Investigating privacy-respecting online identity, data ownership & control solutions

Thank you this is an excellent proposal. However I personally wouldn’t want to have ANY profile at all with any company.

What’s the use of social media profiles to users? Social media is supposed to be about communication, not about profiles and spying. The latter were probably just created to make money by selling information about users to marketeers, and have little real use to users at all.

Thank you @Free, yes I agree, but we’re still far from that ideal situation. My proposal would be a possible first step in that direction.

1 Like

It depends on what you see as a profile. On any platform where you are not wholly anonymous there is the need to store some information about you, if only your username and/or IP address, email for password recovery, etc.

(Note: A fully anonymous social network should be possible, where your profile is hung up to a (cryptographic) key provided by a trusted 3rd-party that vouches it relates to a real person, similar to what @micheleminno is proposing).

Depending on the features of the app or platform, more profile information is needed. Like e.g. an Email service that maintains a list of stored contacts for your convenience. Still this information could and should (as proposed) be under your full control, and preferably be stored somewhere outside of the platform itself.

In @micheleminno’s proposal I do not think that the monetary part of the solution - the value increase/decrease of the data - is the most relevant. I’d propose to drop that from the solution, as it provides no guarantees.

I see more value in a solution based on a combination of regulation and cryptography:

  • As a user of a certain platform or service I define a data contract that:
    • Determines which data points the service provider is allowed to use
    • Determines for what purposes the service provider may use my data (e.g. prohibit 3rd-party resales)
  • This data contract is signed with my personal secret key, and a key from the service provider
    • Regulation prescribes that wherever my data is used, it must be accompanied with this signature
    • If the signature is missing, or it is invalid, then the data contract is breached and you are in violation of the law

Maybe what I have just described already aligns with Solid from Tim Berners-Lee. Have to check that out still.

Note that I think that this cryptographic solution offers more benefits, e.g. in the fight against fake news. For this last subject I was thinking of creating a separate topic for it, but I can just as well post the outline of the idea here:

Cryptographic Keys and Key Providers

  • Every citizen in the world gets the opportunity to create one or more cryptographic keys that are in long-term storage at trusted key providers.
  • The key providers are decentralized, and there can be countless no. of providers. I can self-host my own provider, if I want
  • Other key providers offer the facility to backup keys from another location, so when you lose your keys, there are backups
  • Key providers also offer the ability to revoke and invalidate / delete keys, e.g. when one of them gets compromised / hacked

Keys and Identity

My internet freedoms allow me 3 possible ways to interact with the internet:

  1. Anonymous identity
  2. Pseudonymous identity
  3. Validated identity
  • When anonymous, i need no key at all. Whatever information I submit cannot be traced to an identity. This type of information is untrusted. It can be fake news.
  • When pseudonymous, the information I submit can be traced to a valid key in a key provider
    • The provider may store additional Claims regarding the identity
    • Some of the Claims may be obtained / cached from other key providers
    • The provider can also have links to other key providers that hold Claims about me
  • With a validated identity there is not only a valid key in a key provider, but authoritative Claims that prove my real identity
    • The Authority of the key provider needs to be established.
    • E.g. only a government key provider may have the authority to issue the claim of my Nationality

Fighting fake news

What is needed to fight fake news is:

  • A recognized key identity system as outlined above
  • Government regulation and laws for dealing with breaches / violations
  • Internet apps (e.g. social media platforms) and hardware basing the veracity of information on Keys + Claims

Some examples:

If I am a journalist, and I film a newsworthy event, then I want to have an USB stick with my Validated identity attached to my camera, so that everything I film is automatically signed, and cannot be altered in any way without becoming invalid.

If I am posting pseudonymous to a social network the Key and Claims could state that I am a real person, living in the UK, and working as professor at Oxford. The key providers at Oxford and of the UK government vouch for that fact.

Control of my profile

Back to the original post: I can use a pseudonymous identity key and have my profile fields as Claims attached to it, either for global use, or for a whitelisted number of platforms & services. If a platform infers some aggregated data from it (using AI or whatever) and does not post back that data to my key provider, then there are no Claims for it. The data is invalid and the platform is in breach of the law.

Before starting a project we need to do some research on what is already happening in this field. Maybe we need to bring existing initiatives closer together. A problem in the space of cryptography and decentralized web, is that it is very fragmented and many developments happen out of view of the mainstream.

A good resource for a Web of Trust is and especially the research collected in a number of Github repositories:

Additionally there is the W3C Credentials Community Group:

The mission of the W3C Credentials Community Group is to explore the creation, storage, presentation, verification, and user control of credentials. We focus on a verifiable credential (a set of claims) created by an issuer about a subject—a person, group, or thing—and seek solutions inclusive of approaches such as: self-sovereign identity; presentation of proofs by the bearer; data minimization; and centralized, federated, and decentralized registry and identity systems. Our tasks include drafting and incubating Internet specifications for further standardization and prototyping and testing reference implementations.

The working group is evolving a number of standards such as Decentralized Identifiers (DIDs) and Verifiable Claims which elaborates on some indicative use cases:

Verifiable Claims use cases

(Note: Some of the work in this space is related to blockchain technology, which I am not very much a fan of… yet, at least)


An additional complexity to the system outlined in previous post, and @micheleminno’s proposal, where the goal is to have full control of your own data: There are legitimate cases where you should not have full control.

If you can edit and approve every data point in your profile, then you filter out all the negatives and keep only positive facts about you. If you misbehave on a platform - or are an outright troll - then you should not be able to remove all the flags and reporting about your behavior.

To handle this in the system, the platform should have a Terms of Service where the rules can also be interpreted by code. The flags are a form or aggregated data, and this time - when sending it to your profile storage the platform attaches a data contract of their own to it, which you must accept. This contract could state that you cannot delete or edit this data as long as you are member of the platform, but that only you and the platform admins are allowed to read it.

But there are more, and different cases. If in real life you apply for a job and then your potential future employer could contact your boss from a previous position in your CV and ask about your positive and negative sites. If there are negatives you will not be able to suppress them. You can only react to them, if you are invited for a talk.

If you and your future employer used an automated platform to help with this - say LinkedIn - and it used the system outlined here, then how would that work?

It could work something like this: On behalf of your potential future employer a job evaluation request is sent to your former boss. Former boss fills in the request and adds a bullet list of positives and negatives, which are sent back to the platform upon submission. Though the request is signed by the Validated identity of your former boss, the informaiton in it only reflects his opinion of you (but it isn’t necessarily factual… she/he can hold a grudge against you). So the platform first sends the request as a number of Claims to your profile storage, and allows you - via the data contract - to attach your own opinion / reaction to each of the claims, beore it is sent back to your future employer. This way you are able to defend yourself. But you can also in turn smear your boss. So when you submit your reaction to the platform, it could be sent to both your future employer, as well as to your former boss.

This is quite a complicated process flow (and could have further steps than outlined), but it is also application-specific, and that is fine. The data contracts on this information exchange could state that the information may only be shared between the 3 parties involved, or risk violation of the law.

There are more cases where you should not be in control of your own information. If you are a convicted criminal, for instance, and you have just been released on bail. Another party should be able to find out if you are trustworthy before bestowing trust on you based on your data.

1 Like

Would like to mention the open-source Unomi project just started at the Apache Foundation. It is a user profile server with some interesting aspects: Apache Unomi:

Apache Unomi is a Java Open Source customer data platform, a Java server designed to manage customers, leads and visitors data and help personalize customers experiences while also offering features to respect visitor privacy rules (such as GDPR)

Apache Unomi is also the reference implementation of the upcoming OASIS Context Server (CXS) standard to help standardize personalization of customer experience while promoting ethical web experience management and increased user privacy controls.

1 Like

This is a great video that you should watch to understand more of the underlying complexities, and what is already going on in the field of “Self-Sovereign Identity” - the mechanism that allows control of your own data:

There is also a shorter version of the above, but I think you need to longer one for better understanding:

There is a related effort started by Tim Berners-Lee called “SOLID” seeking to let users control their personal/profile data (mentioned by @aschrijver) . And a discussion for technologists in the area hosted by IEEE that may be of interest.
“ownership” of data, and “control” of data are critical aspects of the 21st century economy.


Yes, @JeDI, I know about Solid. I mentioned it above. Do you have practical experience with it? I saw there is work in creating ReactJS components that incorporate the technology, hide the intricate complexities. Very interesting.

I am not sure if I want to sign up to IEEE, though they have many interesting publications. Is it worth it you think, or will I still bump into numerous blocked, paid articles?

I love the overall thought level that has gone into this work, and the way that many use-cases and scenarios have been thought out. Ultimately, it’s a technical approach to a political problem, and that’s why I think it has no chance.

A realpolitik view of this brings up some crucial political/legal challenges:

This data contract is signed with my personal secret key
People can’t manage passwords reliably, It is unrealistic to think that personal key management would be used by anyone outside the tech industry.

Regulation prescribes that wherever my data is used…”
We can’t even get rid of binding arbitration clauses in the USA. There’s no chance at all that the force of law will come to the side of consumers in this way. You’re assuming GDPR+ here, and that may be possible in EU, it’s simply not conceivable in the US now or in the foreseeable future.

Every citizen in the world gets the opportunity to create one or more cryptographic keys
This is such a deeply “western” POV that assumes so much about rights, law and culture. This concept is already illegal in places like China, The Middle East, and a pretty large swath of Southeast Asia. I’ll toss much of Eastern Europe into that mix as well.
Also a 3rd party recoverable key is a compromised key.

“only a government key provider may have the authority to issue the claim of my Nationality”

Again, in the US, we have no “national identity card” (arguably a passport is such a document, but only 42% of Americans hold a passport in the first place. Yes, we have state-level identity cards (drivers license and “non-driver” ID cards) - but you’re under no legal obligation to get any of these and I’d suggest that making identity cards of any kind “mandatory” would spark a political storm of epic proportions.

From the POV of the US Citizen, I think that the problems of identity and data are not technological, they are legal.

Our “digital person” does not have the same protections under our constitution as our physical person. The “3rd Party Doctrine” basically says once you give your data - directly or indirectly - to a 3rd party, you have no right or expectation of privacy.

There are no meaningful penalties for leaking data. Increasingly, there are no social penalties (the Ashley Madison breach came and went quickly enough).

So, I think until the weight of legal and financial pain is brought to bear on those who collect and mis-handle data, there is no need for more technological solutions that regular people can’t and won’t use.


Good points @zincfoam! Let me address each of them in turn. You may know about these concepts already, but I’ll add some additional explanation for others to understand too.

Handling keys by non-technical users

Cryptographic keys are different beasts than passwords. Cryptographic technologies mostly exist in a layer that is hidden from view of regular, non-technical users. You use them without being aware of them, like when you browse secure (HTTPS) websites. Under the hood keys, certificates and truststores do the work of ensuring your connection is secure. If two ProtonMail users exchange emails, then the service ensures that the mails are signed and encrypted. Etcetera.

Keys are not meant to be human-readable and memorizable (they are very long random-looking chararcter sets).

There is some management of keys that is similar to handling passwords, however, e.g. when the key exchange mechanisms in this ‘Web of Trust’ use public-key technology, then there are private keys that are strictly private and must be protected, while public keys can be exchanged freely.

A key provider must provide secure access to your keys, and could use a password mechanism for this, accompanied with e.g. two-factor authentication (like confirming access using your phone). When there is need to carry private keys around, then they could be stored on a bank card and protected by a pincode (where 3 failed access attempts locks the card). There are many methods to deal with keys securily.

Laws and regulation

There is no explicit need for all the appropriate laws and regulations to be in place. The Web of Trust technology can stand on its own. But it would certainly help is regulation was designed in support of the technology.

Besides the GDPR many countries already have other laws in place that could be applicable to breaches of trust. Like when you steal someone’s key and gain illegal access to personal information, then this may constitute a cybercrime.

Laws - if they exist - can be transformed to Claims in the technology layer. This means that as an end-user I can make an informed decision whether I trust a 3rd-party with my data. If the service I want to invoke can’t make any valid Claims, because e.g. the server is hosted in North Korea, then I can decide not to use it.

The amount and nature of the valid claims a sevice can provide thus establishes its Authoritativeness, its reputation, if you will.

Accessability and scope of Web of Trust

Yes, you are right in stating that large parts of the world do not have access to technology, like we do in the West.

An important point, however, is that the Web of Trust, pertains only to The Web i.e. the internet and those that already have access to it. The identity system outlined in my previous comment is not meant to be an universal system for identity that also extends to the ‘real world’ (outside of the web). Nothing changes there, and you have passwords, bank cards, birth certificates, etc. to prove your physical identity. Web of Trust is about your Digital Identity.

This does not preclude a translation of the Universal Declaration of Human Rights to the Digital Realm, that states that every person in the world has the right to have a Digital Identity.

Cryptography, identity and encryption

Do not confuse cryptography with encryption. They are different things.

I can use a key to sign content that was created by me, which allows other to establish with confidence that I was indeed the creator. This mechanism also extends to verify that the content I receive was tampered with and modfied by some man-in-the-middle, a nefarious actor. So keys establish Identity and Authenticity.

I am sure that countries such as China do not have a problem with the above use of key cryptography. Many governments including that of China, but also Australia (see: Australia anti-encryption law) and the US, however, have issues with Encryption. Under the guise of fighting terrorism they want to be able to spy on anyone’s information exchanges on the internet.

But encryption is an optional next step that can be achieved with key cryptography. Ensuring online privacy of communication (using encryption) is a universal right that we should fight for, but it does hamper the Web of Trust concept (though weak encryption, means weaker assurances of trust).

Issuing Claims and establishing Authority

You are once again right, about large parts of the world population not having government-issued identity cards. I should clarify that a governent Claim of your Nationality is just an example (therefore the ‘may’ in my sentence).

Anyone can issue Claims, and there may be more ways to establish your Nationality. Note that on many occasions you wouldn’t need to state that claim to establish trust. The Web of Trust in that respect is very similar to how trust works in the real world.

If I want to approach a friend of yours whom I don’t know, then - for her/him to trust me - it would be sufficient for me to show that person a valid Claim provided by you to me, stating that I am your friend.

If on the other hand I would be posting an article to Bloomberg, stating that I was “Barack Obama”, then Bloomberg would require me to provide a number of really strong Claims to prove that fact. If the only claimable fact was a server IP address in Nigeria, then Bloomberg would immediately reject my article (and flag me as untrustworthy).

Note that the Key Providers are decentralized, just as the web is inherently decentralized. This means that I could run my own key provider server, or host one with the people in my neighborhood. I can create as many keys as I want, but they are not of much value without claims attached to them.

To establish Nationality, instead of my government, my bank may be willing to provide it. The claim may be less trustworthy. Maybe you don’t trust my bank. It could also be provided by e.g. the UN, or Unicef, or any NGO or even commercial party, if I can convince them to provide me that claim (e.g. by showing registration papers of my city, or whatever).

Breaches of trust and Security

Last point, and also mentioned earlier, the technology and law go hand in hand. Insufficient law does not hamper the Web of Trust technology to be used.

Regarding actual breaches of the law: Data breaches and stolen identites (like Ashley Madison, Marriott, etc.) are very much in the news these days. More and more data breaches occur. Every hacker, government and commercial entity is out to get our personal data.

But these breaches mostly occur, because the systems where the information was stolen from, are inherently insecure. There is much sloppiness in their implementation in general, because monetary incentives prevailed when creating them, not privacy and security.

Embedding well-designed cryptographic solutions into these systems would greatly increase security and privacy. Cryptography is a very complex subject, and can be easily implemented the wrong way. But it is good to know that experts in these fields are pushing the technology and creating applications, libraries, projects and best-practices for application developers that hide these complexitiies.

Adoption of these solutions is important for the Web of Trust to come about, and this is a slow progress unfortunately, because of the need to standardization and interoperability of systems.


The links above to standards like Decentralized Identifiers (DID) and Verifiable Claims are applied in the concept of Self Sovereign Identity.

:warning: Apparently all solutions of Self Sovereign Identities (SSI) assume some form of blockchain technology. And this - for me - is problematic, as I am not convinced and very sceptical about blockchain technology in general, and so are many others in the developer world. So far there are no real viable solutions based on blockchain. Maybe SSI is a good use case for blockchain, once / if that matures in the future.

SSI is therefore not part of my considerations if blockchains are involved! I asked a question about it in the DID W3C repository.

Even if we own the data about us and keep it in a private basket (so to speak) there is still the issue of non-anonymous identifyers that are used to track and match us.

For example, your home IP, your wireless connection ids and so on are unique ids that point to just you (or your household). These are necessary to connect to networks. Some companies are using these to match people, for example by installing scanners in physical places to track every person’s device in that place. This is more commonly used in apps and websites, which then match that person to follow them around. These are then matched and a connection is made, you are in x locations or y app actions or z webpages therefore we can add this to your profile without knowing anything else about you besides these unique ids that you use to connect online.

Yes, that is true, and to a certain extent you will always place trust somewhere.

But note that with this new technology, and decentralization in general, it becomes much harder to faciltate this tracking of users and collecting their data without your knowledge.

Take for example the Fediverse (with e.g. twitter replacement Mastodon). Here you have 1,000’s of federated servers. A user only directly communicates with their own server (the one that has their user account), and everyone can host their own server, or you choose one that you trust. Your IP is not exchanged in cross-server synchronization (plus this communication is encrypted).

On top of that the software we use in future can incorporate functionality from VPN’s (target server sees different IP) and disallowing cookies (3rd-party tracking much harder) in standardized ways.

And to those places where you are sending your IP to, it becomes part of the data contract I outlined above.

That is how far technology can take you (which is quite far), the rest should be regulation and law.

On this thread I would also like to mention - a Web of Trust application - as an existing, widely used (though mostly by techies) key management solution with which to prove your identity.

It is mostly used by more advanced users, and you’ll not find easy explanation on their site of what it is for, and how it is used, so you might read Quora: What is Keybase in laymans terms, Quora - Why should I use Keybase, the bit technical Introduction to Keybase and check wikipedia:

If you want to dive into a huge amount of discussion on Keybase, then this Hacker News search is for you.

One thing I do not like of Keybase (and the reason I did not yet try it) is that it is a commercial company, but nowhere can I found how this is set up, or how they do raise money, etc. Best info I could find was in this blog post and in their Jobs section they state this:

Keybase is a small, well-funded company of idealists who love what we’re building. Our team and investors come from a variety of early roles at OkCupid, Reddit, Tumblr, Facebook, and more. We enjoy:

  • bringing privacy & security to the masses
  • making apps & interfaces
  • ping pong & peanut M&M’s & LaCroix water & team outings.

I just asked a question about this on Hacker News (let’s hope it reaches the front page):


@aschrijver thanks for this summary re: security, keys, encryption, etc. so good I may need to do the ol copy pasta and pass along.

1 Like

This is a very strong point. While I cannot mention names of companies, I know first hand that, in combination to any third party collected data through mobile apps, there are indeed methodologies and partnerships with other direct to consumer companies like car companies (which then have access to limited DMV data and car purchase data), insurance companies (which have access to home address data), DVR companies (which have access to television viewing patterns) political agencies (voting data linked with technologies where pollsters input information door to door, scary stuff). Then the financial companies with credit scores, etc. Years back I participated in a number of meetings with different types of consumer based companies, all trying to figure out ways to link x, y, and z by combing different data sets from different companies.

Data collection existed before the web, if we were to achieve a perfect web of trust, it would make the internet ironically the only true safe space, which would be great but if achieved what difference would it make if the rest of the world is still gathering consumer data, trading it, improving it, etc?

I think the early idealism of the web viewed the internet as such a safe space, and instead, perhaps the web in its own way just exposed exponentially what has been going on all along, just magnifying at scale the underbelly of the beast so to speak.

Wow! Nice perspective, I’m impressed with your broad knowledge here and the ability to present a bigger picture with the technical pathways that allow it.

How do you see adoption happening? Would you see this emerging from within the big Four, through regulation? through competition?


Nice thinking, and I can’t tell you how much I appreciated the hand drawings to humanize your presentation :joy: I think what you are suggesting or something like it will soon emerge. Have you read Roger McNamee’s book? He is calling for a “universal authentication” system and advocating for that at a pretty high level, touching government and big tech.

I do think it can be used to add a measurable value to the users attention or interaction with the sponsored media, but I see the only way remittance can happen is if value (revenue share) is measured against user attention. I can see if users don’t add data that value is x, and if users add personalized data that value is increased, with the revenue shared per ad view.

I’m only basing that on the practical reality of how media buyers buy, another side of the equation. It has to make sense to the advertisers otherwise it will fail to find adoption, even if regulation exists to support it, if the economics are impossible or only available to the bigger brands who can afford the larger media buys, that itself can have unintended consequences back on the publishers, who really need saving right now.

Example: say someone can purchase my 3rd party data, that doesnt mean I will see their ad. data is bought in bulk. That data is then sold in bulk against media buyers ads, and that collective bulk adds maybe a $1CPM to the ad buy, maybe more depending on the targeting.That’s sometimes 25% of the full ad buy revenue share.

Most platforms cant determine the viewability, or the metrics of the viewability is meaningless (Facebook vids for example counting a view after :03 of video viewing) The economics probably wont make sense in terms of defining the value against what the advertiser paid versus what the user actually saw. The data provider is often just one of the layers in the exchange, there is still the publisher fee (not based on data but audience size) and the agency fee. Monetizing data direct to user is not a pathway I see that is easy, considering the variety of media buyers and networks.

Also, refreshing for me, i see that you and many in this community focus on the social media side of data and advertising - while my focus for the past few years has been less on social, and more on web publishers, especially the premiums, like news organizations or top 40 sites in each vertical, or niche networks of niche blogs. I’m worried for the online publishing industry, so I focus on that side, which offers unique targeting that is surgically contextual that social networks cannot. Additionally, social networks have robbed creators of the ability to actually own and control their own channel, so saving that through web publishers is important, especially if we want to take on the big four ( Our current platform addresses the problems within Google and Facebook in relationship to publishers)

what you’re suggesting or something like it nests nicely in what we’re working on, we stay away from data entirely, don’t need to collect it at all but I see where if the user has control of their data and opt it in, it raises the value of their attention shared, which is a revenue share of the ad buy, stored as a digital asset.


With regards to Online Identity and The coming Automation of Propaganda I see a much bigger incentive arising for the big Four to adopt standards-based approaches that establish a ubiquitous and global online identity system. This helped with government regulations that are undoubtedly coming to address future trends in misinformation and fake news.

Primer on Functional Identity

At Rebooting the Web of Trust I found this very nice Primer on Functional Identity that explains Identity Systems, also from the layman’s perspective.

It defines Identity as:

Identity is how we recognize, remember, and ultimately respond to specific people and things.

On Identity Systems:

An identity system is a collection of tools and techniques used to keep track of people and things.

Every person uses an identity system. It is used to discern friends and family, people we trust from complete strangers, for instance. It comes natural to us. Yet on the internet there exists no good system to determine identity yet. With our pervasive use of the internet it is vital that we get such a system in place, and a system that implements identity the right way, as:

“[There] are legitimate abuses of identity feared by civil libertarians and freedom-minded people everywhere. When we talk about identity systems, we are necessarily talking about how we keep track of people and things. Do it badly and we risk accidentally building our own Panopticon prison. Fortunately, by understanding how identity functions, we can avoid, mitigate, and minimize such abuses.”

Most of this info is accurate and i will not get into specifics but I take issue with the post aschrijver makes concerning laws and regulations:

Here is my beef: Regardless of your adversary and threat model and all that, law enforcement has little incentive maybe none to respect the fourth amendment in regards to obtaining encryption keys.

Police in all developed countries in the world use the babe ruth technique.

That’s when they hit you with a baseball bat and tell you to sign a confession while your hand still works and cough up your private keys and passphrase.

To blindly assume oh my data is secure and rely on keyserver or anything you do not control is too risky for me I don’t think it is good advice.

Learning how to do public key encryption is more valuable than moving trust to a third party and idk what is gained placate the users sense of complacency?

You are right not to trust keybase though, they are a honeypot they have keys that no one submitted, they scraped them and added them without the users permission.

Seems dishonest to me and I dont understand why anyone would ever need a keyserver.

Check this:

Broodwich: Bob email me your public key
Bob: Aight you got mail
Broodwich: Sends comm encrypted to bobs key with broodwich public key encryped inside and funny joke
Bob: Adds Broodwich public key to keyring, writes back another joke and encrypts to broodwich and send back

How does a keyserver provide anything but risk or at least one more rooster in the henhouse?