The rise of technology has made a great impact all around the world. It changed the way we communicate, work, and study. With the help of artificial intelligence (AI), most of our daily tasks are made considerably easier, and access to information has never been more effortless. However, in order to benefit from all the wonders of AI, we have to become part of its world.

Most of our private information had to evolve from physical papers to digital identities, which are stored in centralized systems. But while traditional, centralized systems are convenient, they may put our private data in danger due to their weak security measures.

Thankfully, solutions are being developed to change the way we authenticate ourselves online and the way we perform individuality-based activities on Web3. Technology can help protect our private information, just as much as it can be used to compromise it. The key is to remember that we can use AI for our benefit.

In this article, we will thoroughly elaborate on DAOs, ESelfKey DAO (including specific terms like KEY, SELF, and NFTs), and how user engagement in the DAO will be beneficial for individuals in the long run.

Highlights

• Humans and Digital Identity
• DAOs vs centralized systems
• DAOs and individuals
• ESelfKey DAO
• How to participate in the ESelfKey DAO
• Conclusions

Humans and Digital Identity

How we operate in the online world

Nowadays, we operate in the online world in many ways. We use various tools and platforms to connect, communicate, and collaborate with one another across the globe. For instance social media, messaging apps, online forums, and video conferencing. The web has opened up endless opportunities for people to share information, ideas, and experiences. 

However, as with any aspect of human behavior, there are also challenges and risks associated with operating in the online world. One of the biggest concerns is the safety of our personal data. 

The risks we take when performing individuality-based activities online

When we engage in individuality-based activities online that involve sharing personal information, we expose ourselves to a variety of potential risks. 

For example, personal information shared online can be accessed either by AI or human identity thieves, putting our privacy and security at risk. Even seemingly small details such as our names, birthdates, or email addresses can become targets which bad players may use to compromise our security. This can lead to AI attempting to create fake identities using our leaked personal data. 

What can we do to avoid those risks?

Being cautious about what we share online and keeping our privacy safe is very important. However, it is equally important to make sure that the individuals we engage with are not fake, AI-generated entities. 

Implementing Know Your Customer (KYC) protocols within a DAO may be the most secure means of verifying that individuals are genuine, real persons. Not only that, but within a DAO, there is no single entity to govern and control our personal data. What a DAO strives to achieve is equality and fairness among its users, as well as maintain the security of their individuality.

DAOs vs centralized systems

A brief description of DAO 

A DAO, or Decentralized Autonomous Organization, is a type of organization that usually operates using blockchain technology. This facilitates decentralized decision-making and transparent governance without the need for a centralized authority. 

DAOs are typically run by a group of individuals who hold tokens or cryptocurrency. Individuals can also vote on decisions related to the organization's operations, like funding proposals or changes to the organization's rules. 

How DAOs are revolutionizing individuality-based operations

DAOs  are changing the way individuals operate by innovating the concept of decision-making. 

In traditional organizations, individuals cannot materialize their ideas or concerns, due to the centralized systems based on hierarchies. DAOs, on the other hand, allow members to participate in decision-making processes and contribute to the organization's goals through decentralized governance mechanisms.

By using blockchain technology, DAOs enable trustless collaboration and eliminate the need for intermediaries. This method makes it easier for members to join and participate in collective decision-making. Additionally, it creates a more inclusive and democratic environment where each member can have an equal say and contribute to the organization's success.

Therefore, DAOs are empowering individuals to come together, build communities, and work towards common goals, without sacrificing their individuality or autonomy. 

DAOs and individuals

DAOs suffer from lack of user participation

Despite their potential benefits, DAOs can suffer from a lack of user participation. Because DAOs rely on decentralized decision-making, they require active participation from members to make decisions in a timely and effective manner.

How will user participation help DAOs “stay alive”

User participation is critical to the success and sustainability of DAOs. Without active participation from members, DAOs may struggle to make decisions, coordinate actions, and achieve their goals. Moreover, low participation can lead to apathy or disengagement. In turn, this can weaken the community and reduce the value of the DAO.

On the other hand, active user participation can help DAOs stay alive by:

• Promoting engagement.
• Building a strong community.
• Ensuring a timely and effective manner decision-making process.

Ultimately, user participation is essential for DAOs to remain viable and achieve their goals over the long term.

The benefits of participating in DAOs

Participating in DAOs offers numerous advantages for individuals looking to collaborate and contribute to a community-driven effort. Aside from providing opportunities for innovation and community building, it has several more benefits, such as: 

• Democratic decision-making
• Increased security
• Unique contributions
• Transparency

ESelfKey DAO

After explaining the general concept of DAOs, let's examine the SelfKey DAO objectives. 

Individuality is a vital aspect that the ESelfKey DAO is focused on. In the ESelfKey Protocol, individuals value every member’s uniqueness in order to help protect their digital identity from theft and forgery. The aim is to create a safe environment with the help of AI-Powered Proof of Individuality, where valued members can operate using trustless and secure methods.

ESelfKey DAO strive to provide secure digital identity solutions. With strong credentials in cryptography and blockchain technology, ESelfKey DAO’s goals include protecting users' privacy and giving them control over their data. Credentials are lacking in the crypto industry, and they’re a need in order to keep users’ information safe from being doxxed.

Basically, ESelfKey’s goal is to develop a method for individuals to engage with one another in a decentralized, trustless environment, while their private data and individuality remain safe and secure.

Important Terminology in ESelfKey DAO

What is KEY?

The KEY utility token is the centerpiece of the ESelfKey Protocol. 

It has several uses, such as:

• Being a means of payment for services within the ESelfKey Protocol.
• Individuals may use it to lock credentials on.
• Being utilized to govern and empower members of the ESelfKey DAO.
• Providing the necessary tools for users to take control of their digital identity.

As more individuals join the ESelfKey Protocol, the potential uses of KEY will only continue to expand, further cementing its importance as a vital component of the decentralized digital identity revolution.

What is SELF?

While KEY remains the vital utility token to lock on credentials, ESelfKey has proposed SELF tokens in order to help an individual keep track of what they have locked and for what period of time. 

Here are some of SELF’s attributes:

• Individuals who properly lock on a real identity may mint SELF tokens.
• Users themselves may issue SELF tokens.
• They do not have any intrinsic value.
• SELF tokens may also have utility as a governance mechanism. 
• SELF tokens can be unlocked through DAO voting.

SelfKey’s NFTs

At SelfKey, active members have the opportunity to earn NFTs by participating in the community and contributing to the project.

One of the unique features of ESelfKey's NFTs is that they are highly customizable. This means that individuals can tailor their NFTs to their specific needs and preferences. 

ESelfKey places a great emphasis on individuality, recognizing that each person has their own unique identity and set of circumstances. It is a platform that truly values individuality and helping people take control of their own identity and data. This is reflected in the customizability of its tokens and the overall design of the platform. 

How to participate in the ESelfKey DAO

Participating in the ESelfKey DAO and claiming tokens offers many benefits, such as:

• The ability to have a say in the project's direction.
• Voting rights on proposals.
• Access to exclusive community events.
• The opportunity to claim SELF tokens through active participation in the DAO.

The ESelfKey DAO provides a platform for community members to be more engaged and invested in the success of the ESelfKey Protocol.

Here is how to do it:

1. First, a user must perform a KYC check in order to properly authenticate themselves as a real person and the person whom they claim to be. Afterwards, they will join the DAO.
2. The user will then be able to lock KEY tokens on their KYC credentials. Afterwards, they will be able to start accumulating SELF tokens.
3. SELF tokens can be used to purchase NFT packs with particular customizations.
4. Alternatively, the user can mint their SELF tokens and use them for whatever purpose they find useful and fit.
5. Finally, users can contribute to the ESelfKey DAO by performing tasks issued by the ecosystem.

All in all, active participation and engagement in the ESelfKey DAO can bring significant benefits to the ESelfKey Protocol and its members. Members can actively participate in the decision-making process to shape the direction of the project, ensuring alignment with their interests and needs.

Additionally, engagement can help build a stronger sense of community among ESelfKey users, fostering a supportive environment for learning and growth. 

Ultimately, a thriving ESelfKey DAO requires active participation from its members, and those who are willing to engage will reap the benefits of a more robust and inclusive ecosystem.

Conclusions: 

Unfortunately, most people still rely on centralized systems. However, with the development of decentralized solutions, individuals may be able to take charge of managing and storing their personal data.

The ESelfKey DAO aims to assist individuals in gaining full control of their private data, enabling them to safely engage in Web3 transactions based on their individuality. Despite being a small ecosystem at present, it is secure and has the potential to reach new heights with the help of user participation and engagement. 

As the ESelfKey DAO develops, users will derive more benefits from it. Ultimately, it is user contribution that will enable ESelfKey to achieve its long-term goals.

Keep in touch to learn more about SelfKey and how you can participate in building a better digital future!

Stay up to date with ESelfKey on Discord, Telegram, and Subscribe to the official ESelfKey Newsletter to receive new information!

Note:

To the best of our knowledge, the information contained herein is accurate as of the date stated; however, the accuracy and completeness of the information are not guaranteed, and we disclaim any duty to update the information should circumstances change. You should not rely upon the information without conducting your own validation.

This communication is for informational purposes only and does not constitute an offer to sell, a solicitation to buy, or a recommendation for any digital asset, nor does it constitute an offer to provide investment advisory or other services. No reference to any specific digital asset constitutes a recommendation to buy, sell or hold such digital asset. Nothing here shall be considered a solicitation or offer to buy or sell any security, future, option or other financial instrument or to offer or provide any investment advice or service.

Note 2:

SELF and KEY tokens, SBTs, and NFTs associated with the ESelfKey ecosystem have no monetary value or utility outside of the ESelfKey ecosystem, are not ascribed any price or conversion ratio by ESelfKey and its affiliates, and do not represent ownership interests or confer any rights to profits or revenues.

These tokens should not be purchased for speculative reasons or considered investments. By engaging with ESelfKey, you acknowledge and agree to the applicable terms and any associated risks. We recommend consulting with legal and financial professionals before participating in the ESelfKey ecosystem and related transactions.

This document may contain statements regarding future events based on current expectations. However, some risks and uncertainties could cause results to differ. The views expressed here were based on the information that may change if new information becomes available.

We use the "KYC" term here for general information purposes, without reference to particular legislation. Please check the laws relevant to you and contact us for the details.

Throughout the years, technology has transformed the way we operate as humans in society. It brought great changes to the way we work, study, communicate, and interact with one another. Furthermore, it has made these things easier, faster, and more accessible than ever before. 

We’re headed towards a digitized future, where we learn more about state-of-the-art artificial intelligence. However, the more we learn about artificial intelligence, the more it learns about us.

In this article, we will firstly discuss artificial intelligence, what it is and how we can use it to navigate the digital world. Secondly, we’ll explore the benefits and drawbacks of artificial intelligence. Lastly and most importantly, we’ll elaborate on ways to use AI-powered proof of individuality methods to keep our community’s individuality, privacy, and digital identities safe.

Highlights

• Artificial Intelligence and Humanity
• AI-Powered Proof of Individuality
• How can AI-Powered Proof of Individuality benefit us?
• How does AI-Powered Proof of Individuality work?
• AI-Powered Proof of Individuality and Selfkey

Artificial Intelligence and Humanity

Humans versus technology

The advancement in technology for the past several decades has stirred a growing debate of humans versus artificial intelligence (AI). For instance, if AI begins to take over tasks which were traditionally associated with people, what are people left with? Their sense of humanity and individual identity. 

Digitalization has impacted every aspect of our lives, making it easier for us to perform our daily tasks. Because of this, we have more or less become dependent on technology in order to operate in the online world. 

Overall, the topic of AI is quite controversial. Throughout history, humans have been cautious about accepting new technologies since the dawn of the industrial age. While technology has undoubtedly brought significant improvements to our lives, an important question remains:

Will AI ultimately be beneficial or detrimental to our well-being in the long run?

We will examine the potential advantages and disadvantages of AI in the following sections.

The benefits of Artificial Intelligence

Despite the potential risks and challenges posed by AI, there is no denying that it brings many benefits and advantages for humanity. 

Technology has filled our lives with entertainment, efficiency, and enhanced accessibility by eliminating frustrating and time-consuming tasks. Not only that, but it has made performing our daily tasks considerably easier and it has opened doors to an incredible library of information.

Let’s briefly explore some of AI’s key benefits:

• Automation. Advanced technology can program AI to do tedious, repetitive mundane jobs, so that humans can focus on more complex and creative tasks.
• Efficiency. AI has the capability to analyze a large amount of data and find patterns and trends that might be hard for humans to see. This can help individuals make better decisions.

• Accesibility. Thanks to modern technology, individuals can benefit from applications that make working, studying, and communicating remotely much easier. 
• Accuracy. Under careful supervision, AI can perform tasks with high accuracy, reducing the risk of errors and improving performance tremendously.

The dark side of Artificial Intelligence

With AI progressing at incredible speeds, technology has raised concerns about privacy and security. One of the biggest concerns nowadays is the threat of AI stealing human identities. There has been an increase in data breaches and cyberattacks, which leads to a growing need for stronger security measures to protect our personal data.

Like any other innovation, AI undoubtedly has its drawbacks, which are often overshadowed by its benefits. Basically, AI systems are designed to learn and make decisions based on data. Therefore, if the data used to train these systems is biased or incomplete, it can lead to flawed decision-making. 

We can understand the dark side of AI once we examine some of its potential risks and negative impacts:

• In the wrong hands, AI systems can be used for malicious purposes, such as cyberattacks.
• Because of this, privacy and security are major concerns when it comes to AI.
• Data breaches could result in divulging sensitive data, leading to significant consequences, like loss of privacy.
• Hackers can make use of the leaked data to steal or forge individuals’ digital identities.
• AI can generate fake identities, which can be used to influence the decision-making or output of a system.

As AI systems continue to evolve, it becomes more and more difficult to predict their actions. Consequently, we cannot hold them accountable for their faulty behavior. 

What can we do, then?

Artificial intelligence is currently not a sentient being, it cannot make its own decisions. 

It can either be used for good purposes or for malicious purposes, depending on the intentions of the individuals behind it. And, while humans are not equipped with the accuracy and efficiency of state-of-the-art technology, we can use AI to fight against malicious AI.

Thankfully, there is a method which can verify an individual’s identity in a secure, efficient and highly accurate manner. 

AI-Powered Proof of Individuality

What is Proof of Individuality?

Proof of individuality (POI) is a protocol that supports the statement that every person is a distinct and unique individual. As a matter of fact, individuality is a core aspect of human existence. It refers to the one-of-a-kind set of characteristics, thoughts, emotions and perspectives that make each person different from one another. 

While digital identities can be stolen and sold, individuality is not something which, at the moment, can be duplicated. At this time, it represents our liveliness as real, tangible, mindful beings.

Identification in modern times

Identification is an important aspect of our lives. Above all, it is unique to each and every one of us, and it represents our liveliness. Therefore, as technology makes new, magnificent progress every day, AI-Powered proof of individuality has become an essential part of our daily existence. From accessing bank accounts to opening doors, AI-Powered proof of individuality has revolutionized the way we identify ourselves.

Some of the most common AI-Powered proof of individuality methods are:

• Fingerprints
• Facial recognition
• Iris scans

These biometric identification methods are highly accurate and reliable, making them the go-to method for identification in many industries.

How can AI-Powered Proof of Individuality benefit us?

Overall, AI-Powered proof of individuality has many advantages. Particularly:

• Speed
• Accuracy
• Remote identification

Speed

• The traditional methods of identification, such as presenting a physical paper for verification can cause delays.
• Ai-Powered proof of individuality methods are much quicker. For example, using a fingerprint scanner can take only a few seconds.
• As a result, Ai-Powered proof of individuality methods are efficient in situations where time is of the essence.

Accuracy

• Biometric methods such as facial recognition and iris scans are highly accurate.
• In such a case, the chance of false positives or false negatives is minimal.
• This level of accuracy is ideal for high-security situations, such as airport security or government buildings.

Remote identification

• AI-Powered proof of individuality made it possible to identify individuals remotely.
• With the use of online identification tools, individuals can verify the authenticity of each other’s identities.
• There is no need to meet in person anymore. Therefore, physical distance is no longer an obstacle.

How does AI-Powered Proof of Individuality work?

A brief description

AI-Powered proof of individuality uses artificial intelligence to verify an individual’s identity based on their biometric features and behavior. 

As mentioned previously, biometric features are fingerprints, facial recognition, or iris scans. 

Some of the behavior patterns this technology analyzes are:

• Typing speed and style. How a person types on a keyboard, how long they pause between keystrokes, and how hard they press the keys.
• Mouse movements. How a person moves the cursor on a screen, the direction and speed of their movements.
• Voice patterns. The way a person talks, their pitch, tone and accent.
• Smartphone usage. The way a person holds or uses their smartphone, the angle of how they hold their device, or how they swipe and tap on the screen.

All in the benefit of the individual

The idea that our devices check our behavior patterns might be anxiety-inducing. Without a doubt, it can be scary thinking how technology knows us better than we know ourselves. However, in this case, AI is programmed to keep our individuality safe from malicious, bad players.

This way, organizations can improve security and prevent identity fraud. Furthermore, AI-Powered proof of individuality is more convenient to access digital services without the need for passwords or tangible identification cards. Passwords can be forgotten, stolen, or compromised.

Consequently, AI-Powered proof of individuality has the potential to positively transform how we verify our identities in the digital age.

AI-Powered Proof of Individuality and Selfkey

ESelfKey aims to offer individuals a secure means of verifying their identity through AI-Powered proof of individuality methods. 

Guidelines for users:

1. The user will first have to perform a KYC check. KYC stands for Know Your Customer, and it is a mandatory process of identifying and verifying an individual’s identity. It is done to ensure that the user is genuinely who they claim to be.
2. The user will then obtain the ESelfKey iD SBT. SBT stands for Soulbound Tokens. They are non-transferrable, verifiable, digital tokens that can show an individual’s accreditations, work experience, work history, and past records.
3. After this, the user onboards to ESelfKey DAO. DAO stands for Decentralized Autonomous Organization. It is governed by a community of individuals on a decentralized blockchain network. The rules of a DAO are transparent to all members in order to create equality between users.

The part AI plays

After the user completes all of the steps above, ESelfKey will require an AI-Powered selfie check. This modern method of verifying an individual’s identity uses facial recognition technology.

For instance, here’s what happens during an AI-Powered selfie check:

• The user will take a selfie and submit it to an AI-Powered system.
• The AI-Powered system will check the photo against a vast collection of pre-verified images.
• The system will use algorithms to identify unique facial features, like: distance between the eyes, the shape of the jawline, the position of the nose.
• If the user passes the check, they will receive a POI (proof of identity) credential, which they can stake KEY on.
• If the user does not pass the check, they will not be allowed to continue.
• In the case of a false negative, the user will have the possibility to contact support.

These AI-Powered selfie checks will be made periodically, each time a user performs important actions within the ESelfKey DAO.

How does this benefit us?

This method is widely used by online platforms and organizations that require a high level of trust and security in their user authentication process. Firstly, it is a quick, convenient, and reliable method. Secondly, and most importantly, AI-powered checks will prevent identity fraud in the online world.

For instance, AI-Powered proof of individuality will efficiently and accurately check that:

• The user’s selfie is not forged by another individual.
• The user’s selfie is not AI-generated or fake.
• The user is a real person.
• The user’s selfie matches the original selfie they submitted during the KYC check.

Anti-Sybil technology

Did you know that there is a term for “identity fraud” in the digital world? In the context of online security and identity verification, “Sybil” refers to the act of creating multiple fake identities or accounts. 

A single, malicious individual or a group can do that, with the intention of manipulating or deceiving the system. Alarmingly, it can carry out spam attacks, manipulate voting in online polls for elections, even inflate the popularity of a website or social media.

Preventing Sybil attacks is a crucial challenge in the design of many online systems. Thankfully, SelfKey’s AI-Powered proof of individuality methods can fight against that.

Conclusions

Even though technology has posed challenges throughout the decades, it has an immense potential to make society better. AI-Powered Proof of Individuality has become a part of our daily lives, helping us identify ourselves in a quick and efficient manner. The advantages modern identification methods bring are undeniable. 

In spite of that, having concerns about privacy and security is normal, especially when it comes to our individuality. However, ESelfKey is aiming to developing methods to combat those who use cutting-edge technology for malicious purposes.

Finally, as technology continues to evolve, we can expect to see even more complex methods of identification in the future. But, it is vital to remember that we are supposed to use technology to enhance our lives, our work, rather than replace them. The solution is to find a balance between technology and humanity.

If you want to learn more about what the future brings, your online safety, and methods to combat bad players on the web, subscribe to the official ESelfKey blog! 

Stay up to date with ESelfKey on Discord, Telegram, and Subscribe to the official ESelfKey Newsletter to receive new information!

Note:

To the best of our knowledge, the information contained herein is accurate as of the date stated; however, the accuracy and completeness of the information are not guaranteed, and we disclaim any duty to update the information should circumstances change. You should not rely upon the information without conducting your own validation.

This communication is for informational purposes only and does not constitute an offer to sell, a solicitation to buy, or a recommendation for any digital asset, nor does it constitute an offer to provide investment advisory or other services. No reference to any specific digital asset constitutes a recommendation to buy, sell or hold such digital asset. Nothing here shall be considered a solicitation or offer to buy or sell any security, future, option or other financial instrument or to offer or provide any investment advice or service.

SELF and KEY tokens, SBTs, and NFTs associated with the ESelfKey ecosystem have no monetary value or utility outside of the ESelfKey ecosystem, are not ascribed any price or conversion ratio by ESelfKey and its affiliates, and do not represent ownership interests or confer any rights to profits or revenues. These tokens should not be purchased for speculative reasons or considered investments. By engaging with ESelfKey, you acknowledge and agree to the applicable terms and any associated risks. We recommend consulting with legal and financial professionals before participating in the ESelfKey ecosystem and related transactions.

This document may contain statements regarding future events based on current expectations. However, some risks and uncertainties could cause results to differ. The views expressed here were based on the information that may change if new information becomes available.

We use the "KYC" term here for general information purposes, without reference to particular legislation. Please check the laws relevant to you and contact us for the details.

In this article we will cover what federated identity management is, how it works, how it compares to single sign-on, its benefits, disadvantages, and the potential applications.

What is federated identity management?

On a very basic level, federated identity management (FIM) is when multiple enterprises let subscribers use the same identification data to obtain access to the services and/or networks of all the enterprises in the group. It has aspects that are similar to single sign-on (SSO), but it is different and we will dive into that later.

With FIM, a user’s credentials are always stored by a core organization - the identity provider. When a user logs into a service, they don’t have to provide their credentials to the service provider. Instead, the service provider trusts the identity provider to validate the user’s credentials. As a result, the user never actually provides their credentials to anyone but the identity provider.

Additionally, when two or more domains or service providers become federated, all a user has to do is authenticate one. They can then access services and resources without having to perform a separate login process for each organization within the federation.

Identity federation offers both economic advantages and convenience to organizations and users alike. For example, if multiple companies can share a single application, everyone will ultimately save due to a consolidation of resources.

However, FIM involves a lot of trust and open communication between partners that choose to make use of it. Companies that are thinking about creating or joining an identity federation need to ensure that they agree upon all factors. Honest communication is a must.

How does FIM work?

Typically, a user will log into their identity provider. Once they have done that, they will initiate a login to a service provider that offers identity federation. Instead of authenticating directly with the user, the service provider requests the user’s authentication from their identity provider.

The identity provider then authorizes the user to the application or service provider, and the user is then permitted to access the service or app. As you can see, the user only needs to have their data authenticated once. 

How FIM compares to single sign-on

FIM and single sign-on (SSO) have a lot of similarities, but they are different at their core. It’s important to point out that federated identity management gives you SSO, but SSO does not necessarily give you FIM.

Single sign-on allows users to log in to multiple services using the same login credentials. You’ve definitely seen this on the internet, for instance, when you can register or login using your Facebook, Twitter, or Google account.

However, there are two things that FIM does that SSO cannot, and they make a big difference. Firstly, SSO only allows users to access multiple systems within a single organization, while FIM enables users to log into systems across different organizations. For example, you can use your Facebook account to create an Instagram account because Facebook owns both companies. With FIM, you could be part of an identity federation that includes Netflix, Hulu, and Disney+.

Secondly, FIM is far more secure than SSO. For SSO, your credentials are still being provided to any system that you are logging into. Whereas with FIM, your credentials are only given to your identity provider, no one else. 

FIM certainly relies heavily on SSO technologies to authenticate users across different websites and apps, but it has developed these technologies further. So while FIM does offer users SSO, SSO does not provide all of the same benefits that FIM does.

The benefits of FIM

Naturally, FIM offers convenience for both companies and their users, and it has a number of different applications. For example, organizations that are working together on a project can form an identity federation so that all of their users can share and access resources easily. This allows users to access all resources across domains, and also allows administrators to still control the level of access in their own domains.

Additionally, FIM eliminates the need to create new accounts for each service provider, application and domain. This means that users don’t need to remember all of their different usernames and passwords. A Dashlane study from 2015 found that the average person has 90 online accounts; imagine trying to remember all of your login data for 90 accounts. Password managers are increasing in popularity, but FIM eliminates the need for them altogether. 

Security is also increased with FIM as users only need to provide their data once to an identity provider. Far less information is being passed around, making things like data breaches far less effective. This not only makes user data safer, but also means that companies are not as vulnerable.

FIM also saves companies money. By consolidating their resources, each company is no longer responsible for individual login pages, authentication, data storage, access, et cetera. Things become far simpler for both organizations offering FIM and their users. 

The disadvantages of FIM

While FIM is generally seen as an overwhelmingly good thing, it does have some disadvantages. The first is that setting up an FIM system can be expensive initially. Small businesses and start-ups may not be able to offer FIM because doing so means they will have to modify their existing systems. 

Another challenge is that participating members of an identity federation will need to create policies and security protocols. Each member will have to adhere to these rules, which may cause problems when different companies have different rules and requirements. As we witness FIM becoming more mainstream, we may potentially see different federations competing against each other.

Since an organization can be a member of different federations, they need to follow what could be multiple sets of rules. Following these different policies and procedures may require more time and effort than many companies are aware of. 

We already mentioned that trust is really important to identity federations, and that can be a disadvantage. For example, given Facebook’s history of not caring about user data privacy, they may find that no one wants to form a federation with them. In fact, a fair amount of most major companies have experienced data breaches, which may make it hard to find someone with adequate safety procedures in place to partner with.

The potential applications of FIM

With identity management becoming an increasingly popular topic, it will be interesting to see if FIM becomes mainstream. From a user perspective, it could be a major player when it comes to protecting personal data.

When we consider how FIM could be used with decentralized identity (DID), things become even more interesting. DID means you only hand over your data to a trusted third party that handles all requests for access and identity. If DID and FIM combine, data becomes even more secure. DID keeps your identifying information safe, while FIM keeps all of your account information protected. Using both together could revolutionize data privacy for the better.

FIM can also be used for companies that are collaborating on projects together or companies that offer business to business (B2B) services. Instead of trying to share data back and forth constantly, all that is needed is an identity federation to allow access to those who need it.

Microsoft is one of the first companies to start using FIM, so it makes sense that they are also proactively working on DID as well. The US government has also shown interest, and is working on FIM research through the National Institute of Standards and Technology.

Conclusion - A safer future for all

Federated identity management offers benefits to both the general population, users, and the organizations that employ it. Things become more streamlined and safer for everyone who makes use of FIM. It will be interesting to see if major companies follow Microsoft’s lead and begin integrating it into their own systems. 

While FIM does have some disadvantages, in particular when it comes to cost and time, we think the benefits outweigh them. That being said, it would be nice to see FIM become more accessible to smaller businesses as well as major corporations. We can only hope that it becomes less time and money intensive as it becomes more mainstream. 

Data privacy and protection are a big part of technology’s future, and we think FIM has a major role to play. With 73% of people having increasing concerns over data privacy, it is vital that companies adapt to ensure both consumer protection, and their own data safety. As time goes on, hackers are only going to get better and better at what they do, and organizations of all shapes and sizes need to do their due diligence when it comes to data protection. FIM might not be the complete answer, but it is part of the solution. 

What is identity theft?

The first step in preventing identity theft is understanding what that means and being able to recognize it. Identity theft (also known as identity fraud by law enforcement) is defined as all crimes against individuals where personal and/or financial information is obtained illegally by using fraud or deception. The most common motivation for identity theft is financial gain.

Once someone steals your identity, they can do a number of things:

• Withdraw money from your bank account
• Apply for loans or credit cards under your name
• Use your health insurance to obtain medical care
• Steal your tax refund by using your Social Security number (SSN)
• Sell your information to other criminals
• Impersonate you online (also called catfishing)
• Commit criminal activities under your identity (ex. terrorist activities, murder, etc)

Identity theft is illegal in most of the world, usually punishable by jail time and/or fines. If identity theft is used to conduct criminal activity, the punishment is usually heavier. The majority of identity theft affects consumers, with the most common being credit card fraud according to the Federal Trade Commission (FTC).

Signs that your identity has been stolen

Once someone has stolen your identity, the signs are usually easy to spot. Most of us, at some point, have received a call from our bank asking about suspicious transactions, but there are other signs to look for.

• You stop receiving household bills. This can be an indicator that someone has taken your information and used it to change your billing address. If this happens, it’s best to call your utility providers and put a password on your account for any future changes.

• You are rejected for a loan or line of credit. If you have a good credit history and are suddenly rejected, this could be a sign that your identity has been compromised. Additionally, if you are approved but with higher interest rates, this can be another sign of identity theft.

• You receive bills for medical services you did not use. While identity theft for medical services is less common, it does occur. If it does happen to you, you should get in touch with the hospital that billed you for the services. Also keep an eye out for being rejected by a health insurance provider for a condition you don’t have, or your healthcare provider rejecting your claim because you have already reached your benefits limit.

• You are billed for purchases you didn’t buy. This is probably the most common form of identity theft. Most banks will give you a call if they see suspicious transactions, but you can be proactive by regularly checking your own accounts.

• Your tax return is denied. If you receive a rejection letter from the IRS (or your country’s equivalent) after filing your tax return, this could mean that someone else has filed a return under your name.

• “Test charges” show up on your credit card statements. Some criminals will make small charges, usually under $5, to make sure the card is still active. If these transactions go through, then the thief knows that they can make larger transactions.

• You receive calls from debt collectors for debt that doesn’t belong to you. This is a sure sign that someone has stolen your identity.

• You receive a notification that a company you work for or have an account with has been hacked. Usually, the company in question will let you know what steps you will need to take, or if you simply need to update your password. Either way, it’s a good idea to change your passwords anyhow and monitor your credit card transactions if necessary.
• You get a court summons in the mail. This is a result of criminal activity, and is unfortunately quite hard to disprove. If you think you may be a victim of this type of identity theft, you should contact law enforcement immediately.

If you notice any of these signs, it is important to take action immediately. There are also a number of steps you can take to prevent your identity from being stolen in the first place.

Preventing identity theft

An important first step you can take to prevent your identity from being stolen is to actively monitor your financial statements. If possible, check your bank account and credit card statements online at least once a week. If checking your statements online isn’t possible, make sure you are monitoring your monthly statements.

Another step you can take is to freeze your credit. This makes it a lot harder for someone to open a credit card or take out a loan under your name, as the bank won’t be able to run a credit check. It’s also free, and you can temporarily lift it if need be. However, it can be a bit of a nuisance as there are three separate credit bureaus you have to contact to do this in the US. You can also enroll in a credit monitoring service, such as PrivacyGuard or Credit Karma, or place a fraud alert on your credit.

Making sure you have strong, diverse passwords on all of your accounts is also key. We all know not to use passwords like “password” or “12345”, but having a strong password goes a lot further than that. Not only should you avoid personal things like pets or family names, but you should even avoid using words that are in the dictionary. If you find remembering different passwords for every account difficult, you can use a service like LastPass to generate unique passwords and safely store them for login.

How blockchain technology can help protect your identity

In recent years blockchain technology has built a reputation for providing an unbreakable and un-hackable payments infrastructure. If you're not aware of how a blockchain works, it typically goes like this:

1. Alice wants to send money to Bob - so she performs a transaction
2. The transaction is timestamped and recorded on a digital ledger
3. Once a certain number of transactions have been performed, they are collected in a "block" and cryptographically linked to the previous block of transactions - called a confirmation.

In order to alter her transaction, Alice would need to break the cryptographic hash of each of the blocks that have been added since. Given the complexity of the hashing algorithm and the resource-intensive nature of hacking this kind of infrastructure, this rarely makes economic sense. In short blockchain technology is set up in such a way as to make hacking it both technically difficult and uneconomical.

Given these impressive features, the question becomes: how can we utilize the secure and distributed nature of the blockchain to protect individuals from identity theft.

Well, since 2017, the ESelfKey Foundation has been building an end-to-end identity management solution utilizing the Ethereum blockchain. This ecosystem will allow individuals and corporations to authenticate themselves online while minimizing the amount of personal information that needs to be shared.

As a simplified example, imagine going to the liquor store and having to show your driver's license to prove that you are of legal drinking age. The liquor store is legally compelled to ensure that you are of legal drinking age, but typical forms of ID contain much more information than is necessary at this junction. A US driver's licence for example contains:

• The full legal name
• Date of birth
• Photo
• Current residence
• Height
• Weight
• Gender
• Eye color
• Hair color
• Signature
• Document number

You can be sure that, in an online environment, all this information is stored and will be leaked in the case of a data breach.

But now imagine the same situation, but instead of an ID you show a notarized certificate simply showing a facial imagine and the sentence: "We, NAME OF NOTARY, hereby confirm that John Doe is of legal drinking age."

In this second scenario, you can see a simplified example of how the ESelfKey ecosystem will use certifiers in order provide evidence but not information. In the case of a breach or a hack, no valuable information would be shared. All a hacker might know is that there is a man called John Doe and he's over the age of 21.

Then you combine this approach with the security and transparency of the blockchain, alongside decentralized identifiers, and you start having a strong identity management system that improves on the current system in many important ways.

Conclusion - How to protect yourself from identity theft

Unfortunately, identity theft is a problem that is not likely to disappear anytime soon and often, we only realize that our identity has been compromised once it is too late. There needs to be a shift in public thinking to be far more proactive in preventing identity theft. Stronger passwords, credit monitoring, and fraud alerts are all good actions to take, but they don’t ultimately solve some of the bigger problems.

It’s become a worryingly frequent occurrence for companies to be hacked, and there are plenty of opportunities for malicious actors to get a hold of your data. Most of us are in the bad habit of not reading the terms and conditions, and privacy policy of every website we sign-up to. We are often giving away a lot of our personal information and may not even realize it.

The time has come for us to take back control of our identity instead of waiting for companies, organizations, and government bodies to lose it. Self-sovereign identity is a very real possibility in the future, but the general population has to make the shift. More awareness needs to be put in place, and we need better solutions that actively prevent identity theft. Your identity is the one thing that should belong exclusively to you, let’s put the power back in your hands and let you decide who gets access to what information.

Download the ESelfKey Identity Wallet and take the first step towards protecting yourself from identity theft.

At the same time, we have less and less privacy. Our data is mined, bought and sold to advertisers on platforms such as Facebook on a daily basis. But just as technology has turned our data into a commodity - a new, privacy centric model is emerging.

Decentralized Identifiers (DIDs) represent an exciting new breakthrough in the field of identity management. They can be thought of as a vital component in a new layer of decentralized identity, which employs cryptography and public key infrastructure to provide a much better way of using the internet.

DIDs are exciting because they represent a tool that can provide us with the power to control our digital identity without the need for a central authority.

To clearly understand this point, let’s take a quick look at how identity management works today and the ways in which the current system is broken. After developing a base understanding of the core concepts surrounding DIDs, we can discuss in more detail exactly how DIDs can be used to solve many of the most pertinent issues surrounding identity management today.

What is Identity Management?

Identity management is rarely taught in a formal setting. Instead, we develop an identity over the course of our lives and begin managing that identity through formal documentation. Life experience teaches us when to carry our passport for example, and we quickly learn about the hassle of replacing lost or stolen identification documents.

As a result, we store our physical IDs in a safe place and make sure to renew them on time - while of course paying the required fees to the centralized issuing authorities. Up until about 25 years ago, this approach to identity management was completely sufficient.  Business transactions were primarily done in person, so it was just a matter of passing your documents over the counter in most cases. Now in 2019, that simply isn’t the reality anymore and the old system is no longer fit for the purpose.

With the advent of the Internet, we’ve had to start thinking about how we manage our digital identity. This concept encompasses every piece of personal data about us available online. The internet has become such an integral part of our lives that the large majority of us now has a rich and detailed online profile.

This has been caused by increasing international regulation which forces companies of all sizes to identify their customers - often requiring copies of IDs or Passports - before doing business.

But there’s a problem: these documents are physical and not designed to be shared electronically - and the attributed and identity claims of the documents cannot be shared individually (in order to prove your nationality, you must send a passport scan (with details such as date of birth and passport number) instead of *just* proof of your nationality.

This is kryptonite for thoughtful and secure identity management.

Let’s look at the failure of current identity management in more detail.

How is modern identity management failing?

1. Businesses lack the resources to safeguard our information

In the fight against money laundering and terrorist financing, regulators force businesses to store highly personal user information. Naturally, most businesses do not have the resources to adequately safeguard our information.

Furthermore, this imposes huge costs on businesses and enormous pain on consumers, but the bad guys end up winning!

For hackers, the prospect of vast amounts of personal data stored in a centralized infrastructure is an attractive proposition. Centralized databases are the default architecture for web platforms - but when breached, represent an enormous prize.

After a breach, the data is then sold off to the highest bidder. In January 2019, renowned security expert Troy Hunt revealed that a “record-breaking collection” comprising 773 million personal records was being sold off on a popular hacker forum.

This example helps to illustrate that - in the internet age - our identity can be stolen without the need for malicious actors to enter our homes or steal the physical copies of our documents. Instead, we risk identity theft whenever we open a new online account.

Here are the ten biggest data breaches of 2018, which help to illustrate the danger:

• Aadhar – 1.1 billion
• Marriott Starwood Hotels – 500 million
• Exactis – 340 million
• MyFitnessPal – 150 million
• Quora – 100 million
• MyHeritage – 92 million
• Cambridge Analytica – 87 million
• Google+ – 52.5 million
• Chegg – 40 million
• Facebook – 29 million

According to Experian, 31% of all data breach victims later experience identity theft. That’s a staggering amount and it testifies to the fact that modern identity management is indeed broken. If the system worked, we could expect to never suffer identity theft. Instead, 60 million Americans have suffered identity theft as of 2018.

2. Current implementations of Identity Management systems rely on a centralized infrastructure

Depending on where you live and where you want to travel, even your infant may need to possess a valid passport. As we grow older, we typically receive a driver’s license, social security number, and insurance cards as well. When we apply to rent our first flat or open our first bank account, we begin to realise that these identification documents play a vital role in our adult lives.

Indeed, they represent an intrinsic part of our personal identity, a concept treated as a basic human right in international law. Therefore, to participate in a functioning society we are required to apply, pay for, receive, maintain and carry with us, centrally issued documents verifying our personal information. Many countries have even introduced laws that require citizens to identify themselves on demand, de facto requiring the possession of identification documents at all times.

Worryingly, this gives governments a huge amount of power over us as individuals. If your government rescinds your passport or is too inefficient to supply a new one, you are excluded from many vital services. Despite this obvious shortcoming, we’ve had to accept this as a necessary evil.

Until 2008, there simply wasn’t a good way of achieving consensus and recording an accurate history in an immutable way without relying on a central authority. However, with the introduction of blockchain technology that premise can be dismissed.

Blockchain is already causing a paradigm shift and many platforms - like SelfKey - are using its power to fundamentally change the way we manage our identity.

3. It requires the oversharing of personal information

Have you ever noticed how identity verification always requires you to share more data than is necessary? In its simplest form, you can imagine buying alcohol and being asked to show your ID.

In this case the relevant information is:

• Photo - to verify that the document correlates with the person making the purchase
• Date of birth - to verify that the customer is of legal drinking age

These two data points should be completely sufficient in order to purchase alcohol. The reality,  however, is that we need to hand over our ID, Passport or Driver’s License, which contains much more information than that.

Below, you can see a typical US Driver’s License which details:

1. The full legal name
2. Date of birth
3. Photo
4. Current residence
5. Height
6. Weight
7. Gender
8. Eye color
9. Hair color
10. Signature
11. Document number

Now you might be thinking: “What are the chances that the person selling alcohol over the counter is recording all this information?”

In an online environment the likelihood is 100%. Businesses are required to record the information you provide during the identification procedure for KYC and AML purposes.

This is where the big problem arises.

When a hacker breaches a centralized database  then he often gains access to all the customer data - including your personal data. Given the extensive information available on your driver’s license, it now becomes much easier to steal your identity. This is one of the reasons why identity theft is one of the fastest growing crimes in the world.

In order to counter this, we need an overhaul of modern identity management systems.

What are Decentralized Identifiers?

At a high level, DIDs utilize the innovations of blockchain technology and allow you to create and manage a resolvable identifier. That identifier can then help prove your identity online.

Additionally, you can think of a DID as always having these four characteristics. It is:

1. Persistent
2. Globally resolvable
3. Cryptographically verifiable
4. Decentralized

Importantly, you create your DID and retain full ownership and control of it. This means that nobody can access it without your permission, and it cannot be rescinded by a central authority. This is just one important aspect, but many more exist. DIDs also aim to provide:

• Decentralization - DIDs should eliminate the need for centralized authorities or single points of failure in identity management. Instead, the individual should have full control over his identifier which can be powered by an open and decentralized network of nodes.
• Self-Sovereignty - DIDs should give individuals and organizations the power to own and control their digital identifiers. The reliance on central authorities should be broken.
• Privacy & Security - DIDs should improve the level of privacy and security that users enjoy online. They should assist with the ability to selectively disclose data that is associated with your DID and help users manage private keys as well as authentication mechanisms.
• Interoperability - DIDs should work across blockchains, software libraries and mainstream protocols.
• Simplicity - DIDs can assist in providing a user friendly experience by managing authentication mechanisms including key verification that can eliminate the need for a password.

With these goals in mind, let’s take a closer look at how DIDs work.

How does a DID work?

From a technical perspective, a DID is a string which contains several attributes that can uniquely define a person, organization or object. As you would expect, it uses cryptography and key pairs to secure information and handle permissions.

From a user perspective, the use of a DID to access service providers would involve three parties:

1. An Identity Owner - the individual aiming to prove his or her identity
2. A Claims Issuer - a third party authorized to verify credentials (like a notary or justice of the peace)
3. The Relying Party - the service provider accepting the issued claim

The identification process might look like this:

1. User creates DID
2. A claim issuer (could be a Certifier) issues a claim to that DID
   1. A claim object is created and shared privately to the Identity Owner
   2. A Hash of the claim object is stored on-chain
3. The identity owner shares the DID with the Relying Party
4. The relying party resolves the DID and retrieves the necessary claims
   1. This could require a request of the explicit claim object, or a check against the on-chain hash might suffice, depending on the case.
5. The user is accepted and can access the service provided by the relying party

As you can see the flow of this identity transaction broadly follows that of existing identity systems.

The key difference is that DIDs are not issued and controlled by centralized authorities but instead remain under the control of the individual.

What does a DID look like?

In the wild, a DID looks like this:

Let’s break it into three important parts:

• Scheme - The scheme specifies how the DID is constructed. The "grammar" that corresponds to a DID according to some specific method (different DID platforms might define different methods with their own scheme and specs). Importantly, a DID is a form of URI or Universal Resource Identifier (a URL is another type of URI, for example). So, the scheme is part of the method specs and defines how a DID looks. In our case, we append our method name ("key"), followed by a colon and a 32 byte hexadecimal value.So, for example, a ESelfKey DID looks like this:

did:selfkey:0x69fbd1076c1c57471c69d79cd13b0b85396b01a890c7435ddac42cf2a77fca9a

• Method - A DID method refers to the particular platform that provides the DID functionality. Our method, besides specifying the particular scheme in the previous example, also defines the basic operations for DIDs (creation, removal, update and deletion). All of these among other details are defined in a Method specs document. All DID methods should follow the generic DID specs as defined by the W3C Credentials Community Group.
• DID Method Specification - is a document, encompassing all the aspects of a DID method (including its scheme).

Why should you care about Decentralized Identifiers?

DIDs introduce a number of important innovations to modern identity management. But why should you care?

Here’s why.

1. DIDs allow you to own and control your digital identity

In the 15th century, King Henry V issued the first official passport. In the 600 years that followed, governments around the world took control over large parts of our personal identity. We take it for granted that bureaucrats issue, renew and revoke vital identification documents, without which we cannot participate in modern society.

In the digital sphere our identity is managed by the plethora of platforms which house our online accounts. Whenever you sign up for a new service, that company now de facto owns a significant part of your digital identity. This is amplified when you use Facebook or Gmail to access online services. In these cases you have no control or insight into how much data is shared and what is done with it. In order to participate online, you have to give up control over your personal data.

Decentralized Identifiers have the power to change that. For the first time, we can manage our own credentials and create a permanent cryptographically verifiable record of our own identity.

Within the framework of identity management this concept is called self-sovereign identity (SSID). In SSID systems, you control your digital identity, composed of DID’s and verified credentials. This allows you to create, update, or destroy the DID at any point!

There is no need to stand in line in some government building. You do not need to pay a fee to have it renewed. It cannot be taken away from you. It’s fully under your control, at all times.

You truly own your identity. You control your destiny, and as you’ll see in the next point - you are much safer as a result.

2. DIDs enable decentralized identity management

DIDs utilize blockchain technology to provide a decentralized identity management layer. The Ethereum blockchain for example, is a global and immutable database on which anyone can store information. Importantly Ethereum allows for turing complete smart contracts that (specific to identity) enable you to create, update, or destroy your identity, as well as manage keys.

Decentralized identity systems harness these capabilities and leverage them to secure and decentralize our digital identity. As a result, we remove the power of centralized authorities and corporations to manage our identity. Instead, we regain control over our data and are in full control over who has our data, when and from where they access it, and for what purpose. A far cry from the ID management of the past.

3. DIDs enable lightning fast registration

Even if you’re not concerned with privacy and security, DIDs pose an exciting development, because they enable lightning fast registrations.

The average adult has over 90 online accounts so we all know the pain of registering for a service. Tedious identification procedures, customer support tickets and forgotten passwords are just a few of the hallmarks of our current ID systems.

When signing up for a financial service it’s now common to complete a rigorous identification procedure. Depending on where you are located this may include your:

1. Email address
2. Personal details
3. Address
4. Passport/ID scan
5. Proof of address (Utility bills for example)
6. Live video identification
7. Sanctions screening

Not only is this invasive of our privacy but it’s also time-intensive. In a world where we can communicate with people all over the world in seconds, why does it take so long do register for an online service?

DIDs offer a solution for this. More specifically, your Decentralized Identifier can contain the information service providers need in order to accept you on to their platform. So instead of a lengthy registration period, you could access service providers with the click of a button.

4. DIDs open the door for Verifiable Claims

Verifiable Claims are another fascinating breakthrough in the world of identity management. In the example provided above, we discussed how invasive a regular identification is - for a purchase as mundane as alcohol.

It should be possible to prove certain aspects about ourselves without having to share precise information. The significant oversharing of data is something that Verifiable Claims - with the help of DIDs - allow us to eradicate.

In order for this to work we need three parties:

1. The identity owner - the person buying the alcohol (you)
2. The claims issuer - a third party authorized to verify credentials (like a notary or justice of the peace)
3. The relying party - the liquor store (the service provider accepting the issued claim)

Together these parties have the power to make informed decisions while respecting the privacy of the individual. As an example, you could imagine a notarized document that contains a picture of the individual and verifies a relevant claim: “FULL NAME is above the age of 21”.

If the liquor store accepts the legitimacy of the claims issuer, then it now has all the required information to sell alcohol to the individual. In a nutshell, that’s how Verified Claims work.

Decentralized Identifiers allow us to easily store, manage and submit verified claims. Even more impressively, the interoperability of DIDs would allow individuals and organizations to prove their identity across (almost) all blockchains, software providers and web apps.

Conclusion - What does the future hold?

Decentralized Identifiers clearly have a huge amount of potential and are already changing the way we think about our digital identity.

At ESelfKey we are leveraging new breakthroughs to improve the privacy and security of our community. The ESelfKey Wallet takes a first important step towards self-sovereign identity, allowing you to manage your identity documents securely on your local device.

With the launch of the Incorporations category of the ESelfKey Marketplace, we’ve taken another significant step by developing a platform that provides easy access to an array of service providers and a vastly improved onboarding experience by using your ESelfKey ID to directly submit data and documents without requiring a 3rd party platform.

The ESelfKey Foundation has always been open source and we carry that philosophy with us. As a result, we will be publishing our own public DID method and specifications and will continue to contribute to the many positive developments in the digital identity ecosystem.

Would you like to learn more? Join us on Join us on Telegram and download the free ESelfKey Wallet. Thanks for reading.

Despite the subject matter however, identity management is an increasingly important subject. 2017 saw a record number of data breaches and cases of identity theft, meaning most of us have experienced some failure in our identity management.

To illustrate how big the problem has become, let’s looks at some of the eye-watering statistics around identity management.

Statistics about account security

1. An 8-character password with upper and lower case letters, as well as numbers and symbols has 6,095,689,385,410,816 possible combinations — DigiCert
2. 35% of users still use weak passwords (meaning they contain less than 10 digits and a word) — Preempt
3. Only 10% of Google accounts use 2-Factor Authentication — Usenix Enigma
4. Only 12% of Americans use password managers — Pew Research Center
5. The most commonly used password is: 123456 — DigiCert
6. 73% of users have the same password for multiple sites — DigiCert
7. 33% of people use the same password every time — DigiCert

Statistics about data breaches

1. There were 1,579 data breaches in 2017 — The Identity Theft Resource Center
2. Last year 179 million records were exposed due to data breaches. In 2018, it’s well above 1 billion — Information is Beautiful
3. Facebook, Google, Amazon and Apple have all experienced data breaches — Sources linked
4. 31% of data breach victims later experience identity theft — Experian
5. 1.6 billion records have been exposed since 2005 — The Identity Theft Resource Center
6. The number of data breaches increased from 1,091 in 2016 to 1,579 in 2017 — The Identity Theft Resource Center

Statistics about identity theft

1. There is a new victim of identity theft every 2 seconds in the United States — Clark
2. 14.2 million credit card numbers and 158 million social security numbers were exposed in 2017 — Experian
3. 13.8% of all consumer complaints came as the result of identity theft — Consumer Sentinel Network Report
4. Credit card fraud was the most common form of identity theft in 2017 — Experian
5. In 2017, consumers reported more than $900 million in total fraud losses — Experian

A failure in identity management often results in identity theft, the impact of which goes far beyond economics.

The emotional impact of identity theft

1. 85% of victims felt worried, angry and frustrated
2. 83% of victims felt violated
3. 69% of victims felt they could no longer trust others and felt unsafe
4. 67% of victims felt a sense of powerlessness or helplessness
5. 59% of victims felt sad or depressed
6. 55% of victims felt betrayed

Source: The Identity Theft Resource Center — The Aftermath: The Non-Economic Impacts of Identity Theft

The physical impact of identity theft

1. 84% of victims reported issues with their sleep habits
2. 77% of victims reported increased stress levels
3. 63% of victims reported problems with their concentration
4. 56% of victims reported persistent aches, pains, headaches and or cramps
5. 54% of victims reported increased fatigue
6. 50% of victims reported that they had lost interest in activities they once enjoyed

Source: The Identity Theft Resource Center — The Aftermath: The Non-Economic Impacts of Identity Theft

With these shocking statistics in mind, it’s easy to see why we need to start taking identity management much more seriously. Data breaches, identity theft and many other failures in identity management are on the rise, and we need to start protecting ourselves. Check out the ESelfKey Identity Wallet to learn more.

Luckily a solution is already at hand.

The invention of blockchain technology by Satoshi Nakamoto heralded a new wave of innovation from individuals and companies able to see its huge potential. In a world constantly undergoing rapid and fundamental change, the opportunities provided by a decentralized, trustless ledger are still awe-inspiring.

In this blog post we will discuss how your identity is managed today, and why identity management is one of the most compelling use-cases for blockchain technology. But before we get into that, let’s take a step back and explain what a blockchain really is.

What is a blockchain?

In its simplest form, a blockchain is a digital record of transactions performed with its native token. That’s it! Pretty simple right?

The cool part, is that this record is incorruptible and decentralized. This means nobody can feasibly change it to their benefit, and it stands as a true version of history.

Additionally, it allows for transactions to be performed with (mostly) minimal fees. Anyone who has ever made an international wire transfer for example, will know the sting of paying a $20 fee on a $100 transfer. Using bitcoin or most other blockchain-powered cryptocurrencies, you only pay a fraction of those fees.

The final significant advantage of blockchain v1.0 is that all transactions are public. Of course, the blockchain doesn’t broadcast your name to the world, but instead only your public wallet address.

The great benefit of this approach, is that there can be a much higher level of accountability. If you think of your local government, it is impossible to tell where and how your taxes are being spent. Using blockchain technology, literally every expense would be publicly visible, significantly improving our ability to hold the state accountable.

Clearly blockchain technology in this simple form already has a whole host of advantages that make it a compelling innovation, and one of the most important of the 21st century.

At this point you might be wondering, how an incorruptible and public record of transactions can help you manage your identity.

Well, in 2015 Vitalik Buterin et al. launched Ethereum introducing blockchain v2.0.

What is blockchain v2.0?

Born in 1994, Vitalik Buterin has already established himself as one of the luminaries of the blockchain space. Along with a number of visionary developers, Buterin managed to take bitcoin’s blockchain and make it smart.

More specifically, they re-built the blockchain, making it turing-complete and allowing developers to build applications on top of it. As a result, Ethereum not only has smart contract functionality, but enables the creation of proprietary ERC20 tokens. KEY – ESelfKey’s native utility token – is an ERC20 asset for example.

Ethereum and other smart platforms like Lisk and Cardano, open up a whole world of new possibilities. Identity management is a prime example of that.

Identity management on the blockchain

The need for a blockchain based identity management system is particularly noticeable in the internet age. 4.5 billion records have already been exposed in 2018, and new data breaches seem to be announced on a daily basis. Facebook, Google, and Amazon are three multi-billion dollar companies that have failed to keep vast amounts of customer data safe in 2018.

Even if corporations manage to keep our data safe, we still lose ownership over our identity. Despite the internet becoming an intrinsic part of human daily life, there is no adequate way of sharing our data without it being misused. Indeed, due dates, voice recordings, and passport numbers are just a few of the data points which are often collected and made available for the sole purpose of driving additional revenue.

Clearly our current approach to identity management is broken. Instead, a blockchain-based digital identity solution could focus on three key challenges: security, privacy and usability.

Our current solutions to these challenges are imperfect at best. Establishing a digital identity in 2018 still relies on identity documents, driver’s licenses, and even passports. As a result, people who have lost their documents due to war, or natural disaster often find themselves unable to secure even the most basic necessities. The pioneering work done in Jordan is certainly a step in the right direction, but there is still a lot of room for growth.

As of today, there is still no adequate system for securing either online authentication of our personal identities or of our digital identities. Blockchain technology may offer a way to solve this problem without the need for a trusted, central authority. More specifically, individuals and businesses could store and authenticate their identity on the blockchain, giving them greater control over who has their personal information and how they access it.

By using a decentralized, open-source blockchain and combining it with an identity management, we could create a digital ID, which would act as an incorruptible watermark. This watermark could be used to verify an identity for any transaction in real time.

Once such a digital ID has been created, it could be used to verify an identity for any service, dispensing with the need for clumsy and unreliable password/email combinations.

How is an identity typically verified?

An identity is verified by performing an identity transaction. This typically involves three parties. The first is the person or business being identified (IO). Next, we have the identity Claim Issuer (CI), and finally there is the third party.

The identity transaction begins with the identity owner making a claim, such as “my name is Michael Scott”. The CI then checks the claim and provides an attestation to the third party. The third party can then use that information to provide or deny access to its services.

In this setup, all three parties have to struggle with the paper driven and centralized system of identity management.

Additionally, the identity owner gives up his personal data and effectively loses ownership. A classic example of this came in 2013, when it became known that an identity thief was paying the credit reporting agency Experian thousands of dollars a month to access the information of over 200 million people. The thief then resold the personal data to the highest bidder.

Worryingly, businesses operating unethically is not even the biggest threat to your digital identity. Instead, we really have to worry about data storage systems which rely on poorly protected, centralized servers holding millions of data points. These are to hackers what lights are to moths. The more data is being stored, the more attractive it becomes as a target for malicious actors. Once under attack, most businesses suffer a breach and the identity owner becomes vulnerable to identity theft.

The way we do things now is clearly broken. What is the solution?

Own, store and share your data securely

Our idea is simple: that you alone can control and manage your digital identity – a concept known as Self-Sovereign IDentity (SSID). The ESelfKey White Paper goes into great detail, but for this blog post it suffices to say that this approach is our best chance at tackling the three key challenges outlined earlier: security, privacy and usability.

This is achieved by combining blockchain technology and an identity management solution like ESelfKey. More specifically, the ESelfKey Identity Wallet can be used to create a ESelfKey ID – an encrypted, digital watermark attached to your identity. The Wallet and your ID are stored on your local device, meaning that even if ESelfKey’s database was breached, Wallet users would be completely unaffected.

Instead of storing your digital identity on a centralized server, it is stored on the Ethereum blockchain and only you control the private key to access your information. Nobody else is able to see or access data without your permission.

Not only does this give you an unprecedented level of control over your data, but it also removes the need for time-intensive identity verification. Instead, once the ESelfKey ecosystem is complete, you will be able to register and login to services with the click of a button without losing control of your digital identity.

You can download the wallet and create your ESelfKey ID for free. Try it here.