Throughout the years, technology has transformed the way we operate as humans in society. It brought great changes to the way we work, study, communicate, and interact with one another. Furthermore, it has made these things easier, faster, and more accessible than ever before. 

We’re headed towards a digitized future, where we learn more about state-of-the-art artificial intelligence. However, the more we learn about artificial intelligence, the more it learns about us.

In this article, we will firstly discuss artificial intelligence, what it is and how we can use it to navigate the digital world. Secondly, we’ll explore the benefits and drawbacks of artificial intelligence. Lastly and most importantly, we’ll elaborate on ways to use AI-powered proof of individuality methods to keep our community’s individuality, privacy, and digital identities safe.

Highlights

• Artificial Intelligence and Humanity
• AI-Powered Proof of Individuality
• How can AI-Powered Proof of Individuality benefit us?
• How does AI-Powered Proof of Individuality work?
• AI-Powered Proof of Individuality and Selfkey

Artificial Intelligence and Humanity

Humans versus technology

The advancement in technology for the past several decades has stirred a growing debate of humans versus artificial intelligence (AI). For instance, if AI begins to take over tasks which were traditionally associated with people, what are people left with? Their sense of humanity and individual identity. 

Digitalization has impacted every aspect of our lives, making it easier for us to perform our daily tasks. Because of this, we have more or less become dependent on technology in order to operate in the online world. 

Overall, the topic of AI is quite controversial. Throughout history, humans have been cautious about accepting new technologies since the dawn of the industrial age. While technology has undoubtedly brought significant improvements to our lives, an important question remains:

Will AI ultimately be beneficial or detrimental to our well-being in the long run?

We will examine the potential advantages and disadvantages of AI in the following sections.

The benefits of Artificial Intelligence

Despite the potential risks and challenges posed by AI, there is no denying that it brings many benefits and advantages for humanity. 

Technology has filled our lives with entertainment, efficiency, and enhanced accessibility by eliminating frustrating and time-consuming tasks. Not only that, but it has made performing our daily tasks considerably easier and it has opened doors to an incredible library of information.

Let’s briefly explore some of AI’s key benefits:

• Automation. Advanced technology can program AI to do tedious, repetitive mundane jobs, so that humans can focus on more complex and creative tasks.
• Efficiency. AI has the capability to analyze a large amount of data and find patterns and trends that might be hard for humans to see. This can help individuals make better decisions.

• Accesibility. Thanks to modern technology, individuals can benefit from applications that make working, studying, and communicating remotely much easier. 
• Accuracy. Under careful supervision, AI can perform tasks with high accuracy, reducing the risk of errors and improving performance tremendously.

The dark side of Artificial Intelligence

With AI progressing at incredible speeds, technology has raised concerns about privacy and security. One of the biggest concerns nowadays is the threat of AI stealing human identities. There has been an increase in data breaches and cyberattacks, which leads to a growing need for stronger security measures to protect our personal data.

Like any other innovation, AI undoubtedly has its drawbacks, which are often overshadowed by its benefits. Basically, AI systems are designed to learn and make decisions based on data. Therefore, if the data used to train these systems is biased or incomplete, it can lead to flawed decision-making. 

We can understand the dark side of AI once we examine some of its potential risks and negative impacts:

• In the wrong hands, AI systems can be used for malicious purposes, such as cyberattacks.
• Because of this, privacy and security are major concerns when it comes to AI.
• Data breaches could result in divulging sensitive data, leading to significant consequences, like loss of privacy.
• Hackers can make use of the leaked data to steal or forge individuals’ digital identities.
• AI can generate fake identities, which can be used to influence the decision-making or output of a system.

As AI systems continue to evolve, it becomes more and more difficult to predict their actions. Consequently, we cannot hold them accountable for their faulty behavior. 

What can we do, then?

Artificial intelligence is currently not a sentient being, it cannot make its own decisions. 

It can either be used for good purposes or for malicious purposes, depending on the intentions of the individuals behind it. And, while humans are not equipped with the accuracy and efficiency of state-of-the-art technology, we can use AI to fight against malicious AI.

Thankfully, there is a method which can verify an individual’s identity in a secure, efficient and highly accurate manner. 

AI-Powered Proof of Individuality

What is Proof of Individuality?

Proof of individuality (POI) is a protocol that supports the statement that every person is a distinct and unique individual. As a matter of fact, individuality is a core aspect of human existence. It refers to the one-of-a-kind set of characteristics, thoughts, emotions and perspectives that make each person different from one another. 

While digital identities can be stolen and sold, individuality is not something which, at the moment, can be duplicated. At this time, it represents our liveliness as real, tangible, mindful beings.

Identification in modern times

Identification is an important aspect of our lives. Above all, it is unique to each and every one of us, and it represents our liveliness. Therefore, as technology makes new, magnificent progress every day, AI-Powered proof of individuality has become an essential part of our daily existence. From accessing bank accounts to opening doors, AI-Powered proof of individuality has revolutionized the way we identify ourselves.

Some of the most common AI-Powered proof of individuality methods are:

• Fingerprints
• Facial recognition
• Iris scans

These biometric identification methods are highly accurate and reliable, making them the go-to method for identification in many industries.

How can AI-Powered Proof of Individuality benefit us?

Overall, AI-Powered proof of individuality has many advantages. Particularly:

• Speed
• Accuracy
• Remote identification

Speed

• The traditional methods of identification, such as presenting a physical paper for verification can cause delays.
• Ai-Powered proof of individuality methods are much quicker. For example, using a fingerprint scanner can take only a few seconds.
• As a result, Ai-Powered proof of individuality methods are efficient in situations where time is of the essence.

Accuracy

• Biometric methods such as facial recognition and iris scans are highly accurate.
• In such a case, the chance of false positives or false negatives is minimal.
• This level of accuracy is ideal for high-security situations, such as airport security or government buildings.

Remote identification

• AI-Powered proof of individuality made it possible to identify individuals remotely.
• With the use of online identification tools, individuals can verify the authenticity of each other’s identities.
• There is no need to meet in person anymore. Therefore, physical distance is no longer an obstacle.

How does AI-Powered Proof of Individuality work?

A brief description

AI-Powered proof of individuality uses artificial intelligence to verify an individual’s identity based on their biometric features and behavior. 

As mentioned previously, biometric features are fingerprints, facial recognition, or iris scans. 

Some of the behavior patterns this technology analyzes are:

• Typing speed and style. How a person types on a keyboard, how long they pause between keystrokes, and how hard they press the keys.
• Mouse movements. How a person moves the cursor on a screen, the direction and speed of their movements.
• Voice patterns. The way a person talks, their pitch, tone and accent.
• Smartphone usage. The way a person holds or uses their smartphone, the angle of how they hold their device, or how they swipe and tap on the screen.

All in the benefit of the individual

The idea that our devices check our behavior patterns might be anxiety-inducing. Without a doubt, it can be scary thinking how technology knows us better than we know ourselves. However, in this case, AI is programmed to keep our individuality safe from malicious, bad players.

This way, organizations can improve security and prevent identity fraud. Furthermore, AI-Powered proof of individuality is more convenient to access digital services without the need for passwords or tangible identification cards. Passwords can be forgotten, stolen, or compromised.

Consequently, AI-Powered proof of individuality has the potential to positively transform how we verify our identities in the digital age.

AI-Powered Proof of Individuality and Selfkey

ESelfKey aims to offer individuals a secure means of verifying their identity through AI-Powered proof of individuality methods. 

Guidelines for users:

1. The user will first have to perform a KYC check. KYC stands for Know Your Customer, and it is a mandatory process of identifying and verifying an individual’s identity. It is done to ensure that the user is genuinely who they claim to be.
2. The user will then obtain the ESelfKey iD SBT. SBT stands for Soulbound Tokens. They are non-transferrable, verifiable, digital tokens that can show an individual’s accreditations, work experience, work history, and past records.
3. After this, the user onboards to ESelfKey DAO. DAO stands for Decentralized Autonomous Organization. It is governed by a community of individuals on a decentralized blockchain network. The rules of a DAO are transparent to all members in order to create equality between users.

The part AI plays

After the user completes all of the steps above, ESelfKey will require an AI-Powered selfie check. This modern method of verifying an individual’s identity uses facial recognition technology.

For instance, here’s what happens during an AI-Powered selfie check:

• The user will take a selfie and submit it to an AI-Powered system.
• The AI-Powered system will check the photo against a vast collection of pre-verified images.
• The system will use algorithms to identify unique facial features, like: distance between the eyes, the shape of the jawline, the position of the nose.
• If the user passes the check, they will receive a POI (proof of identity) credential, which they can stake KEY on.
• If the user does not pass the check, they will not be allowed to continue.
• In the case of a false negative, the user will have the possibility to contact support.

These AI-Powered selfie checks will be made periodically, each time a user performs important actions within the ESelfKey DAO.

How does this benefit us?

This method is widely used by online platforms and organizations that require a high level of trust and security in their user authentication process. Firstly, it is a quick, convenient, and reliable method. Secondly, and most importantly, AI-powered checks will prevent identity fraud in the online world.

For instance, AI-Powered proof of individuality will efficiently and accurately check that:

• The user’s selfie is not forged by another individual.
• The user’s selfie is not AI-generated or fake.
• The user is a real person.
• The user’s selfie matches the original selfie they submitted during the KYC check.

Anti-Sybil technology

Did you know that there is a term for “identity fraud” in the digital world? In the context of online security and identity verification, “Sybil” refers to the act of creating multiple fake identities or accounts. 

A single, malicious individual or a group can do that, with the intention of manipulating or deceiving the system. Alarmingly, it can carry out spam attacks, manipulate voting in online polls for elections, even inflate the popularity of a website or social media.

Preventing Sybil attacks is a crucial challenge in the design of many online systems. Thankfully, SelfKey’s AI-Powered proof of individuality methods can fight against that.

Conclusions

Even though technology has posed challenges throughout the decades, it has an immense potential to make society better. AI-Powered Proof of Individuality has become a part of our daily lives, helping us identify ourselves in a quick and efficient manner. The advantages modern identification methods bring are undeniable. 

In spite of that, having concerns about privacy and security is normal, especially when it comes to our individuality. However, ESelfKey is aiming to developing methods to combat those who use cutting-edge technology for malicious purposes.

Finally, as technology continues to evolve, we can expect to see even more complex methods of identification in the future. But, it is vital to remember that we are supposed to use technology to enhance our lives, our work, rather than replace them. The solution is to find a balance between technology and humanity.

If you want to learn more about what the future brings, your online safety, and methods to combat bad players on the web, subscribe to the official ESelfKey blog! 

Stay up to date with ESelfKey on Discord, Telegram, and Subscribe to the official ESelfKey Newsletter to receive new information!

Note:

To the best of our knowledge, the information contained herein is accurate as of the date stated; however, the accuracy and completeness of the information are not guaranteed, and we disclaim any duty to update the information should circumstances change. You should not rely upon the information without conducting your own validation.

This communication is for informational purposes only and does not constitute an offer to sell, a solicitation to buy, or a recommendation for any digital asset, nor does it constitute an offer to provide investment advisory or other services. No reference to any specific digital asset constitutes a recommendation to buy, sell or hold such digital asset. Nothing here shall be considered a solicitation or offer to buy or sell any security, future, option or other financial instrument or to offer or provide any investment advice or service.

SELF and KEY tokens, SBTs, and NFTs associated with the ESelfKey ecosystem have no monetary value or utility outside of the ESelfKey ecosystem, are not ascribed any price or conversion ratio by ESelfKey and its affiliates, and do not represent ownership interests or confer any rights to profits or revenues. These tokens should not be purchased for speculative reasons or considered investments. By engaging with ESelfKey, you acknowledge and agree to the applicable terms and any associated risks. We recommend consulting with legal and financial professionals before participating in the ESelfKey ecosystem and related transactions.

This document may contain statements regarding future events based on current expectations. However, some risks and uncertainties could cause results to differ. The views expressed here were based on the information that may change if new information becomes available.

We use the "KYC" term here for general information purposes, without reference to particular legislation. Please check the laws relevant to you and contact us for the details.

Have you ever wondered what happens to your personal data once you share it with a website or an application? Have you thought about where your information is stored and who has access to it? Were you aware that data breaches happen daily and your information is at risk of being compromised at any time? 

This article touches upon a new technology which is currently being developed to help you manage your private information online. In the near future, you will no longer have to rely on other parties that might put your sensitive, valuable, or personal data in danger. 

We’ll be discussing the concept of self sovereign identity (SSID), how it works and how it impacts our daily lives as individuals operating in a digital world.

We will thoroughly cover the following topics:

• Online Safety
• How will Self Sovereign Identity improve our online activities?
• Self Sovereign Identity
• Issues with the current implementation of Self Sovereign Identity
• How can the current Self Sovereign Identity implementation be improved and scaled?
• The Trust Triangle
• Agents of The Trust Triangle
• Trust in the digital world
• The Three Pillars of Self Sovereign Identity
• Blockchains
• Decentralized Identifiers 
• Verifiable Credentials
• Zero Knowledge Proofs
• Conclusions

Online Safety

Digital revolution: both a blessing and a curse

In the past several decades, mankind has shown magnificent progress in computer science. So much so that society quickly became accustomed to using Information and Communication Technologies on a daily basis. Whether it is for recreational purposes, communication, work or education, mundane tasks are made significantly easier with the help of cutting-edge technology and wireless systems. 

Artificial Intelligence (AI) is capable of performing convenient assignments, such as reading, generating, integrating, and theorizing information. However, it is also heading dangerously fast towards mimicking a trait which, up until now, has been uniquely human: identity. 

When personal data is leaked, AI can potentially make use of that information to steal or forge human identities. Thankfully, the future will also bring ways to prevent that. A Self-Sovereign Identity solution is being developed to protect our data from being stolen and sold.

How safe is it really out there?

Using technology and having a digital presence has become so common nowadays that many people don’t think twice about the security of their personal information. 

Although they are within the safety of their homes, their data is still potentially visible to millions of users online. Among those millions, there are many individuals with bad intentions, who look for ways to use other people’s private data for their own personal benefit.

More often than not, however, it is entities that individuals are supposed to trust who end up selling or divulging their personal information to other parties. And those parties, whether willingly or not, will put that personal information at risk of being unlawfully used by bad players.

At the moment, unfortunately, people have come to depend on centralized systems in order to benefit from online services to perform their daily tasks. Without those online services, it would be impossible for individuals to function in the present day society. 

It is more of an obligation rather than a choice,and it has become so normal that we simply go with the flow. Otherwise, we will not be able to keep up with the fast-paced changes in the way we work, study, and communicate.

Our digital identities

Personally Identifiable Information (PII) belonging to individuals, firms or organizations is being stored online in the form of digital data. This collection of digital data is then used to build our digital identity.

A digital identity is used to facilitate access to services that make it easy for computers to efficiently mediate transactions between two or more individuals. The web provides us with a quick way of performing these transactions. However, it is not the safest place to store our private information. 

Data breaches happen on a daily basis without our knowledge. Through data breaches, important and valuable information can be stolen and sold, including our very own digital identities.

Ideally, individuals should be able to make use of the advanced, modern day technology without the risk of their private data ending up in the wrong hands. In order for that to happen, individuals need to have more control over how their information is stored and who has access to view or share it, at all times.

The illusion of choice

Nowadays, control seems less impactful on our lives, because the deception of freedom is given to us through choices. However, when access to necessary modern applications is being restricted unless personal data is consensually shared, choice becomes an illusion.

With the choice to opt in being enforced, people have grown used to accepting the privacy policies of applications without a second thought. These policies, that we barely even bother to read, do mention how data is shared with third parties. However, we cannot do anything but blindly trust that service providers will not abuse or mishandle our data.

At the moment there is only the illusion of consent, of trust, all in the detriment of the individual. Because of this deceitful way of forcing users to consent to their data being used, trust between individuals is becoming more and more difficult to establish.

SSID aims to dispel these illusions and bring authentic consent and trust to the mainstream.

Seeking safety in a digital world

Sadly, Big Tech often profits off of individuals at the expense of the latter’s safety, which may lead up to identity theft. 

Many users are unaware of the unlawful incidents happening underneath the brightly colored backgrounds of websites and applications as they perform their daily online tasks. Living under the impression that, as long as there is no malware alert on their devices, they have nothing to be concerned about. 

The alarming truth, however, is that security violations occur on a daily basis. These cumulative cyber attacks can potentially cause millions of dollars in damages to the individuals whose data was involved.

How will Self Sovereign Identity improve our online activities?

Fortunately, a solution to the above-mentioned risks is currently being developed by ESelfKey. It will be the sword and shield for individuals to function and perform transactions in the safest way possible. 

Self sovereign identity not only gives back the freedom of choice, but it also prevents this kind of disaster from happening. SSID users give access only to individuals that they wish to engage with. During this interaction, only a very limited amount of information is shared.

Therefore, sensitive, protected and important data is less likely to be sold to or shared with harmful individuals and organizations. Self sovereign identity was conceived to prevent data leakage in this sense. It gives users the power not only to manage and control, but also to protect what they deem valuable. 

Self Sovereign Identity

A brief introduction

Self sovereign identity (SSID) is a new way of managing digital identities, which aims to put individuals in control of how their accounts and private information are managed. With SSID, individuals have full ownership over their personal data. They no longer need to rely on centralized systems that might share their data with unknown parties for personal gain. 

Users can store their private information into their devices and present it for validation when it is specifically needed. This way, the risk of having their data compromised is considerably reduced. Individuals are in complete control over how their information is used and stored, at all times.

How self sovereign identity is currently being implemented

Once Self Sovereign Identity users store their private data on their devices, they can quickly take the opportunity to interact with trusted partners. In order to benefit from the services offered by these trusted partners, users need to accept the processing of their information by the partners. This is declared by the relying party once the user attempts to onboard into their services.

Issues with the current implementation of Self Sovereign Identity

Adoption and Convenience

At the moment, SSID users must store their data on their private device instead of the traditional central database. This method allows the users to have full control of their personal data. On the down side, the flow by which users interact with the system is less convenient than centralized alternatives. 

Storing data on one private device makes it difficult for it to be accessed by the user’s other devices. Individuals have to manually introduce their information into devices they want to use, which can become time consuming and frustrating.

Scalability

Currently, users can only exercise their self sovereign rights with partners within the SSID environment. More so, individuals need to trust that the parties they choose to interact  with will handle their personal data with respect to their privacy and store it securely.

How can the current Self Sovereign Identity implementation be improved and scaled?

Should we use Centralized Systems for convenience?

Centrally controlled systems are databases in which an individual’s digital identity is stored in one or more servers belonging to a centralized entity. Once personal data is stored in this type of server, an individual has no way of knowing who has access to it, who it is shared with, or where it ends up. 

When personal data is being shared with unknown, third parties, there is a high risk of unintentional information disclosure. This can lead to dire consequences like identity theft or secret information being disclosed to the public, stolen or sold. 

While centralized systems are not necessarily malicious, their security is weak, which leads to data leakage. With AI progressing alarmingly fast, this is a particularly serious concern. As a conclusion, centralized systems can not be used to improve the adoption and scalability of SSID solutions.

Are Decentralized Systems a better option?

On the polar opposite of centralized systems are decentralized systems. This type of system stores and verifies information in multiple computers that work together as nodes in a network, popularly known as a blockchain. 

By transferring the control from a centralized entity to a dispersed group, decentralized systems aim to reach a level of fairness among its users, without one individual having authority over the other. 

The way data is stored in a decentralized system makes it very difficult for malicious parties to manipulate it, because it is secured by the blockchain. A decentralized system is perfect for storing public and openly-accessible data, such as a record of transactions.

However, storing personally identifiable information (PII) in a decentralized system is highly unadvised, even if it is encrypted. PII can be anything from full name, phone number, full date of birth, full address, or credit card information.

Once data is made public, it can not be erased or changed, and it is openly accessible to anyone. Therefore, decentralized systems alone are not ideal for storing private information, due to inevitable and permanent loss of privacy. 

They are part of the solution, though, and we will discuss in the following sections.

Is there a solution to this dilemma, then?

At the moment, SelfKey is actively working on and is committed to delivering an ideal solution to increase the adoption of SSID, using cutting-edge technology. 

In the next segments we will thoroughly discuss ESelfKey’s proposed solution, which pertains to:

• The Trust Triangle
• The Three Pillars of self sovereign identity
• Zero Knowledge Proofs

The Trust Triangle

Presently, we are accustomed to the traditional “peer-to-peer” interactions between identity owners and verifiers. To better facilitate the goals of SSI, a three-party system is proposed. In this triangle, two individuals that want to interact securely can rely on a third party to issue and to confirm the authenticity of their credentials. 

For example:

• We have individual A and individual B, two entities who are about to make an exchange. B has obtained their verifiable credentials (personal data that can be checked for validity) from C, a third, neutral party. C is legally permitted to vouch for B’s authenticity. 
• B wants to make a purchase with A, but the services provided by A are age-restricted. Therefore, A must check with C if B legally qualifies to access that kind of service. 
• In this case, there is only one specific inquiry that must be clarified: whether B is a legal adult. That is the only information that C will validate with A.
• A does not have access to extra information that would otherwise be physically printed on an ID or a passport. This information can be name, full address, full date of birth, social security number, photos, etc. Basically, any identifier that B does not want to share with A or to divulge to the public.
• This also eliminates the risk of A, if potentially ill-intended, retaining private information from B. There is no visible data for A to read and memorize. There is only C’s confirmation that B qualifies (or not) to purchase a service from A, without giving out specific details.

This applies to any kind of identifier which is needed to validate interactions between persons or companies. The risk of personal data being visible to individuals outside of the trust triangle is eliminated this way. And even within the trust triangle, only the minimum, relevant information will be shown or confirmed.

Agents of The Trust Triangle

The issuer is the entity that releases verifiable credentials after verifying the claims given by the holder. 

• It is typically an institution, an organization or an individual who possesses the legal authority to verify and to vouch for the holder’s authenticity. 
• Examples of issuers are governmental institutions; universities, departments, companies, agencies, authorities, training institutions, etc. 
• The issuer is a neutral party whose role is only to validate a claim in a holder-verifier transaction.

The holder (data owner) is the individual, a person, a company or an organization who owns unique, personal data.

• The holder earns verifiable credentials after providing proof of authenticity to the issuer. 
• The data owner will use those verifiable credentials to prove authenticity before benefiting from various services, making purchases or transactions.

The verifier (relying party) is the entity which verifies a holder’s verifiable credentials.

• The relying party will need to verify only a specific piece of information. Only the bare minimum which is relevant to provide a service to the holder.
• The verifier checks if the holder’s data is issued by a competent and legally authorized issuer.
• The verifier makes sure that the holder’s data has not been tampered with, forged, expired or revoked. 

Trust in the digital world

What makes this triangle work is that the three parties are willing to trust one another. The element of trust is important, especially in a time where information forgery and theft happen quite frequently. But within a trust triangle, the user (or holder), has complete control over the management and visibility of their data.

As stated above, digital identities are the counterparts of physical identities that are verified through paper documents. The way trust works digitally is similar to the real, tangible world. However, the consequences of having personal information exposed to the public digitally are much greater. 

Having to trust a centralized database is more or less forced upon individuals. Otherwise they couldn’t benefit from services required to perform daily transactions, either for personal or professional gain. Within a trust triangle, SSID can facilitate these daily transactions without holders having to concede to “blind trust” and risking the safety of their personal data. 

The Three Pillars of Self Sovereign Identity

Within the trust-triangle framework, there are three main components, or “pillars”, that enable the realization of the ideal solution SSID is aiming to achieve:

• Blockchains
• Decentralized Identifiers
• Verifiable Credentials

Blockchains 

A blockchain is a ledger which is shared across thousands of computers around the world. These computers act like nodes within a network, storing and verifying information in a way that makes it nearly impossible to modify or cheat the system.

Within a blockchain, data is saved like a compilation of records, linked to one another. Each user has a copy of this collection, which makes it particularly difficult for hackers to unlawfully modify the information stored within. 

To enhance security, data is protected using complex cryptography which, at the moment, cannot be deciphered by malignant parties. The blockchain will provide the security layer necessary for users and relying parties to interact within the SSID framework. 

Decentralized Identifiers 

DIDs, for short, are the digital counterparts of physical documents, IDs, passports or licenses used to verify one’s identity.

What qualifies as an identifier is any kind of information that proves an individual’s identity and individuality. Traditionally, identifiers are issued and stored by centralized systems, such as governmental institutions and organizations.

Decentralized identifiers no longer depend on a central system to manage, issue, and store valuable, private information. They ensure that individuals are able to generate their own identifiers with the help of systems that they trust. Individuals can then use cryptographic proof, such as digital signatures, to authenticate their new identifiers as their own.

Decentralized identifiers are unique. They cannot be forged or stolen, because identity itself is unique and pertaining to only one individual. For example, a digital wallet address can be used as a decentralized identifier.

Verifiable Credentials 

Verifiable credentials are digital versions of physical, paper documents used by persons, businesses, and organizations to identify themselves. Individuals can also use them to prove that they are qualified to access a service or perform a transaction. 

Verifiable credentials are, but not limited to: digital birth certificates, digital education certificates, digital licenses, digital employee identification cards.

Verifiable credentials are issued in a tamper-evident manner that is respectful of the individual’s privacy. Bad players cannot make any unauthorized attempt to modify or forge digital documents without leaving evidence behind. This is something that a relying party will verify at each check.

In the physical world, a tamper-proof document would be sealed within multiple layers that are locked in a specific manner. If anyone attempts to open them, they cannot rearrange the layers in the original way. There is visible evidence that someone has unsealed and tampered with the document.

Using such a tamper-proof document, holders can present them to issuers and be verified immediately. This makes onboarding even more convenient than what centralized services offer nowadays.

But how do individuals make use of these credentials? We believe that the answer to that question lies within Zero Knowledge flows detailed below.

Zero Knowledge

In the current context, the concept of zero knowledge simply means that a relying party (verifier) does not need any additional information, other than the necessary minimum, to confirm whether a data owner (holder) qualifies for the service they provide or not. 

Using the zero-knowledge proof method within a trust triangle, participants will benefit from secure interactions. This is because their full personal information does not need to be revealed in the majority of interactions. 

Let’s revisit our previous example but with ZK in mind:

• Holder A wishes to access Verifier B’s services, which are age-restricted.
• B needs to verify with Issuer C whether A qualifies for said services. 
• C will confirm whether A is of age or not, without revealing the full date of birth, or specific age. Confirmation is expressed in the form of a ZK proof.
• B will not have access to any kind of additional information, like location, actual date of birth, full name, full address, gender, etc. Likewise, B will not be retaining any data, because there will be no information for B to memorize or share outside of the interaction with A.

Conclusions

The quick progress of technology is both thrilling and anxiety-inducing. It can be challenging to adapt to these fast-paced changes. However, there will always be ways to combat the threat of being controlled by an ill-intended higher power. 

Self Sovereign Identity is keeping pace with this constant technological uprising, making sure to protect its users. It aims to maintain the ideal that there’s a choice that doesn’t trap individuals in exhausting, exploitative loops. 

Its goal is to continuously certify its users to reach their full professional and personal potential. To restore each individual’s ability to be the sole controller of their PII in their digital lives. 

ESelfKey is restlessly working towards achieving ways for users to be able to safely engage with partners in an environment that is secure and neutral. At the moment, SSID is an ideal, a work in progress. ESelfKey has the potential to become the bridge that will take its users towards a much safer and empowering future. 

Stay up to date with ESelfKey on Discord, Telegram, and Subscribe to the blog to receive new information!

The system was first proposed in 2014 and was meant to roll out this year, but it will likely be another couple of years before it is fully operational. In this article, we outline what exactly China’s Social Credit System is, how it works, the criticisms it has faced, and the implications it has on big data and online identity. Let’s dive in.

What is China’s Social Credit System?

China’s Social Credit System is similar to how a regular credit score functions. Now a normal credit score only deals with your current financial state and financial history. A typical credit score is decided by five different factors: payment history, utilization, length of credit history, recent activity, and overall capacity. However, China’s social credit score expands the typical credit score system into all ways of life.

According to the Chinese government, the system is designed to monitor and engineer better behavior on an individual level and a business level. The system awards good behavior, which leads to a higher score, and punishes bad behavior, which leads to a lower score. China already has the bones of this system in place (some cities and provinces have created their own version of SCS to curb what is deemed to be negative behavior) but the SCS takes this activity to a whole new level. 

How the SCS works

The SCS has a few different functions. There is one system for citizens, one for businesses and other organizations, and one for government officials. While the full system has not been rolled out yet, here’s what we know so far from pilot systems and reports. Do keep in mind that there is no unified Social Credit System yet; different regions are currently using different methods. 

For citizens, everyone starts with the same score (the city of Rongcheng gives citizens 1000 points to start). Citizens are then closely monitored in all areas of life and are rated on how they behave. Users can increase their points by doing things such as making donations, praising the Chinese government online, and helping the less fortunate. Having more points means that users are more likely to receive a promotion at work, get priority status for their children’s school admissions, tax breaks, and better access to loans and other financial services. Doesn’t sound too bad, right?

However, having a lower score can lead to disastrous consequences, and losing points is easy. Users can lose points by not visiting their elderly parents, traffic violations, cheating in online games, failing to sincerely apologize for crimes committed, and spreading rumors on the internet. Having a lower score can mean that users are not able to travel by plane or train, aren’t eligible for certain jobs, can be subject to public shaming, and can be denied full access to public services.

For businesses, the SCS focuses more on ensuring that the laws are followed, taxes are paid on time, and that product and service quality are adequate. According to the Chinese government, the goal is to create a fair, transparent, and predictable business environment. However, the corporate side of SCS poses some difficult problems. 

For instance, businesses need to take responsibility for their business partners. Even if a company meets all of the legal requirements, they can still be penalized if another company they work with is on a blacklist. Because of this, companies with a lower score will have an incredibly difficult time forming partnerships with reputable businesses. 

Companies with a lower score on the SCS face more frequent and intense auditing, the possibility of public shaming, and may even be excluded from public procurement opportunities. Businesses can land on a blacklist from either having a low score, or for a particular type of violation.

The third part of the SCS, for government officials, focuses on how well government orders are carried out. Essentially, the Chinese government wants to ensure that officials are politically loyal, performing well, and corruption-free.

It is important to note that all three branches within the SCS function differently. Individuals are scored differently from businesses, who are scored differently from government officials. So far, no regional government has enforced all three aspects of the SCS.

Criticisms of the SCS

Why so many are scared of the SCS is because  some of the “crimes” are incredibly ambiguous (how do you know if someone’s apology is insincere?), and the punishments are extreme and take away basic human rights from Chinese citizens. For example, in 2016 a Chinese lawyer was not allowed to buy a plane ticket because an apology he had issued was deemed to be insincere. Judging how sincere someone’s apology is is incredibly subjective, and not something that should prevent a person from having basic rights. 

That being said, Chinese citizens are already under an incredible amount of government surveillance and there have been no criticisms of the SCS from within the country. Probably because its citizens are too scared to speak up.

There are also doubts that the SCS will ever be rolled out on a national level. The program was supposed to start this year, and while individual cities and provinces have laid some groundwork, the Chinese government has yet to introduce anything nationally. The full roll out of the program could be years away simply due to the vastness of China. However, four provincial level governments already have their own version of the SCS.

The Chinese government faces other problems too, specifically regarding corruption. The whole purpose of the SCS is to share information and be transparent. If people are focused on their own interests over the government’s, that’s a big power struggle waiting to happen. 

How the SCS impacts online identity

One of the biggest implications of the SCS is the sheer amount of data that the Chinese government will have access to. The SCS is perpetual surveillance, and a massive collection of personal information will be available about each citizen. The system effectively strips Chinese citizens of any rights to their online identity.

Unfortunately, this isn’t anything new for China. The internet is already heavily censored in China, and law enforcement in the country has been using facial recognition software and drones to identify citizens who are breaking the law. The control Chinese citizens have over their online identity is negligible right now, but with the SCS, it disappears completely.

It’s a disturbing realization. In the Western world, we spend a fair amount of time and effort trying to keep our online identity from falling into the wrong hands. Although data breaches are a regular occurence, ultimately we can choose what to delete and use tools to help keep our personal information safe. In China, these options don’t exist. Under the SCS, the government watches your every move both online and offline. Online identity is public, and can be used against you if you make a wrong decision in the eyes of the government.

And then there is the issue of how all of this data is protected. The regional versions of the SCS combine both traditional and digital monitoring. Some believe that China’s current technological capabilities have been overestimated. In fact when news network ABC Australia contacted the government agency tasked with creating the SCS for a statement, they were asked to send their request by fax. Which makes you wonder, how protected is all of this personal information online and how vulnerable is it to hackers? We might not get the answers to these questions until the country suffers a massive data breach.

Conclusion - China’s Social Credit System and Online Identity

China’s Social Credit System is frightening in more ways than one. Much of it feels like an episode of Black Mirror, and that presumption isn’t wrong. Not only does the SCS limit personal freedoms on a system that is astoundingly arbitrary, but it prevents Chinese citizens and businesses from regaining a positive status. 

Online identity is something that is already incredibly fragile in China right now. When the SCS comes into effect, any personal control is gone. It is already incredibly difficult for Chinese citizens to speak out against their government today. Citizens can disappear, be placed under house arrest, forced to stay in the country, or have their family threatened for expressing dissent. Once the SCS is in place, dissent becomes nearly impossible.

While the SCS has yet to roll out, and it’s unclear when that will happen, it will fundamentally alter the concept of not only online identity, but also human rights. The implications are frightening, and it’s unclear what, if anything, can be done to prevent it. 

However, COVID-19 has brought about changes in unexpected areas of our lives, in particular surrounding our data security. Cybercrime has been noticeably increasing, and there are concerns that ransomware attacks could disrupt both government and healthcare organizations. Here’s everything you need to know, including how to stay safe.

The current state of data security

The past year was not great for your data security. There were innumerable data breaches and billions of records were exposed. What has been notable is that there has been an increase in government agencies and healthcare companies becoming victims of data breaches. To give you some perspective, the following government or healthcare organizations were hacked in the last twelve months: the United Nations, the US Defence Information Systems Agency, LabCorp, LifeLabs, Bulgaria’s National Revenue Agency, Los Angeles County Dept. of Health Services, Maryland Dept. of Labor, and many, many more. 

Why exactly has there been an increase in targeting these types of organizations? There are a couple of reasons. The first is that, unfortunately, government agencies are generally not the most technologically advanced when it comes to cybersecurity and this makes them a prime target for data breaches. Old computer systems and out of date security measures allow hackers easy access. Obviously, this is not the case with every government system, but the majority do not have state-of-the-art security protocols in place to prevent breaches. 

Secondly, the data that healthcare and government organizations hold is incredibly valuable. In particular, there has been a rise in medical identity theft over the past few years, which makes medical records very appealing to hackers. Additionally, if a criminal has your social security number, they can steal your tax refund. Even if they don’t use the information themselves, hackers can sell your data to other criminals who can then steal your identity or use it to extort funds from you.

Thirdly, most major countries have their own government-backed hacking groups that they use to target rival countries. Naturally, confidential information and disrupting services like healthcare hurt the most, which makes them prime targets. While individuals are rarely the targets of these types of hacks (unless you’re a high ranking official), they can certainly have a major impact on your life.

What the past couple of years have shown us is that your data is not safe in the hands of organizations. Unfortunately, when it comes to government and healthcare related services, you don’t have much of a choice when it comes to handing over your personal information. However, it has been a wake up call for many organizations, especially with laws like the GDPR and California Consumer Privacy Act that make a lack of security and a lack of response punishable by law. 

The threats COVID-19 poses

During any tragic event, there are always people trying to capitalize off of it, and the Coronavirus is no exception. Cybercrime around the global pandemic has increased over the past few weeks, and in particular, phishing scams have used the virus as a theme. 

What makes phishing scams work (some of the time) is that they create a sense of fear, urgency, or curiousity; feelings that are already elevated right now due to COVID-19. These are extremely powerful emotions that can cause you to make decisions you normally wouldn’t. If you receive an email that looks like it is from your government regarding the Coronavirus, your natural inclination is to do what the email says. Hackers are counting on you not taking a closer look, which is what makes phishing scams so effective. Using real human emotions to prey on innocent victims is called social engineering and can be incredibly powerful in the right (or wrong) hands. 

In January and February 2020, Japan was hit by a massive phishing scam. An email appearing to be from a Japanese disability welfare service provider was sent out with an attachment supposed to contain important information about the Coronavirus. When the document was opened, malware was downloaded onto the victim’s computer. And this is only the beginning, there are certainly going to be more phishing scams in the future.

There has also been an uptick in website domains related to COVID-19, and the majority of these websites are 50% more likely to be malicious than other domains registered since January. All sorts of suspicious websites are claiming to sell testing kits, vaccines, and protective gear when in reality they are just capitalizing on fear.

Ransomware may be imminent

If you’re unfamiliar with ransomware, it’s a pretty basic idea. Hackers gain control of a computer or other device and hold it for a ransom. If the victim fails to pay within a given time frame, then the victim loses access forever. Since ransomware is a criminal activity, sometimes paying the ransom doesn’t restore access at all.

It’s a pretty effective technique because it preys on your fear of losing all of your files, photos, messages, etc., that are stored on your devices. When you apply this to a medical or government setting, ransomware could have devastating consequences, especially during a global pandemic. Criminals are viewing this time as an opportunity rather than a crisis.

A recent report by RiskIQ proposes that criminals are going to leverage the Coronavirus pandemic to launch ransomware attacks, particularly on healthcare organizations. Why? Because healthcare organizations are going to be more likely to pay and willing to pay more to have data released, especially when lives may be at risk. The effects could be devastating, especially if hackers target COVID-19 response and relief efforts.

There is a very real fear in the cybersecurity community that ransomware is imminent, and that the effects it will have in the fight against COVID-19 could be devastating. In fact, ransomware attacks could lead to the spread of the virus if governments and health services are delayed in finding and relaying important information to the general population. So far, there is no evidence that hospitals and government agencies are being specifically targeted, but if the trend of increasing ransomware attacks continue, things could get ugly.

How to stay safe

While there’s not a lot you can do to prevent a ransomware attack against a healthcare or government organization, there are some steps you can take to protect yourself against hackers. Here’s what we recommend:

• Be suspicious - If you receive any email that claims to have important information, check to see who the sender is and what their email address is. Hackers will imitate actual organizations very closely, but something will be off. Don’t download any attachments without making sure it’s from a safe, legitimate source.
• Be cautious of tempting offers- There is so much misinformation circulating right now regarding the Coronavirus. If something sounds too good to be true, especially regarding a cure or vaccine, it definitely is. Only follow the advice of your government and legitimate sources like the World Health Organization.
• Install an anti-virus or security suite and keep it up-to-date - In case you don’t spot malware, it’s important that your computer does. Most email software is pretty good at catching phishing scams, but you may want something heftier just in case. Most importantly, make sure that your software is regularly updated as updates can include important security patches. To make things even simpler, turn on auto updates so you don’t even have to think about it. 
• Enable two-factor authentication - This is one of the easiest ways to see if someone is trying to gain access to your accounts and stop them in their tracks. While not all websites and apps offer two-factor authentication, most of the major ones do. It might feel like a hassle at the beginning but it does a great job of protecting your data.

These small steps could protect your data from being compromised. Given the uptick in ransomware attacks, hopefully government and healthcare organizations will update their security systems too. This is a trying time, in more ways than one.

Conclusion - Data security during the COVID-19 outbreak

The future feels very uncertain right now, in more ways than one. The effect that the Coronavirus is having on data security may seem like an unexpected one, but it is also incredibly important. Suspicious criminal activity is on the rise, and the elevated emotions surrounding COVID-19 could make them far more effective than normal. If ransomware is used on hospitals and government services, the effects could be truly devastating.

This is a difficult time for most of the population, however, for criminals it’s a time that could be very profitable. Crime never stops, even during a global pandemic. In meantime, we should remain hopeful that this chaotic time will soon be over, and that healthcare and government organizations are paying attention to the habits of cybercriminals.

The data collected in data breaches can be incredibly valuable to hackers. They can sell it to other hackers, use it to drain your bank accounts, or impersonate you. In this article, we outline the best ways to protect your data so that when a data breach does happen, your data is not exposed.

1. Separate your emails

Your email address is one of the most common pieces of information that can be exposed in a data breach. It might not seem like much, but hackers can discover a large amount of information about you from just this one piece of information. Additionally, your email may be easy to find already through social media accounts.

As a result, you should create a separate email for important accounts and another for less essential ones. For example, you can use one email address for all of your entertainment accounts (such as Netflix, Spotify, Youtube, Steam, social media, online games, etc.) and another for more important accounts (such as banking, taxes, finances, etc.). By keeping this information separate, you reduce the chances of valuable information falling into the wrong hands.

2. Use a password manager

Most people have a very bad habit of using the same password for multiple websites and apps. This means that if hackers get access to one password, they can usually access multiple accounts. In order to prevent this, experts say that you should have a unique password for each website and app that you use. Additionally, your password should not be a word in the dictionary, and should contain symbols, numbers, and uppercase and lowercase letters.

While it may seem overwhelming to keep track of unique, individual passwords for each account, password managers solve this problem. A password manager stores all of your passwords in one place. Some password managers can even generate completely random passwords for you (usually a long, random, case-sensitive string of numbers and letters). In some cases, the password manager may have a browser extension which automatically enters your password for you. In others, you have to open the app or website each time to copy and paste your password.

While password managers are a target for hackers because they contain a lot of sensitive information, they are better than any current alternative. If someone manages to hack into a password manager’s server, the data they can access is generally useless. The data will not make any sense unless the malicious actors also have the master password, and obtaining a master password is even more difficult.

When looking for a password manager, something to keep in mind is that a good password manager should not allow master password recovery. If a hacker can get a hold of your master password, it puts all of your online personal data at risk.

3. Enable two-factor authentication

You might employ this already, but two-factor authentication (2FA) puts another wall between your personal information and hackers. In essence, 2FA requires you to provide two different authentication factors when logging into an account. Typically, one of these factors is your password and the other is a notification on your smartphone or email.

While not all online accounts offer 2FA, you should enable it wherever you can, in particular for accounts that may contain more personal information. Your social media accounts, email, online banking, and online marketplaces (such as Amazon) should all have 2FA enabled if possible.

4. Use platforms with strong security

It’s vital that the platforms you use have a good system in place to protect your data in the event of a breach. Some companies are extremely committed to security, while others aren’t fussed. One good way to get an idea of how good a platform’s security protocol is is to check if they’ve ever experienced a data breach, and what their response was (take a look at the latest data breaches here).

Repeat offenders and platforms that have a delayed (or non-existent) response to a data breach are places where you don’t want your personal data to be. It very well may be in your best interest to delete accounts and remove yourself from the platform. Consider Facebook, which experienced five separate data breaches )affecting nearly nearly 2 billion user accounts) in 2019 alone. While the social media company has said that they are making changes, the numbers speak for themselves. It might be time to get off Facebook (including Instagram and WhatsApp, also owned by Facebook) or at least severely limit your presence on the platform.

Ultimately, it’s up to you if you want to completely remove yourself from a platform, but in some cases it could make a big difference. We also recommend that you do your due diligence before joining a new platform. Check to see if they’ve dealt with data breaches in the past and how it played out. If it doesn’t look good, don’t make an account.

5. Monitor your accounts regularly

You might be able to spot a data breach before a company does if you keep a regular eye on your accounts. In particular, your bank account can be a tempting target for hackers. It’s important to actively monitor your financial statements. If possible, check your bank account and credit card statements online at least once a week. If checking your statements online isn’t possible, make sure you are monitoring your monthly statements. You can also go the extra step of freezing your credit.

Another great tool is Have I Been Pwned?, which allows you to see if any of your accounts have been subject to a data breach. You can even sign-up to receive notifications in the event that one of your accounts is breached. Additionally, if you’ve had data exposed in a breach, you can see exactly what company was involved so you can take action from there.

6. Clean up your accounts

How many of you have an inbox that is full of old emails? If they contain any sensitive information, that could be used against you in the event of a data breach. By keeping your inbox empty and deleting any old emails containing your personal details, you’re ensuring that there is nothing of value in the event that your account is hacked.

Additionally, malicious actors can hack into your email and threaten to release personal information (in particular explicit photos and messages) to the public for a ransom. If you don’t pay up, your reputation could sadly be ruined. Naturally, this data is even more valuable if the victim is a public figure, such as when the National Enquirer allegedly threatened to release photos of Jeff Bezos and his mistress.

You should consider updating any old accounts too. Payment methods you don’t use anymore, old addresses, and more can be extremely valuable. If you don’t use an account anymore, consider deleting it entirely or at least strip any personal identifying information off of it. 

7. Increase your privacy settings

Is your Facebook profile public? What about Instagram? Who can see your posts? If there’s any information you don’t want to be publicly available, delete it and increase your privacy settings on social media. By removing information and making it harder for people to find you, you stand a better chance of weathering a data breach.

It’s also a good practice to be critical of anyone (friends or not) who randomly starts messaging or calling you asking for seemingly random information or funds. This is called social engineering and is a popular way for hackers to make off with your personal information and your money too. Additionally, familiarize yourself with phishing scams and what they look like.

Conclusion - Surviving a data breach

Data breaches are inevitable, but with the above tools, you are well on your way to making sure that your personal data is protected. Unfortunately, most people do not understand the gravity of the problem until they are personally affected. Taking a proactive approach to your personal data is incredibly important in this day and age, especially when you consider that there is a new victim of identity theft every 2 seconds just in the United States.

While we can hope that companies will begin to take a more proactive approach to user security, that may be a way off. For now, the responsibility lies with the individual to ensure that they are doing all they can to protect themselves. The situation isn’t ideal, but hopefully change is on the horizon.

This is why ESelfKey is working on an end-to-end self-sovereign identity management system which will do a far superior job of protecting you from data breaches. You can learn more about our solution here.

Want to learn more about ESelfKey? Check out this third party review.

In a landmark case regarding data privacy, you may have the right to be forgotten (also known as the right to erasure). This means you can have certain results removed from Google and other search engines if you meet the specific criteria. Here’s a guide to how you can take advantage of this law.

What is the right to be forgotten?

Before we dive into how you can remove your personal information from searches on the internet, it’s important to get an understanding of what the rules are. First of all, it is important to note that for now this right only applies to European citizens/residents and only applies to search results in Europe as decided by the European Union’s Court of Justice. The decision to limit the location of search results was only made a couple of months ago, so there is still a chance that it may expand to the rest of the world in time. 

The right to be forgotten came into effect as part of the General Data Protection Regulation (GDPR) in May 2018, however it actually began four years earlier. In 2014, Mario Costeja Gonzalez took Google to court and won. In the late 1990s, Gonzalez was in the midst of bankruptcy and had to auction his property. At the time, the auction was announced in the local newspaper.

By 2014, Gonzalez no longer had financial problems, but if you searched his name on Google, the newspaper article covering the property auction was the first result. Gonzalez argued that this information was no longer relevant, he had done nothing illegal and that it was harming his reputation, and the EU courts agreed. Ironically, there are now hundreds of search results for his name thanks to the case. However, Gonzalez’s case set an important precedent for individual privacy laws.

In the GDPR, the right to be forgotten is outlined in Article 17 as: ““The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.”

To break down all of that legal jargon, if you meet a certain set of circumstances then you can request that Google and other search engines remove search results that involve your personal information.

What criteria do you need to meet?

Naturally, not all types of data are included in the right to be forgotten. There are several conditions, but you only need to meet one to qualify. 

The conditions are the following:

• An organization needs your consent to process your data and you withdraw your consent
• An organization processed your data unlawfully
• Your personal data is no longer necessary for the purpose of the organization that originally collected it
• An organization processed the data of a child
• An organization used your data for direct marketing and you object to your data being used for that purpose
• An organization relies on legitimate interests as its justification for processing your data, you object to this processing, and there is no overriding legitimate interest for the organization to continue with the processing

That being said, there are a number of conditions that override your right to be forgotten. They are the following: 

• Your data is used to perform a task that is being carried out in the public interest
• Your data is being used for a legal defense or to establish other legal claims
• Your data is necessary to perform occupation or preventative medicine (this only applies if health professionals are processing your data)
• Your data is being processed for a purpose that is necessary for public health purposes and serves public interest
• Your data is being used to exercise the right of freedom of expression and information
• Your data is being used to comply with a legal ruling or obligation
• Your data represents important information that serves the public interest (including scientific research, historical research, or statistical purposes) and the erasure of this data would likely halt or impair the progress that was the original goal of the processing

As you can see, there are several ways the right to be forgotten can be negated. Many people wrongfully believe that they can get any search result removed simply because they don’t like it or it’s slightly embarrassing. For example, a business won’t be able to remove a bad review because that is not personal data. The same applies for if you run a business under your actual name. If you hold a political office, your personal information will probably stay up because it’s in the public interest. 

If you aren’t sure if you meet the criteria for removal, you can still try asking Google to take down the search results you want removed. If you want a result removed and Google does not take it down, it may be worth your time to consult a lawyer to figure out if you are eligible in the first place. Remember, this is only for search results in the EU, so search results elsewhere will remain the same.

How to request a removal

The first step is to identify the information that you want taken down. This requires finding the specific website address (URL) that shows up with your information. Google recommends that you contact the website with your personal information on it directly, as removing search results is not the same as the data actually being deleted. If you aren’t sure how to contact the webmaster, Google has a handy tutorial.

Next, you need to go to this Google page. You will be prompted to fill in a few answers as to where you want the data removed from and why you want it removed. Note that you will need to fill out separate requests for each type of search result (such as a web result, image result, et cetera). You will need to select that you want to remove your personal information from Google’s search results. Don’t worry, one of the reasons for removal is because of European data protection laws. 

The next step is to fill out the provided form. You will need to provide personal information including your name, country of origin, and a copy of an identifying document like a passport or driver’s license. You will also need to outline specifically what search results you want removed (including URLs) and the search term used to find these results. Note that you also need to provide a reason for removal. We recommend that you be as precise as possible and tie your reasoning back into the qualifications we mentioned above.

From there, you will need to wait to hear what Google’s verdict is. The process to remove data is done manually and hundreds of thousands of requests are submitted every year, so it could take some time. It’s important to remember that Google is most likely operating under its own best interest here, so unless you have a really good reason and/or are willing to escalate things further if your case is rejected, Google might just say no. So far, Google has been quite transparent with its processes and have an ongoing transparency report. 

If you decide to fight Google’s ruling, your case will be passed on to your local data protection authority. This could take a long time, and it may be a good idea to employ a lawyer at this point.

To date, 43% of requests have been removed, so you have an okay chance of having your information removed. It’s important to remember that this is just the process for Google; other search engines like DuckDuckGo do not offer data removal on the basis of GDPR.

Conclusion - Use discretion

If you truly feel that there are search results about you that contain irrelevant or damaging information that fall within the constraints of the GDPR, we do recommend that you ask for those results to be removed. However, because it only removes search results from Google in the EU, it may not be that useful to you if you work/live in multiple countries.

In any case, if you are serious about pursuing your case to the very end, seeking advice from a lawyer may be worth your time. Be sure that you are working with someone who fully understands the GDPR, especially Article 17.

The right to be forgotten is an important landmark for personal data protection, but it still has a long way to go to be truly effective. It will be interesting to see if other countries follow suit and create similar laws to the GDPR, and how Google reacts. 

Since then, hackers have evolved and become more malicious. From hacking major companies, to stealing millions of dollars and revealing government secrets, hackers are now a major part of modern society. Here’s a look at the most notorious hacking groups of all time and what they’ve done.

7. Lizard Squad - Active

The Lizard Squad originally announced that it disbanded in 2014, but it actually didn’t go anywhere. This hacking group appears to mostly be run by teenagers and young adults. They have mainly hacked gaming-related services like League of Legends and PlayStation. 

The group has claimed responsibility for hacks against Facebook, although Facebook denies that they were ever hacked. In general, the Lizard Squad has a reputation for claiming to have performed hacks when they haven’t actually done anything. They even made a false bomb threat against a Sony executive. The group did manage to successfully hack Taylor Swift’s Twitter account though, but nothing came of it.

Several members of the Lizard Squad have been arrested and charged for their activities. However, that hasn’t stopped the group from continuing to hack. Most recently, they attacked the Labour Party in the United Kingdom.

6. Carbanak - Active

Very little information is known about this mysterious hacking group, but so far it has managed to steal millions from banks. Carbanak (also known as Fin7) started in 2013 and has been one of the most successful hacking groups to date. So far, the group has managed to steal $1 billion from banks around the world. 

The alleged mastermind behind the group was arrested in 2018 along with two other high ranking members. However, Carbanak has carried on successfully without them. A recent report from Bitdefender alleges that the group is still alive and well. Carbanaks modus operandi seems to be to remain unnoticeable; so far they have managed to stay in the shadows. 

5. Syrian Electronic Army - Active

The Syrian Electronic Army emerged in 2011 as a pro-Assad group of hackers. Given the group’s avid support of the Assad regime, it is widely believed that the group has government ties, and Assad has publicly stated his support of the hacking group.

The hackers have primarily focused on targeting US media outlets and social media pages. The Washington Post was a victim of the hacking group (twice), as was the New York Times. Their most notorious attack was when they hacked the Associated Press’s Twitter account, claiming that the White House was under attack and that then President Barack Obama had been injured.

Over the past few years, the Syrian Electronic Army has stayed out of the headlines as it has focused on targets closer to home. However, in 2018 it was discovered that they have been developing malware for Android phones. To date, only one member of the hacking group has been arrested, while others are wanted by the FBI.

4. Lazarus Group - Active

The Lazarus Group (also known as Guardians of Peace) is a group believed to be run by the North Korean government, and it has been very successful. The hacking group seems to have started in 2009, and mostly uses malware in its attacks. 

However, in 2014 the Lazarus Group caught the world's attention when it hacked Sony Pictures in retaliation for the movie The Interview being released. It is also responsible for Wannacry, a ransomware software that requires users to pay to have their data given back to them.

The Lazarus Group has also had a large amount of success with cryptocurrency. So far they have managed to steal $471 million from different cryptocurrency exchanges, and they are responsible for nearly bankrupting the Japanese crypto exchange CoinCheck. The United States government currently has sanctions placed on the hacking group and has frozen any known financial assets associated with them. 

3. Fancy Bear - Active

While the name may sound cute, this hacking group certainly is not. Fancy Bear (also called Sofacy) is a Russian hacking group that is firmly believed to be working under the Russian government. They tend to target foreign governments, embassies, media companies, defence organizations, energy companies, Russian dissidents, and even the Olympic games.

The hacking group got its start in 2008 when it targeted the Georgian government and has been going strong ever since. Fancy Bear was allegedly responsible for the Democratic National Convention hack prior to the last presidential election in the United States. They have also been responsible for the recent attacks on the German Parliament, and tried to influence the French elections in 2017. The group’s members remain largely unknown, and they show no sign of stopping. 

2. Equation Group - Active

If this name doesn’t sound familiar, you’ve probably heard of the organization it is allegedly tied to - The National Security Agency (NSA). Kapersky first announced its discovery of the Equation Group in 2015, lauding it as the most advanced hacking group it had seen to date.

The Equation Group only came to light because it’s members made a number of errors over the years. Given that the group was mostly targeting countries and governments considered to be enemies of the United States (such as Russia and Iran) and that the group seemed to have an unlimited budget, suspicions arose that the Equation Group had government ties.

While it has never been confirmed that this hacking group is working under the NSA, there is strong evidence that it probably is. Obviously, the NSA isn’t going to confirm this connection. Very little is known about the Equation Group, and they likely intend to keep it that way.

1. Anonymous - Inactive

This is probably the most recognizable hacking group on our list. Known for wearing Guy Fawkes masks, the Anonymous group has been behind some of the largest hacks of the 2000s. The group emerged out of 4chan in the early 2000s, and are some of the most well-known “hactivists” to date. 

Anonymous has been involved with a large number of hacks including the Church of Scientology, the Occupy Wall Street movement, the Canadian government, the Westboro Baptist Church, ISIS, and many more. While some of the group’s reasoning for their attacks was questionable at best, most people think of Anonymous as a Robin Hood-esque group of hackers, helping to better the world.

What has made the group so successful is that it is largely decentralized; members do not often know the identities of others in Anonymous. Anonymous has been responsible for 45% of all hacks in the last four years, however, the group now seems to be defunct… or at least very quiet

Honorable Mention: Legion of Doom - Inactive

No list of hacking groups would be complete without The Legion of Doom. This legendary hacking group is no longer active, but it is a hacking group that has gone down as being the most influential of all time. The group was active through the mid-80s to early 2000s, but they are mostly known for their work from 1984-1991. The group is also responsible for penning the infamous Hacker’s Manifesto.

At the time, the most common type of hacking was that of phone companies. This included setting up phone lines that could not be billed by phone companies. The Legion of Doom feuded with another hacker group called Masters of Deception, and their battle royale to decimate one another became known as The Great Hacker War. 

In comparison to the hacking we see nowadays, their activities seem very tame, but it was some of the biggest cyber warfare at the time. Most of the members are still largely unknown.

Conclusion

Since hackers emerged, they have become more and more nefarious. Hacking groups have gone from setting up free phone lines to attempting to destroy whole governments. We have certainly seen a rise in government-sanctioned hacking groups. While protection against cyber warfare is a necessity in today’s age, it would be nice to see governments focus more on preventing attacks instead of initiating them.

Individuals are very rarely the targets of hacking groups (unless you are a high profile individual). However, that doesn’t mean there isn’t potential for your personal data to be compromised as the result of a hack. Major companies and social media platforms are amongst the most common targets.

If you’ve been the victim of a data breach or hack (you can check on the website Have I Been Pwned?), it’s important to know what could happen to your personal data afterwards. Most people aren’t able to prevent a hack, but there are a number of things you can do to protect yourself, and it’s vital that you do your due diligence. If anything, hacking groups are only going to become more advanced as time goes on.

If you follow the news, you’ll know that Facebook came under fire in 2018 for a flurry of leaks, breaches and poor earnings reports. As a result, Facebook lost over $120 billion in market cap, and its user count shrank in Europe.

In fact, Facebook has a long and checkered history of neglecting its users. Let’s look at this claim in more detail.

The Early 2000s - Beacon Shares Purchasing History in the News Feed

Before Facebook had it’s two year anniversary, problems regarding user privacy were already emerging. In 2006, Facebook launched the News Feed feature which shared personal details without the users knowledge or consent. This led to users protesting the sudden privacy violation, especially because the News Feed didn’t have an off-switch.

In late 2007, a program called “Beacon” was launched which illegally shared users’ online purchases from third party sites on the News Feed. Once again, this was done without knowledge or consent, and a class action lawsuit was filed. Despite eventually paying $9.5 million to settle the lawsuit, Facebook didn’t stop running Beacon until 2009.

2009 to 2014 - The Federal Trade Commission Gets Involved

In early 2009, Facebook made changes to its terms of service stating that users can’t delete their data once they leave the platform. Rather predictably, there was an outcry. Later that year, Facebook revised its privacy policy and privacy settings for users. By doing so, Facebook made a large range of personal information public by default.

As 2011 came to an end, Facebook settled with the Federal Trade Commission (FTC) for privacy charges. According to regulators, Facebook falsely claimed that third-party apps were only able to access data that was strictly needed. The truth was more sinister, third-party apps could access nearly all of the user’s personal data and Facebook was also openly sharing user information with advertisers.

The FTC filed a number of other complaints, most of which involve Facebook lying to users about who could see their data and giving users a false sense of privacy. Due to these infractions, Facebook agreed to undergo an independent privacy evaluation every other year until 2031.

In 2013, Facebook discovered a bug that exposed private user information. Although Facebook caught it themselves, the bug shared the phone numbers and email addresses of 6 million users. Anyone who knew at least one piece of contact information or who had some type of connection to the person could access the data. In a statement, Facebook said it fixed the bug and notified regulators.

A year later, Facebook drew more negative attention, when it allowed an internal group of data scientists to run a mood manipulation experiment on over half a million users. The experiment caused Facebook to alter news feeds to either show more positive or negative posts, and its purpose was to show how emotions could spread over social media.

Once the study was published, there was a severe backlash due to the perceived ethical violations. Obviously, users did not provide informed consent to participate in the study, and were treated as guinea pigs.

2018 - Oops! We Leaked Your Data Again

To truly understand the extent of the Cambridge Analytica scandal, we have to go back a few years. In 2014, a Cambridge University professor, Aleksandr Kogan, ran a personality test app on Facebook.

Kogan’s company, GSR, then signed a data-licensing contract with the political consulting firm Cambridge Analytica in order to supply the company with psychological profiles of US voters. Over the course of the summer, the app was downloaded by over 200,000 Facebook users and harvested the personal information of as many as 87 million people.

It wasn’t until 2015 that Facebook learned that Kogan had shared data with Cambridge Analytica. According to Mark Zuckerberg, Kogan was banned from the platform and forced to delete all improperly acquired data. In the summer of 2016, Cambridge Analytica took legal action against GSR and Kogan, for selling illegally acquired data.

Facebook did not notify users of the data breach and assumed the problem had gone away. Luckily, a whistleblower by the name of Christopher Wylie  came forward in 2018, and The Guardian and The New York Times both published exposés revealing the scandal.

The damage of the breach was far more insidious than expected. Steve Bannon, a then advisor to the Trump administration, used this data to specifically target US voters during the 2016 presidential elections. Cambridge Analytica not only worked with Donald Trump’s election team; they also worked with Brexit's “Leave” campaign - and reportedly had a significant impact on the outcome. 

2019 - The Aftermath & Our Current Predicament

After the Cambridge Analytica scandal, Facebook made a renewed pledge to protect users' privacy and in May 2019, Zuckerberg stated “the future is private.” However in the wake of yet another scandal, the words feel hollow. 

There is no trust left for Facebook, and the shift to a privacy-centric approach just feels fake, especially since the behemoth launched its in-app dating service. Given that Facebook also owns two other mega apps - WhatsApp and Instagram - it’s beginning to feel more and more like Facebook’s real goal is world domination. Alarmingly, Facebook's monopoly means that users have nowhere else to turn.

As recently as April 2019, Facebook’s privacy practices were under scrutiny again, when it was revealed that millions of passwords to Instagram and Facebook accounts had been stored in plain text files. Facebook assured users that the passwords were not accessible or abused in any way, but it’s another nail in the proverbial coffin for the company.

It goes beyond privacy too. In March, Facebook was deemed, by the United Nations, as a contributing factor to the ethnic cleansing occuring in Myanmar. It’s clear that Facebook is fighting many demons.

As of today, May 9th 2019, Facebook is still under investigation by the FTC. It is suspected that Facebook will have to pay a fine of $5 billion - the largest fine the agency has ever levied.

What Can You Learn from Facebook’s History of Privacy Abuse?

The timeline discussed so far illustrates that Facebook has a long history of privacy abuse. In interviews, Mark Zuckerberg is open about the fact that software engineers can test and deploy without much oversight. Decisions are seemingly made solely on the strength of the available data, giving little thought to the privacy of its global user base.

It’s unsurprising therefore to see so many occasions on which Facebook users have been forced to suffer data leaks and breaches. What can you do about it?

The first thing to learn is that any online account can be breached. As a result, you should either delete your Facebook account or at least delete any information that could potentially harm you.

Next, it’s vital to start learning about alternatives. Facebook, Quora, Google and others have shown that they cannot be trusted to keep your data safe. Instead, look for platforms that employ a decentralized identity management system. With this approach, your data is stored locally, keeping it safe from large-scale data breaches.

The concept of a Self-Sovereign Identity (SSI) system is key here, as it allows you to retain ownership over your data and minimises the information that is shared publicly. Check out Self-Sovereign Identity and SelfKey’s Identity Wallet to learn more.