Data privacy ! A Concern

Data privacy ! A Concern

What did you searched on Search engine today ? Something about shoes, t-shirts etc. Well that's not my concern. My concern is what's going in the back when you search something on internet. Have you ever wondered why you see similar ads on almost every platform you visit from social media to search engine . It's because of your "Data".

It is no secret anymore that almost all websites can track your online activities, but when websites start knowing too much about you, it seems a little creepy. How much of you is exactly being tracked? Are websites putting spyware into your system to track your activities?

Increases in security breaches and digital surveillance highlight the need for improved privacy and security, particularly over users’ personal data.

               5 of the Biggest Data Breaches in History
  1. Yahoo! Data Breach Year of breach: 2013 - 2016 Data breached: 3 billion user accounts

2) Collection #1-5 Data Breach Year of breach: 2019 Data breached: 2.2 billion usernames and associated passwords

  1. Aadhaar Data Breach Year of breach: 2018 Data breached: identity and biometric information of 1.1 billion Indian citizens

  2. First American Financial Corp. Data Breach Year of breach: 2019 Data breached: 885 million records

  3. Verifications.io Data Breach Year of breach: 2019 Data breached: 800 million records

A foundational privacy issue facing information system developers and users is personal data privacy. Personally-identifiable data about clients, employees, prospects and other stakeholders may be regularly collected and stored in shared ledgers. Today, many organizations store private stakeholder data and even passwords in unencrypted form. Even when data are encrypted or anonymized, it may be possible to identify users unless well-developed cybersecurity processes are designed into data management systems. With frequent cybersecurity failures and increasing regulation, maintaining the privacy of personally identifiable information (PII) has become an issue of strategic concern for many organizations.

 "Blockchain " a solution to Data privacy and Data Security.

Different platforms organically create our digital identity as we transact with them. New data, such as personal information and online activity records, keeps on getting linked to this identity over time. The identity can be anything, like your device’s IP address, and the linked data may include usernames, passwords, online search history, online shopping history, medical history, and more. Since this digital identity is not stored on any personal database, the user has no say in what should or should not be available for the companies and organizations to view. This problem can be solved easily by using a self-sovereign identity integrated on the blockchain, called decentralized identity (DID). It is one of the prime proponents of this technology, focused on improving data privacy and security significantly. DID allows individuals to store their data independent of the databases of the websites they interact with. Instead, it is kept on personal devices, such as PCs, mobile phones, cloud storage, and offline hard disks. They can then store the pointers to this data on the blockchain, which can be used by organizations to authenticate the claims made by users regarding their personal records. An individual can create multiple DIDs for different purposes, each of which will be protected by a private key. Only the person with the private key can prove the validity of the stored data. It works almost the same way as email address verification. When you try creating an account on a gaming platform using an email address, the site may ask you to verify your digital identity by sending security keys to the provided email. The only difference is that DID will be owned by the user only, rather than the email server, and they will get to choose which information to share. DIDs and decentralized databases can not only help users ensure the confidentiality of their personal data, but they can also improve protection against hacking attacks.

Typically, the data recorded by different platforms are stored on a single central database or server. Users of the system are assigned a digital identity, called federated identity.

This identity allows users to switch between multiple platforms quickly. It can also be used to avail services provided by the platforms, as well as access the information on the server.

A federated identity framework is enabled by using a single sign-on (SSO) authentication protocol. SSO allows individuals to use just one set of credentials for all linked websites and applications.

Though this method makes the entire procedure more convenient, as users don’t have to remember separate passwords for each application, it compromises data protection to a significant extent.

For instance, consider a healthcare system, which may involve several organizations, such as hospitals, pharmacies, urgent care clinics, and insurance companies. If the system follows traditional user data management practices, records from each entity are kept on one central SSO-protected database, managed by a third-party provider.

Such a system will be more vulnerable to hacks, as the attacker will have to breach just one security layer to get their hands on all the stored information.

The decentralized nature of blockchain ledgers offers opportunities to implement federated identity and SSO protocols much more efficiently. In a blockchain network, the system participants can determine and authenticate the identity of users without relying on a third party.

And thanks to the immutability of the blockchain, the data and identities will be much more secure than they are in a central database.

Moreover, the blockchain-based federated identity framework will allow participants to use smart contract audits to control how much of their data will be visible to the various entities. It also helps businesses and organizations to observe the performance of the entire network.

                                       Zero-knowledge Proof 

Zero-knowledge proof is a cryptographic method to approve information validity without compromising the user’s privacy and control. In this method, the user (prover) tries to prove to the validator (verifier) that a piece of information is authentic without exchanging or revealing any data.

Take the example of a store selling tobacco. An individual who wants to buy cigarettes must prove that he or she is of legal age (18) for smoking. One way of doing it is to show your driving license to the verifier. But the driving license contains more information than required: name, height, gender, home address, etc. If revealed, this information can be misused or stolen.

Alternatively, the prover may use zero-knowledge proofs to verify their age through a mathematical code. It can be done by the state uploading license numbers of all individuals aged 18 years or above and have their driver’s licenses on to the blockchain at the time of issuance. Afterward, these individuals will hash their fingerprints to the respective license numbers.

Conclusion Since the inception of the World Wide Web, businesses and enterprises are gradually shifting their corporate models to online platforms and digital databases.

As a result, the 5 billion daily active internet users are generating a whopping 2.5 quintillion bytes of data every day. This trend is witnessed across the board and in almost every field.

Even 60% of the global GDP is expected to be digitized by the end of 2022, blurring the lines between the digital economy and the real economy.

Meanwhile, blockchain technology, which is undergoing rapid transformation, is offering data management and storing solutions that have never been envisioned before.

With the implementation of this invention, we can establish ethical data standards that ensure users’ data privacy and protection are never compromised.