s digital identity and data.

In recent years, Meta (previously Facebook) has faced a number of fines for violating user privacy. In 2019, the company was ordered to pay a record-breaking $5 billion penalty by the Federal Trade Commission (FTC) for violating consumers’ privacy rights.

The fine was the largest ever imposed on a social media company for privacy violations. Last month, again, Meta was penalized for more than €1.2bn (£1bn) and ordered to suspend data transfers to the US by an Irish regulator for its handling of user information. This hefty penalty set a record for a breach of the EU’s general data protection regulations (GDPR).

But these incidents aren’t limited to only the giants like Facebook. Even newer social networking sites like Clubhouse have allegedly had trouble protecting data of millions of users in recent times.

That’s why there is a need for more comprehensive solutions addressing challenges of user control, privacy, and data security at their core.

Decentralizing identities

Decentralized identities are a newer approach that can help solve the issues at hand. A user can create their own decentralized identity that is controlled by a secret seed phrase and not reliant on a centralized platform for that identity to exist.

A user can then connect this decentralized identity to encrypted decentralized storage to store their personal data. The data gets distributed across multiple nodes as opposed to getting stored in a central database. This direct shift of centralized authority to a decentralized landscape has several unique and necessary advantages.

Were

Firstly, it enables individuals to take complete control over their data. Users can choose where their personal information should be used and rightfully have the power to revoke that access at any time. Secondly, it adds two critical layers of security, making it comparatively tricky for hackers to steal.

For instance, to hack decentralized end-to-end encrypted data, a hacker must compromise multiple nodes on the storage network to gain access to the data. They must also compromise the user’s mobile device to access their seed phrase or perform some other type of sophisticated social engineering hack to obtain the secret seed phrase directly from the users. These steps are incredibly labor-intensive and extremely difficult and at great cost.

This radically changes the “economics” of hacking to all but eliminate the likelihoodof stealing user data. A hacker must go through the time and effort to hack multiple systems and devices to obtain the secret data of one person, rather than compromising a single system to obtain the data of millions of users.

Thirdly, it can drastically enhance and improve the user experience. Take into account the tedious tasks of creating and managing usernames and passwords for different services across all platforms. This often tempts users to reuse their old credentials.

Decentralized identity allows users to use their decentralized ID for signing in across multiple platforms, providing a better user experience. Future enhancements to decentralized single sign on will provide cryptographic proofs relating to the application being connected to, eliminating many “phishing” type of attacks.

To power all this, interoperability plays a critical role in decentralized identity systems built on open standards, such as the DID-Core standard. It promotes cross-functionality between diverse systems and platforms, meaning users get to use their decentralized identities to access a wide range of applications without going through the trouble of creating a new account for each service. Building on this idea, decentralized social identities have a massive potential to reshape the social media landscape

Social media use case

By prioritizing user ownership, privacy, and interoperability – decentralized social identities change the way we interact online. Take, for instance, a scenario where a self-owned cryptographic identity puts the control back in the users’ hands, as opposed to being controlled by a centralized entity like Facebook or Twitter. Or think of a system where your social media accounts and email are certified by a blockchain-based decentralized social identity service for secure identity verification.

This transformation is driven by self-sovereignty and interoperability, which give users control over their data and allow them to own, manage, and use it across all web platforms – Users have a single, trusted source of digital identity, which changes how they build trust, establish themselves, and cultivate their reputation on social media.

With time, more and more user-centric initiatives like Verida are smartly pushing the boundaries of decentralized social media by adopting a privacy-by-design approach and offering a full-stack development framework to help create privacy-focused applications. With the user being an important link, it fundamentally changes the power dynamics seen in traditional social media platforms.

The good news is – these efforts are not just limited to decentralized social identities concerning social media. They work as a part of a broader vision of Web3-enabled applications, striving to make messaging, personal data storage, and single sign-in a commonplace occurrence.

Web2 to Web3

Notably, Web2 and Web3’s current landscape has stark fundamental differences. While Web2 is associated with sharing, Web3 emphasizes ownership. In the current iteration, Web2 users have tools (non-data-privacy compliant ) allowing them to display where they are sharing their activities and identity, but Web3, however, is yet to provide a robust solution to simply aggregate, share, and prove these existing social identities.

Solutions like Verida One allow users to import, verify, and link their Web2 identities and metadata to Web3 dApps. This bridge now paves the way for a user-controlled, privacy-focused social media landscape.

With the bitter experiences of history and promising technology of the future, changing the current social media landscape is a critical step to enhance the trust and security of our online interactions. However, it can only be achieved if you start reclaiming control over data and demanding better from companies that profit off users’ private information.

The time has come to reject the status quo and push for a future where privacy is considered a right and not a privilege. Every social media user’s agenda should be a revolution to hold tech giants accountable for their actions.

With newer transparent technologies hitting the market, users should feel more empowered to see an alternative way out.

About the essayist: Chris Were is CEO of Verida. The Australian based tech entrepreneur has spent more than 20 years developing innovative software solutions – most recently Verida, a decentralised, self-sovereign data network.

August 15th, 2023 | Guest Blog Post | Top Stories