tangle-labs-1

The Traces We Leave Behind

Share This Post

Digital Identities on the Web

by DanieKrie

Very few people really understand the concept of Self-Sovereign Identity. The technology is still in its infancy, and some enterprising individuals are pioneering its real-world adoption right now. What is necessary to understand here, though, is that it’s founded on something called Decentralised Identifiers (DIDs). What DIDs do is challenge our digital existence as we know it — providing an unprecedented private and secure way of leading our lives in the digital age. In contrast with the scientific excitement and cutting-edge research happening around it, a DID by itself looks rather inconspicuous: it is just a character string. Yet, its cryptographically generated keys contain all the power necessary to secure all aspects of your digital identity.

To properly understand the problem that the approach of DIDs and Self-Sovereign Identity is trying to solve, we first need to understand the current handling of our digital identities.

The Challenges We Face

In today’s internet, or the so-called Web 2.0, our simplest digital representation is the login credential: we use them all the time on the Internet to identify ourselves as users on a myriad of websites and platforms. We usually verify our identity using an email address, occasionally an optional username, and the mandatory password. Since almost every service on the internet now requires such an identity check, major identity providers such as Facebook, Google, and Apple offer their personal verification service. By logging in as a user of one of these major platforms, we can avoid the hassle of creating yet another account for each web service.

From the user’s point of view, this sounds simple and practical: There is no need to remember countless login credentials, add secure (or convoluted) passwords, and manage them via password managers. Even better, once logged in, we can usually log in seamlessly to other sites (that also use this Single-Sign-On service) without further verification.

The silent price being paid here is our privacy, our data as indeed nothing is free in the world of centralised (identity) providers. The growing number of users who use such centralised services on the web indicates that a lot of people are unaware of the implications, or that they simply don’t care – no direct damage can be felt: what can someone like Facebook do with the data, for example? We should think about this, though. When you create a social-media account, you also agree to your user data being passed on to third-parties, that is, monetized and sold to advertisers or other bidders. The incredible concentration of personal data on all social, economic, and behavioural topics makes this information pool incredibly attractive to certain parties. Authoritarian regimes, including their intelligence services and police forces, scammers and cyber micreants of all tropes, and even criminal or terrorist organisations can often find such centralised data sets quite invaluable.

Another problem for users of such services is that their traces on the internet can be tracked easily and reconstructed into paths, up to complete movement profiles. Since all data can now be linked to a specific profile, Google, for example, knows what you bought in a web store, which vacation destinations interest you and which articles you read on your favourite news portal. The fact that these services are generally free of charge is due to the fact that we actually pay for them with our data. It is possible to draw concrete conclusions about a real person with the help of the available data. Our choices, beliefs, and behaviour are no longer private.

Certain services on the Internet also require unique authentication of the real person; an e-mail address alone is not sufficient for this. This is necessary, for example, if we want to apply for insurance online or if an age confirmation is required to comply with the law for the protection of minors. To do this, we must prove our real identity, which is then linked to our digital identity. Because our sensitive and personal data is being processed here, we would want the utmost protection and security. However, when this information is transmitted to a company or institution,we have no control over how our sensitive data is stored and secured there. Nevertheless, we cannot completely avoid sharing our identity and identifiable details online. The digital networking of society is unstoppable and the use of online services is becoming a daily occurrence. We need an easy way to identify oneself on the web, while preserving our privacy and also the security of our data.

So what can SSI do to enable simple and secure identification, while avoiding the pitfalls associated with current methods?

No central repository of personal data and no link between one’s identity and the data traces one has left behind – these are cornerstones of the identity mechanism that’s possible via DIDs. The concept of such a decentralised identity is what we refer to as Self-Sovereign Identity (SSI). The idea behind it is already in the name. In such a framework, I as a person regain control over my identity and the data associated with it. Decentralised Identifiers (DIDs) are currently emerging as a platform-independent standard for SSI.

The Holder of the Identity creates DIDs for every needed purpose; each identity refers to the subject but does not reveal any personal data. A DID does not contain information about an individual identity, it is just an identifier. So-called verifiable credentials (VCs) are used to prove whether certain information about the holder is valid. These VCs can be seen as statements from one entity about another, for example the statement that an identity belongs to a specific user.

The most important aspect of a decentralised identity is to separate the different components of an Identity and Access Management (IAM). In this way, critical data can be secured during access and the identity of the user can still be verified. A special form of data storage, called Distributed Ledger Technology (DLT) can be used for this. In contrast to centrally controlled databases, which run via a specific server and are dependent on it, the data in the DLT is stored in a distributed manner. A Distributed Ledger also brings maximum security inherently, because it relies on cryptography. Each new piece of information is cryptographically signed by a private key that remains under the user’s control to provide proof of integrity of data.

A DLT seems to be the ideal infrastructure for a distributed and secure Identity and Access Management system with the main components being user accounts and their access rights. The components can be assigned to different actors. The owner of the data (Holder) can control their data and decide how much of it they want to disclose, and for what purpose. A trusted Entity (Issuer) can verify individual documents or certificates (e.g.  university diploma) and issue permissions on them and transmit them to the owner, the actual Personally Identifiable Information is never on the ledger. A third party (Verifier) in turn verifies the owner of these credentials as the person he claims to be.

alt
The shift in control of moving from a centralised identity model to a Self-Sovereign Model.

Federated Identity Model: The identity holders (e.g. users) cannot provide their data themselves. The identification is usually carried out by a third party. An issuer (e.g. government) must confirm the identity to the Verifier (e.g. Service Provider) directly or through an identity verification service.

Self-Sovereign Identity Model: The Issuer (e.g. the government) issues credentials to their DID and Verifiers by submitting a challenge, which the DID Holder has to prove. The holder’s wallet securely stores a key, which can prove ownership of the DID, that is stored in the DLT along with the DID document. The Holder (e.g. user) sends the required identity information to the Service Provider and proves these credentials by demonstrating control over the private key. The Service Provider validates the user’s and issuer’s cryptographic signatures via the DLT. After the validation process, the user is granted access by the Service Provider.

The SSI system is expandable, so in the future, one can provide certain information through selective disclosure, without having to reveal everything about oneself right away. It is possible to use a credential that proves that one is already 18 years old, without having to undergo a complete check of one’s person including place of residence, nationality or other personal data. If a recurring identification for web services is to be anonymized, one can create a new credential for each login process. This way, the individual logins cannot be associated with each other and no conclusions can be drawn about the person.

The advantages of this decentralised and secure solution are visibly valuable and this approach could benefit not only us as users but will also help companies and institutions.

How does Self-Sovereign Identity help me?

More data protection through higher security: the data is encrypted and stored in a decentralised storage system, where it is protected from access by third parties

More control over one’s own data: As a user, you only release the data that is necessary. The identity can be stored on one’s own smartphone, for example.

Privacy on the web: Through the use of Zero-Knowledge Proofs (ZPKs) and selective disclosure mechanisms, there are limited data traces created that can be used to draw conclusions about a user’s identity.

Simplified login procedures: The user becomes their own identity provider via their own decentralised digital identity. In the future, it will be possible to dispense with the creation of usernames and passwords in many areas.

More independence: Since the platforms or web services know less about the user, it is more difficult to manipulate them and encourage them to buy their own services or products.

Why would a big company or governmental body use Self-Sovereign Identity?

Transparency and trust: Companies and institutions that actively protect the privacy of their users are considered trustworthy and thus increase their customer loyalty or trust relationship with citizens.

Strengthening democratic processes: Small companies but also governments can better escape the market power of the current tech giants and align their processes to the needs of the users.

Cost savings through reduction of data storage: The permanent and secure storage of personal data is complex and expensive. This is no longer the case if the data is no longer stored at the company itself, but only retrieved for data relevant to the business relationship.

Privacy and security compliance: by outsourcing personal data to an external, encrypted system, companies do not need to build up and permanently finance their own legally compliant expertise in this field.

With the help of DIDs and VCs, the concept of Self-Sovereign Identity will become a tangible reality. It can drive digitization forward and enable us to fully utilise the potential of the digital world in a privacy compliant manner. The security concepts it supports will also provide strong foundations to convince adoption by critical users and to help drastically minimize the risks of fraud and identity theft that are prevalent in current Web 2.0 systems. As we observe the pitfalls of the current infrastructure that handles our digital identities, it is important that we start to step away from this reliance on digital identity provided by but a handful of individual corporations and together work towards the development of expertise and solutions in all key sectors that can help pave the way for the future of Self-Sovereign Identity, for everyone, everywhere.

More To Explore

Identity Manager Release

Identity Manager – Self Sovereign Identity made Simple

Self-Sovereign Identity development experts Tangle Labs have just released the latest version of their open-source Identity Manager libraries that provide accessible development tools for businesses and organisations to create anything with Identity.

Open Sourcing Identity Manager

What is it? The Tangle Labs Identity Manager is an open source utility library that acts as a wrapper around most IOTA Identity functions that

Terms Of Use

Welcome to Tangle Labs Website!

These terms and conditions outline the rules and regulations for the use of Tangle Labs UG’s Website, located at tanglelabs.io.

By accessing this website we assume you accept these terms and conditions. Do not continue to use Tangle Labs Website if you do not agree to take all of the terms and conditions stated on this page.

The following terminology applies to these Terms and Conditions, Privacy Statement and Disclaimer Notice and all Agreements: “Client”, “You” and “Your” refers to you, the person log on this website and compliant to the Company’s terms and conditions. “The Company”, “Ourselves”, “We”, “Our” and “Us”, refers to our Company. “Party”, “Parties”, or “Us”, refers to both the Client and ourselves. All terms refer to the offer, acceptance and consideration of payment necessary to undertake the process of our assistance to the Client in the most appropriate manner for the express purpose of meeting the Client’s needs in respect of provision of the Company’s stated services, in accordance with and subject to, prevailing law of Switzerland. Any use of the above terminology or other words in the singular, plural, capitalization and/or he/she or they, are taken as interchangeable and therefore as referring to same.

Cookies

We employ the use of cookies. By accessing Tangle Labs Website, you agreed to use cookies in agreement with the Tangle Labs UG’s Privacy Policy.

Most interactive websites use cookies to let us retrieve the user’s details for each visit. Cookies are used by our website to enable the functionality of certain areas to make it easier for people visiting our website. Some of our affiliate/advertising partners may also use cookies.

License

Unless otherwise stated, Tangle Labs UG and/or its licensors own the intellectual property rights for all material on Tangle Labs Website. All intellectual property rights are reserved. You may access this from Tangle Labs Website for your own personal use subjected to restrictions set in these terms and conditions.

You must not:

  • Republish material from Tangle Labs Website
  • Sell, rent or sub-license material from Tangle Labs Website
  • Reproduce, duplicate or copy material from Tangle Labs Website
  • Redistribute content from Tangle Labs Website

 

Parts of this website offer an opportunity for users to post and exchange opinions and information in certain areas of the website. Tangle Labs UG does not filter, edit, publish or review Comments prior to their presence on the website. Comments do not reflect the views and opinions of Tangle Labs UG, its agents and/or affiliates. Comments reflect the views and opinions of the person who post their views and opinions. To the extent permitted by applicable laws, Tangle Labs UG shall not be liable for the Comments or for any liability, damages or expenses caused and/or suffered as a result of any use of and/or posting of and/or appearance of the Comments on this website.

Tangle Labs UG reserves the right to monitor all Comments and to remove any Comments which can be considered inappropriate, offensive or causes breach of these Terms and Conditions.

You warrant and represent that:

  • You are entitled to post the Comments on our website and have all necessary licenses and consents to do so;
  • The Comments do not invade any intellectual property right, including without limitation copyright, patent or trademark of any third party;
  • The Comments do not contain any defamatory, libellous, offensive, indecent or otherwise unlawful material which is an invasion of privacy
  • The Comments will not be used to solicit or promote business or custom or present commercial activities or unlawful activity.


You hereby grant Tangle Labs UG a non-exclusive license to use, reproduce, edit and authorize others to use, reproduce and edit any of your Comments in any and all forms, formats or media.

Hyperlinking to our Content

The following organizations may link to our Website without prior written approval:

  • Government agencies;
  • Search engines;
  • News organizations;
  • Online directory distributors may link to our Website in the same manner as they hyperlink to the Websites of other listed businesses; and
  • System wide Accredited Businesses except soliciting non-profit organizations, charity shopping malls, and charity fundraising groups which may not hyperlink to our Web site.


These organizations may link to our home page, to publications or to other Website information so long as the link: (a) is not in any way deceptive; (b) does not falsely imply sponsorship, endorsement or approval of the linking party and its products and/or services; and (c) fits within the context of the linking party’s site.

We may consider and approve other link requests from the following types of organizations:

  • commonly-known consumer and/or business information sources;
  • dot.com community sites;
  • associations or other groups representing charities;
  • online directory distributors;
  • internet portals;
  • accounting, law and consulting firms; and
  • educational institutions and trade associations.


We will approve link requests from these organizations if we decide that: (a) the link would not make us look unfavourably to ourselves or to our accredited businesses; (b) the organization does not have any negative records with us; (c) the benefit to us from the visibility of the hyperlink compensates the absence of Tangle Labs UG; and (d) the link is in the context of general resource information.

These organizations may link to our home page so long as the link: (a) is not in any way deceptive; (b) does not falsely imply sponsorship, endorsement or approval of the linking party and its products or services; and (c) fits within the context of the linking party’s site.

If you are one of the organizations listed in paragraph 2 above and are interested in linking to our website, you must inform us by sending an e-mail to Tangle Labs UG. Please include your name, your organization name, contact information as well as the URL of your site, a list of any URLs from which you intend to link to our Website, and a list of the URLs on our site to which you would like to link. Wait 2-3 weeks for a response.

Approved organizations may hyperlink to our Website as follows:

  • By use of our corporate name; or
  • By use of the uniform resource locator being linked to; or
  • By use of any other description of our Website being linked to that makes sense within the context and format of content on the linking party’s site.

No use of Tangle Labs UG’s logo or other artwork will be allowed for linking absent a trademark license agreement.

iFrames

Without prior approval and written permission, you may not create frames around our Webpages that alter in any way the visual presentation or appearance of our Website.

Content Liability

We shall not be hold responsible for any content that appears on your Website. You agree to protect and defend us against all claims that is rising on your Website. No link(s) should appear on any Website that may be interpreted as libellous, obscene or criminal, or which infringes, otherwise violates, or advocates the infringement or other violation of, any third party rights.

Your Privacy

Please read our Privacy Policy

Reservation of Rights

We reserve the right to request that you remove all links or any particular link to our Website. You approve to immediately remove all links to our Website upon request. We also reserve the right to amen these terms and conditions and it’s linking policy at any time. By continuously linking to our Website, you agree to be bound to and follow these linking terms and conditions.

Removal of links from our website

If you find any link on our Website that is offensive for any reason, you are free to contact and inform us any moment. We will consider requests to remove links but we are not obligated to or so or to respond to you directly.

We do not ensure that the information on this website is correct, we do not warrant its completeness or accuracy; nor do we promise to ensure that the website remains available or that the material on the website is kept up to date.

Disclaimer

To the maximum extent permitted by applicable law, we exclude all representations, warranties and conditions relating to our website and the use of this website. Nothing in this disclaimer will:

  • limit or exclude our or your liability for death or personal injury;
  • limit or exclude our or your liability for fraud or fraudulent misrepresentation;
  • limit any of our or your liabilities in any way that is not permitted under applicable law; or
  • exclude any of our or your liabilities that may not be excluded under applicable law.


The limitations and prohibitions of liability set in this Section and elsewhere in this disclaimer: (a) are subject to the preceding paragraph; and (b) govern all liabilities arising under the disclaimer, including liabilities arising in contract, in tort and for breach of statutory duty.

As long as the website and the information and services on the website are provided free of charge, we will not be liable for any loss or damage of any nature.

Privacy Policy

Here at the Tangle Labs Website, accessible from tanglelabs.io, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by Tangle Labs Website and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in Tangle Labs Website. This policy is not applicable to any information collected offline or via channels other than this website. .

Consent

By using our website, you hereby consent to our Privacy Policy and agree to its terms.

Information we collect

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

When you register for an Account, we may ask for your contact information, including items such as name, company name, address, email address, and telephone number.

How we use your information

We use the information we collect in various ways, including to:

  • Provide, operate, and maintain our website
  • Improve, personalize, and expand our website
  • Understand and analyse how you use our website
  • Develop new products, services, features, and functionality
  • Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes
  • Send you emails
  • Find and prevent fraud

Log Files

Tangle Labs Website follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services’ analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analysing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.

Cookies and Web Beacons

Like any other website, Tangle Labs Website uses ‘cookies’. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customizing our web page content based on visitors’ browser type and/or other information.

For more general information on cookies, please read the Cookies article on Generate Privacy Policy website.

Third Party Privacy Policies

Tangle Labs Website’s Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.

You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers’ respective websites.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, California consumers have the right to:

Request that a business that collects a consumer’s personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.

Request that a business delete any personal data about the consumer that a business has collected.

Request that a business that sells a consumer’s personal data, not sell the consumer’s personal data.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

Children’s Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

Tangle Labs Website does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.