Almost a year back, personal details of around half a million Facebook accounts were leaked online, proving Murphy’s law “Anything that can go wrong will go wrong.” It seems other social media platforms and related services may go through the same issue.
The latest Twitter hacking incident validates our argument. For those who are unaware, Twitter accounts of prominent personalities, including that of Elon Musk, Bill Gates, Jeff Bezos, Kanye West, Kim Kardashian, Mike Bloomberg, Joe Biden, Barack Obama, among others, were hacked to promote a fake Bitcoin (BTC) giveaway offer.
Joe Tidy, a cybersecurity commentator at BBC, stated “The fact that so many different users have been compromised at the same time implies that this is a problem with Twitter’s platform itself.”
Tidy further stated that all data pertaining to none of the accounts is safe. Hackers simply choose to take control of popular accounts as it is easy to promote scams.
Even if Twitter fortifies its network with better cybersecurity systems, it would only increase overall expenses and make it more complicated. Still, there is no 100% guarantee of protection from hackers. The prevailing model of centralized services can never offer a secure solution for user authentication.
There are some technical jargons which users should be aware of. It will help in safeguarding online business or personal info. While dealing with any entity, a user should make sure that the below mentioned protections are offered:
Decentralized identifier (DIDs) is a infrastructure created by W3C to facilitate the creation and handling of personal identifiers in a decentralized manner.
To put it in simpler terms, online service developers will not have any need to build something fresh in order to benefit from blockchain technologies. These standardized process and covenants can be used straightaway.
Selective disclosure protocol (SDP), first demonstrated at the EOS Hackathon last year by Vareger co-founder Mykhailo Tiutin and his group, is a decentralize way of storing personal info (utilizing DIDs) with crypto safety on blockchain. With SDP, the user can reveal cautiously chosen bits of data in any unique transaction.
Self-sovereign identity (SSI) facilitates users to have total control over their personal info and identity, without involvement of any intermediates. Therefore, it allows users to save personal data on their own gadgets and not on Twitter or any other social media platform’s server.
SSI is beneficial for the simple reason that it is quite possible to hack a centralized platform that stores millions of accounts, but quite difficult to hack millions of gadgets.
To make things clear, let us discuss a hypothetical scenario.
Alice creates cryptography aided private and public key. While the private key encrypts dealings through a digital signature, decryption is done by the public key.
The public key is utilized to validate whether Alice has logged in, initiated the contract, activated the blockchain powered transaction, and so on.
To safeguard the private key, Alice has to save that in a safe hardware gadget having PIN protection feature. This includes a smart card, a hardware crypto wallet or USB authentication token.
However, as crypto address represents a public key, Alice will be able to utilize it as her token wallet and also as coin.
Even though public key offers privacy, Alice can setup a validated digital identity. She can request Bob, a certificate authority, to endorse her identity. Alice can meet Bob and prove her identity through a valid ID. With that Bob can generate and upload a certificate on a blockchain.
In this case, “certificate” is a file that guarantees the veracity of Alice’s public key to the general public. The certificate of Alice will not be published by Bob as done in a traditional manner.
In case of a DDoS attack on a centralized server, there are no means to affirm the validity of Alice’s digital identity. That could even result in theft of identity. On the contrary, stealing of identity is not possible if only the certificate or its hash data is uploaded on-chain.
With a validated ID, Alice can carry out official dealings, including registration of a company. Assuming Alice is a businessperson, she may be interested in publishing her contact details, including telephone number.
For this, a blockchain powered platform is a secure choice because a hacker will be able to amend the data published on a traditional social media platform in such a way that calls are redirected to another number. Such a scenario is prevented by the use of blockchain technology.
If Alice visits a liquor shop, she can prove her identity through the verified DID. Likewise, the shopkeeper, Dave, will be able to utilize his app to validate and confirm the DID of Alice, rather than physical ID.
Alice will not have any requirement to reveal her name or other personal details such as date of birth. Only her DID, certified by Bob, will be shared with Dave, in addition to her image and a statement guaranteeing that she is over 21 years of age. Dave can trust the document as Bob is a certificate authority.
Alice can also setup multiple pen names for social media, online shopping and cryptocurrency exchanges. In case, she misplaces her private key, she can request Bob to amend her document on the blockchain to state that the public key is no longer valid.
In case someone steals the public key, it won’t be of any use as everyone who comes across the public key will know that transactions signed with that public key is not valid and trustworthy.
Obviously, this is an easy to understand scenario, but not impractical. Furthermore, some of these procedures are already in place. Notably, Estonian e-Residency card is basically a smart card with user’s private key.
Using the card, even a company registration or signing of contract is possible from a remote place. As the card is integrated with larger market, Estonian digital signatures are valid throughout the EU. Regrettably, Estonian government still does not secure certificates on blockchains.
Considering the fact that knowledge is power, users should understand that cybersecurity is a cooperative process. Software and social media platform should take necessary initiatives to enhance safety standards and users should demand for such a change.