Murphy’s law says, “Anything that can go wrong will go wrong.” This always happens with centralized services. A year ago we saw how Half a million Facebook accounts were leaked online and revealed personal information. We will see many times more with other services. The recent Twitter hacking underlines this again. The reports of Elon Musk, Bill Gates, Jeff Bezos, Kanye West, Kim Kardashian, Mike Bloomberg, Joe Biden and Barack Obama have been hacked to conduct a fraudulent offer with Bitcoin (BTC).
Writing for the BBC, Cyber security commentator Joe Tidy said: “The fact that so many different users have been compromised at the same time implies that this is a problem with the Twitter platform itself.” T.All accounts were vulnerable. For hackers, it was just a matter of choice: using celebrities is best to “support” fraud.
The problem is that even If Twitter or another service with a similar architecture continues to build cyber security walls around your system, it will be more complicated and expensive, but not secure. The current paradigm of central services It cannot offer a more secure solution for user authentication.
I wrote recently on new technologies for protecting data and digital identity using the example of Australia and European experience; and about the way that public key certificates with blockchain technology could be protected against distributed denial of service and man-in-the-middle attacks. Although my analysis was pretty Technically and comprehensively, it might be better to take a step back and examine some general but relevant details that could improve data protection.
Catch sight of Here are some terms you can use when you ask your service provider, online store, or government if they protect your personal information:
- Decentralized identifiers, or DID, is a general framework of the W3C with Different methods for decentralized creation and management of personal identifiers. In other words, lOnline service developers do not have to create anything new if they want to exploit the potential of decentralized technologies. You can use these methods and protocols.
- The selective disclosure protocol, or SDP, that was featured last year in the EOS Hackathon from the Vareger co-founder, Mykhailo Tiutin, and your team, It is a decentralized method of storing personal data (using DIDs) with cryptographic protection in a blockchain. DIDs allow the user to view carefully selected information in a particular transaction.
- The self-confident identity, o SSI is a concept that, in simple terms, enables users to be the sovereign owners of their personal data and identity and not third parties. This means that you can save personal information on your device, not on Twitter’s server or anyone else’s. To show Think about the value of the SSI concept: it’s easier to hack a central system that stores millions of accounts than hack millions of personal devices. But the problem it is much deeper. If we ever stand in front of you The digital dictatorship, at the root of this problem, will be the lack of the right to control and prohibit third parties (including the government) from storing and operating your personal information. The terrible experiment with the Uighurs in China is an example of this. Citizens do not have the legal right to say no to the government that collects their personal information. NaturallyThe Chinese government has created accounts without their consent to maintain records of inappropriate behavior.
To put things in perspective, We come to a hypothetical situation.
Use case: Alice and her digital identity
Alice generates her crypto pair: a private and a public key. The private key encrypts the transactions using a digital signature. The public key decrypts them. The public key is used to check if Alice has signed in, signed the contract, signed the blockchain transaction, etc.
To protect the private key, save it on a secure hardware device with PIN protection, e.g. B. on a smart card, a USB authentication token or a hardware cryptocurrency wallet. However, a cryptocurrency address is a representation of a public key, which means Alice can use it like your coin and purse.
Although the public key is anonymous, you can also create a verified digital identity. You can ask Bob to confirm your identity. Bob is a certification body. Alice will visit Bob and show him his ID. Bob creates a certificate and publishes it on a blockchain. “Certificate” is a file that tells the public: “Alice’s public key is valid.” Bob will not publish it to his server in the same way as other traditional certification authorities. If youIf a central server is ever deactivated by a DDoS attack, no one can confirm whether Alice’s digital identity is valid or not. What could i do? someone steals your certificate and forges your identity. This It would be impossible if the certificate, or at least its hash sum, were published in the chain.
With a verified ID, you can carry out official transactions, such as registering a company. If Alice is an entrepreneur, she can publish her contacts like a phone number. Using a blockchain is a safer option because a hacker can log in to an account when posting the data on social media and replace it to redirect calls to another number. None of this would be possible in a blockchain.
Yes Alice goes to a liquor store, she can use her verified DID. The seller Dave uses his app to check and confirm Alice’s DID instead of her paper ID. Alice You don’t have to reveal your name and date of birth. She will share with you Dave’s app his identifier, that Bob has certified Your photo and a statement “over 21 years”. Dave trusts this record because Bob is a certification authority.
Alice can create multiple pseudonyms for online shopping, social media, and cryptocurrency exchange. If he loses his private key, he will ask Bob to update his blockchain record to announce that “Alice’s public key is invalid.” So if someone stole it Anyone who interacts with your public key knows that you shouldn’t believe transactions with that key.
Naturally, This is a simplified scenario, but not unrealistic. In addition, some of these processes already exist. For example, the Estonian electronic residence card is nothing more than a chip card with the user’s private key. With this card you can register a company in Estonia remotely or even sign contracts. Be integrated into a larger market Estonian digital signatures are recognized across the European Union. Unfortunately, their governments still don’t protect blockchain certificates.
Knowledge is power. Users should know that their cybersecurity isn’t just in their hands, as you may say. The giants of software and social media should make the change to improve security standards, and users should demand it.
The views, thoughts and opinions expressed here are solely those of the author and do not necessarily reflect or represent the views and opinions of Cointelegraph.