Investigating privacy-respecting online identity, data ownership & control solutions



Original title: Proposal for a centralised control and market space where we can edit our third-party accessible social media profiles

I know there are a lot of available tools and ongoing projects about it (see this thread and this site in particular). I’d like to add a proposal that I think goes a little further, closing the loop from users to social media.

Users, with their activity on social sites and apps, feed the social media AI algorithms with simple atomic data that then are computed into big complex user profiles, inferring a lot of information not explicitly readable on original user data. These profiles are then sold to third-party companies and entities, and they can be extremely relevant for our present and future life in any unimaginable negative way.

What I propose is to force the creation of a central user data control and market room (we can call it “VPE”, for validation, privacy and economic value), recognised by governments and social media themselves. Using the VPE app, users can see their full profiles, output of the AI algorithms powered by social media. For each social media they can edit any information in the profile, delete it, adjust its privacy setting. The closing loop is the following: once the profiles are validated by users, they feed back into the social media, who can from that moment use only that information, both internally for their AI engine and externally, selling them to third-party customers. The same would be for any noncommercial, political, etc. entity. The user will see in the VPE app how much their new edited profiles are worth in term of money, compared to the original ones. They will have to compensate social media for the less rich profiles with an amount of money, showed in the app. That would be the price for their privacy and ‘right to be forgotten’.

What do you think?

Member's article review: There's no such thing as anonymous data

Sounds good. I’m intrigued by the idea of users paying for privacy. This would be part of each entity’s profit, and in the case of governments, it would be a form of revenue.

However, governments would already have such a database, right? For example, the social security database of the U.S.


Yes, they are interesting ideas @micheleminno. Very complex in many ways, but - as you say - a lot of the groundwork is being done in a large number of projects.

With the regards to the pricing - the concept that you pay for the loss of value of your profile - is a very innovative idea. It is the opposite of the much-talked-about selling of your own personal data. This last one is discussed now and then on Hacker News. The consensus is that it is probably not attractive for users to do this, as there is so little money to be earned (your prices are in the correct range), and your most valuable data (name, address, phone, etc.) can only be sold once.

When you turn it around, it is a bit easier, more feasible. It is very hard to accurately determine price, though. But the social network could set the price using their own price models.

A thing to consider: If I want privacy guarantees, why wouldn’t I go with a social network that offers a paid subscription model? – though you are probably thinking of a model that would be acceptable to the big tech platforms, like FB.

The biggest issue, I think, is enforcement. How do you check whether the social media network provides all the aggregated data? And once they sell the data to 3rd parties, how do you still have any control over it? How do you know what was sold?

Answer is, you can only enforce with proper regulation, and goverment + the law + high fines for breaches of contract. Interesting in that regard is Estonia, the most digitalized country in the world, where you can do all your government services entirely online, except marrying and buying a house. They have created a framework of laws to support their digital services.

And another thing that is interesting, is the initiative started by Tim Berners-Lee - the founder of the internet - and his Solid framework. Contrary to what Estonia offers and to your idea, this technology is decentralized, but still gives you control of your own data. After long preparation there was a launch last month and first commercial initiatives have started. See: and

Digi Rights: Applying fundamental Human Rights to the Digital Realm

I’m putting my neck out here in a field I may be misunderstanding., But should we be careful to not create a market in something we should have a civil right to in the first place (our privacy)?


@healthyswimmer, I think both are needed and equally important. It is not an either/or choice. On the one hand civil rights (see the Digital Human Rights Declaration project idea) to lay the foundation, and ideas and projects similar to what @micheleminno proposes, to build the tools that comply to these same rights.

Note: Also I think both of these initiatives are too big to handle for our community, but that we can be the facilitators, the connecting / communication medium for them, and laying groundwork for furtile discussions.


I hope also that we can try to design and maybe develop a prototype of this…


Yes, and governments would be also controlled by users for the data they share, i.e. the number in the US representing how good are you in paying bills and payments, nowadays being shared with recruitment systems and so on (see the book ‘Weapons of math destruction’ by Cathy O’Neil).


Thank you this is an excellent proposal. However I personally wouldn’t want to have ANY profile at all with any company.

What’s the use of social media profiles to users? Social media is supposed to be about communication, not about profiles and spying. The latter were probably just created to make money by selling information about users to marketeers, and have little real use to users at all.


Thank you @Free, yes I agree, but we’re still far from that ideal situation. My proposal would be a possible first step in that direction.


It depends on what you see as a profile. On any platform where you are not wholly anonymous there is the need to store some information about you, if only your username and/or IP address, email for password recovery, etc.

(Note: A fully anonymous social network should be possible, where your profile is hung up to a (cryptographic) key provided by a trusted 3rd-party that vouches it relates to a real person, similar to what @micheleminno is proposing).

Depending on the features of the app or platform, more profile information is needed. Like e.g. an Email service that maintains a list of stored contacts for your convenience. Still this information could and should (as proposed) be under your full control, and preferably be stored somewhere outside of the platform itself.

In @micheleminno’s proposal I do not think that the monetary part of the solution - the value increase/decrease of the data - is the most relevant. I’d propose to drop that from the solution, as it provides no guarantees.

I see more value in a solution based on a combination of regulation and cryptography:

  • As a user of a certain platform or service I define a data contract that:
    • Determines which data points the service provider is allowed to use
    • Determines for what purposes the service provider may use my data (e.g. prohibit 3rd-party resales)
  • This data contract is signed with my personal secret key, and a key from the service provider
    • Regulation prescribes that wherever my data is used, it must be accompanied with this signature
    • If the signature is missing, or it is invalid, then the data contract is breached and you are in violation of the law

Maybe what I have just described already aligns with Solid from Tim Berners-Lee. Have to check that out still.

Note that I think that this cryptographic solution offers more benefits, e.g. in the fight against fake news. For this last subject I was thinking of creating a separate topic for it, but I can just as well post the outline of the idea here:

Cryptographic Keys and Key Providers

  • Every citizen in the world gets the opportunity to create one or more cryptographic keys that are in long-term storage at trusted key providers.
  • The key providers are decentralized, and there can be countless no. of providers. I can self-host my own provider, if I want
  • Other key providers offer the facility to backup keys from another location, so when you lose your keys, there are backups
  • Key providers also offer the ability to revoke and invalidate / delete keys, e.g. when one of them gets compromised / hacked

Keys and Identity

My internet freedoms allow me 3 possible ways to interact with the internet:

  1. Anonymous identity
  2. Pseudonymous identity
  3. Validated identity
  • When anonymous, i need no key at all. Whatever information I submit cannot be traced to an identity. This type of information is untrusted. It can be fake news.
  • When pseudonymous, the information I submit can be traced to a valid key in a key provider
    • The provider may store additional Claims regarding the identity
    • Some of the Claims may be obtained / cached from other key providers
    • The provider can also have links to other key providers that hold Claims about me
  • With a validated identity there is not only a valid key in a key provider, but authoritative Claims that prove my real identity
    • The Authority of the key provider needs to be established.
    • E.g. only a government key provider may have the authority to issue the claim of my Nationality

Fighting fake news

What is needed to fight fake news is:

  • A recognized key identity system as outlined above
  • Government regulation and laws for dealing with breaches / violations
  • Internet apps (e.g. social media platforms) and hardware basing the veracity of information on Keys + Claims

Some examples:

If I am a journalist, and I film a newsworthy event, then I want to have an USB stick with my Validated identity attached to my camera, so that everything I film is automatically signed, and cannot be altered in any way without becoming invalid.

If I am posting pseudonymous to a social network the Key and Claims could state that I am a real person, living in the UK, and working as professor at Oxford. The key providers at Oxford and of the UK government vouch for that fact.

Control of my profile

Back to the original post: I can use a pseudonymous identity key and have my profile fields as Claims attached to it, either for global use, or for a whitelisted number of platforms & services. If a platform infers some aggregated data from it (using AI or whatever) and does not post back that data to my key provider, then there are no Claims for it. The data is invalid and the platform is in breach of the law.

Before starting a project we need to do some research on what is already happening in this field. Maybe we need to bring existing initiatives closer together. A problem in the space of cryptography and decentralized web, is that it is very fragmented and many developments happen out of view of the mainstream.

A good resource for a Web of Trust is and especially the research collected in a number of Github repositories:

Additionally there is the W3C Credentials Community Group:

The mission of the W3C Credentials Community Group is to explore the creation, storage, presentation, verification, and user control of credentials. We focus on a verifiable credential (a set of claims) created by an issuer about a subject—a person, group, or thing—and seek solutions inclusive of approaches such as: self-sovereign identity; presentation of proofs by the bearer; data minimization; and centralized, federated, and decentralized registry and identity systems. Our tasks include drafting and incubating Internet specifications for further standardization and prototyping and testing reference implementations.

The working group is evolving a number of standards such as Decentralized Identifiers (DIDs) and Verifiable Claims which elaborates on some indicative use cases:

Verifiable Claims use cases

(Note: Some of the work in this space is related to blockchain technology, which I am not very much a fan of… yet, at least)


An additional complexity to the system outlined in previous post, and @micheleminno’s proposal, where the goal is to have full control of your own data: There are legitimate cases where you should not have full control.

If you can edit and approve every data point in your profile, then you filter out all the negatives and keep only positive facts about you. If you misbehave on a platform - or are an outright troll - then you should not be able to remove all the flags and reporting about your behavior.

To handle this in the system, the platform should have a Terms of Service where the rules can also be interpreted by code. The flags are a form or aggregated data, and this time - when sending it to your profile storage the platform attaches a data contract of their own to it, which you must accept. This contract could state that you cannot delete or edit this data as long as you are member of the platform, but that only you and the platform admins are allowed to read it.

But there are more, and different cases. If in real life you apply for a job and then your potential future employer could contact your boss from a previous position in your CV and ask about your positive and negative sites. If there are negatives you will not be able to suppress them. You can only react to them, if you are invited for a talk.

If you and your future employer used an automated platform to help with this - say LinkedIn - and it used the system outlined here, then how would that work?

It could work something like this: On behalf of your potential future employer a job evaluation request is sent to your former boss. Former boss fills in the request and adds a bullet list of positives and negatives, which are sent back to the platform upon submission. Though the request is signed by the Validated identity of your former boss, the informaiton in it only reflects his opinion of you (but it isn’t necessarily factual… she/he can hold a grudge against you). So the platform first sends the request as a number of Claims to your profile storage, and allows you - via the data contract - to attach your own opinion / reaction to each of the claims, beore it is sent back to your future employer. This way you are able to defend yourself. But you can also in turn smear your boss. So when you submit your reaction to the platform, it could be sent to both your future employer, as well as to your former boss.

This is quite a complicated process flow (and could have further steps than outlined), but it is also application-specific, and that is fine. The data contracts on this information exchange could state that the information may only be shared between the 3 parties involved, or risk violation of the law.

There are more cases where you should not be in control of your own information. If you are a convicted criminal, for instance, and you have just been released on bail. Another party should be able to find out if you are trustworthy before bestowing trust on you based on your data.


Would like to mention the open-source Unomi project just started at the Apache Foundation. It is a user profile server with some interesting aspects: Apache Unomi:

Apache Unomi is a Java Open Source customer data platform, a Java server designed to manage customers, leads and visitors data and help personalize customers experiences while also offering features to respect visitor privacy rules (such as GDPR)

Apache Unomi is also the reference implementation of the upcoming OASIS Context Server (CXS) standard to help standardize personalization of customer experience while promoting ethical web experience management and increased user privacy controls.


This is a great video that you should watch to understand more of the underlying complexities, and what is already going on in the field of “Self-Sovereign Identity” - the mechanism that allows control of your own data:

There is also a shorter version of the above, but I think you need to longer one for better understanding:


There is a related effort started by Tim Berners-Lee called “SOLID” seeking to let users control their personal/profile data (mentioned by @aschrijver) . And a discussion for technologists in the area hosted by IEEE that may be of interest.
“ownership” of data, and “control” of data are critical aspects of the 21st century economy.


Yes, @JeDI, I know about Solid. I mentioned it above. Do you have practical experience with it? I saw there is work in creating ReactJS components that incorporate the technology, hide the intricate complexities. Very interesting.

I am not sure if I want to sign up to IEEE, though they have many interesting publications. Is it worth it you think, or will I still bump into numerous blocked, paid articles?