What is identity in the digital space? Is it a mere reflection of what we are offline, or is it an augmented version of ourselves? Is there a “minimum viable tech stack” that can be combined to create verifiable individuals?
In my article, I’ll lean toward the technical side of this matter, and I won't provide one trivial answer but I’ll consider different aspects of digital identities, verifiable individuals, security, privacy, anonymity, unique digital fingerprints, and verification approaches.
Digital identity
The digital identity is a complex set of data points – often referred to as a digital footprint and fingerprint that you leave behind everywhere you present yourself online. These data points can be traced back to the real “YOU”, revealing unique aspects of your presence in the digital space/online.
What is Identity?
Identity is a collection of information and attributes/parameters that describe an entity. It is used to determine the actions in which this entity can participate or has participated.
Three main categories of entities
-
Individuals – people like you and me and anyone else.
-
Corporations, companies, services.
-
Assets – physical items - objects, such as houses, laptops, planes, etc, and nonphysical items - such as software, data, etc.
The identity of each entity is based on its attributes, which can be divided into 3 main categories:
- Core: base characteristics (for example: name, date of birth).
- Derived: computed or inferred from core attributes - base characteristics (for example: age, location, gender).
- Transactional: related to specific actions (for example: tax or bank account number, online shopping history).
Digital identity systems
In the past, identification systems relied on face-to-face interactions and physical proofs. The transition to digital systems introduces new identity systems. A digital identity system uses the structure of a physical one but operates entirely with digital artifacts/attributes. It eliminates the usage of physical documents and manual processes. Modern trends driving the need for identification systems include increasing transaction volumes, data breaches, and the global shift toward digital/virtual interactions.
Importance of digital identity
Privacy and security cannot be ensured solely by constructing walls around sensitive information. Identity is now the matter where privacy and security intersect. Strong identity protocols protect against cyber risks and enable secure transactions of any kind and activities – logging into a website, making an online purchase, or accessing services – identity (or some technical attributes of it) plays a critical role in many aspects of our daily lives and actions.
Your digital identity is more than just a username, profile photo, name/nickname, age, location, etc, and password – it’s a multifaceted representation of who you are in the digital and real world. Real and digital identities might be different because different attributes define them but they may intersect and be traceable to each other.
Digital fingerprints and online identity
In the digital world, where our virtual presence is often more noticeable than our physical one, the concept of online identity has become complex and unclear. At the bottom of this digital identity lies a huge set of details/attributes known as digital fingerprints. These fingerprints serve as the basic characteristics of our online identity, leaving behind a trail of unique identifiers/params that reveal our digital and real identity, and influence how we interact within the virtual world – software, different online services, DBs, and other real and virtual identities.
Understanding digital fingerprints
Digital fingerprints, in a nutshell, are a bunch of parameters that define our online identity. These parameters include everything from user-agents, IPs, and screen resolutions to browser plugins, time zones, and hardware characteristics. Each parameter contributes to the set of characteristics (params) of our digital identity, forming a unique “signature” that distinguishes us in cyberspace. For example, user agents provide critical information about the user's browser, OS, and device, giving valuable info on users’ digital environment. IPs serve as coordinates, revealing the user's network and geo-location, and affecting their online experiences and interactions. These simple and familiar to everyone params, when they are together in one set, create identifiers that reflect our online presence and define the way we navigate and interact with online services.
Detection and spoofing
Detecting and manipulating digital fingerprints is a complicated process for users seeking anonymity and platforms seeking authenticity. Speaking about proxies and VPNs, users can use different techniques to hide/spoof their digital trails and change their true identities. By using tools such as VPNs, you can encrypt their network traffic and mask their IPs (some basic parameters of digital fingerprints and identity), making it challenging to trace their online activities back to their original identities. Through fingerprint spoofing, users can manipulate the aforementioned parameters such as user-agents, browser characteristics, and device params to mask as unique, verifiable entities, and evade detection by bot detection systems and identity verification protocols. For example, you may use the fingerprint of a legitimate user, to gain access to restricted content or circumvent security measures designed to detect fraudulent activities. There is a constant battle for anonymity and authenticity in the digital world.
Implications for online identity
The ability to detect and spoof digital fingerprints has different implications for online presence, changing the dynamics of authenticity and flooding digital services with fake/incomplete data. Consider a scenario where a user in a country with strict censorship can’t access blocked content on social media. By using a VPN to mask their IPs and manipulate their digital fingerprints, the user can circumvent geo-restrictions and access the blocked content anonymously, expressing their freedom of access to information. Speaking about online security, the manipulation of digital fingerprints can be used to evade detection by bot detection systems, allowing users to engage in activities that may be suspicious or fraudulent. Fingerprint spoofing also raises concerns about potential abuse and misuse, as people/services may exploit these approaches for malicious goals, such as spreading fake information or engaging in cyberattacks. Balancing privacy and security involves managing digital fingerprints and online identity carefully, which requires strong security policies and ethical guides.
Faking online identity
The manipulation of fingerprints gives us the ability to fake online identities that are significantly different from our offline ones, blurring the lines between authenticity and fake. By crafting digital fingerprints that use ones of authentic users, we can assume roles and identities that ensure their physical existence, expanding the boundaries of our online presence and influence. Let’s consider a case where a user spoofs fingerprints to create multiple online accounts for social media marketing. By masking their true identity and presenting themselves as distinct, authentic users, these people can amplify their online presence and get a wider audience, all while tricking detection algorithms and security measures. However, fake online identities also raise concerns about trust and credibility in online interactions, as individuals may struggle to identify genuine users and imposters/bots. Faking online identity raises ethical concerns that outweigh the need for transparency and accountability, as well as the importance of technical literacy in these aspects and responsible online behavior.
Digital fingerprints are important aspects and characteristics of our online identities. From detection to spoofing, the manipulation of these unique parameters offers a way to anonymity and different positive and negative cases of using this “anonymity”. The essence of our online identities is not only in the set of our digital fingerprints but also in the choices we make and the actions we take on the web. Understanding digital fingerprints gives us additional depth in understanding online identities, and concepts of authenticity, transparency, privacy, and autonomy.
Identity
- Digital identity – our identity is no longer limited to physical one. It includes our digital footprint – interactions, actions, preferences, and behaviors across different platforms, services and devices.
- Multiple identities – we can have different identities online, each tailored to specific contexts and goals (e.g. professional, social networks, gaming, etc).
- Self-representation – social media profiles, avatars, photos, music, posts, bios, etc allow us to show how we present ourselves to others.
Personal expression
Social networks – Instagram, TikTok, YouTube, FB, etc allow us to express our identity through photos, videos, stories, posts, etc. We share thoughts, experiences, and expertise, creating a sense of community. Emojis and GIFs are visual elements that show emotions and reactions – showing parts of our identities. From profile pictures to personalized music playlists, different platforms give us tools to express our uniqueness.
Verification mechanisms
- Biometrics - fingerprint (real, not digital fingerprints) scanners, facial recognition, and voice recognition can verify identity quite securely.
- 2FA – combining passwords with a second factor (or even 3rd %) ) (e.g. SMS/OTP codes, app notifications, secure questions) improves security.
- Decentralized systems ensure transparency and prevent identity fraud.
- Digital proofs (for example: diplomas, degrees, certifications, etc) can be cryptographically verified.
- Prove knowledge without revealing sensitive data - zero-knowledge proofs.
Challenges
-
Balancing personalization with privacy and anonymity is crucial.
-
Access to tech may vary for different people, affecting the online presence and, as a result, identity representation.
-
Cybersecurity measures to protect identities and personal data.
-
Responsible use of data and avoiding biases in algorithms, and false alerts without getting and storing too much personal data which poses additional risks.
Verifiable individuals
There isn’t a one-size-fits-all solution but here’s some tech stack (a combination of technologies and protocols) that can contribute to establishing verifiable identities.
Blockchain or DLT (distributed ledger technology)
An immutable and decentralized record of identity-related transactions can be created.
The idea: Our identity attributes (such as name, date of birth, avatar, location, bio, etc) are stored on the blockchain. Transactions related to identity verification (e.g. permissions, updating personal info) are recorded as blocks. The decentralization ensures transparency and prevents tampering.
For example, check out Ethereum and Hyperledger Indy.
SSI (self-sovereign identity)
Give people control over their identity data.
The idea: People create a “digital wallet” where they store their verifiable credentials. Credentials (artifacts) are issued by trusted organizations (governments, universities, corporations, etc) and digitally/cryptographically signed. People can share these pieces of data with others without relying on any kind of central authority.
For example, check out Sovrin or uPort.
DIDs (decentralized identifiers)
Create globally unique and verifiable identifiers for people.
The idea: DIDs are linked to crypto keys and stored on a decentralized network. They allow people to prove ownership of their identity without revealing their data.
For example, check out the DID specification by W3C.
VCs (verifiable credentials)
Issue and verify digital credentials.
The idea: VCs are digitally signed statements about a person’s attributes. Issuers sign VCs, and holders present them as proof. Verifiers (e.g. corporations and service providers) verify the credentials.
For example, check out the W3C verifiable credentials data model.
ZKPs (zero-knowledge proofs)
Prove a statement without revealing the actual data.
The idea: ZKPs allow people to prove knowledge (age, eligibility, etc) without showing the particular data. Ensuring privacy and verification.
For example, check out zk-SNARKs and Bulletproofs.
Biometric auth
Verify an identity based on unique biological features.
The idea: Biometrics (fingerprint (real, not digital fingerprints), eye scan) are captured while using some online services. During authentication, the system compares the biometric data with stored templates.
For example, probably, many of you have seen and have used fingerprint scanners or facial recognition.
The tech stack is a starting point. Depending on the use case, additional components (such as secure hardware modules, identity wallets, and privacy-preserving algorithms) may be implemented. Different approaches might be combined and implemented as a multistep procedure – more steps passed more transparent verification and credibility. Verifiable identities in the digital space require a complex approach with a balance of security, privacy, anonymity, uniqueness, verification, and usability.