Would you trust identification on Blockchain if it was permissionless?

[ataraxiaceleste]

Personal Information on being collected, should be destroyed as soon as it is no longer required. Not only would this protect privacy, it would also improve security. If personal information is only collected when absolutely necessary, it is less likely to fall into the wrong hands. If it is destroyed when it is no longer required, it is less likely to become incorrect and out of date. But that also brings about another issue of recollection of data again. With such recurring processes, it is likely that data leaks may occur.

The Snowden revelations brought to the public, knowledge that most of our personal data is collected in an indiscriminate manner by the governments. Sometimes we may have a choice,and sometimes we don't really have a choice if we want to be law abiding citizens. Does this means we need to trade off our privacy in return to be law abiding?

Any data protection law has to limit such mass survelliance or "dragnet" surveillance as it contravenes the principles of necessity , purpose limitation.  

When such is the case Do you think we can harness the power of blockchain by having a identity layer which will satisfy both needs, the authorities need to carry out verification in a safe way and for the citizens to be sure that their data is not misused?

The majority of democratic countries have recognized that privacy is a fundamental human right which needs to be protected. Hence putting this very right to jeopardy makes no sense.

Blockchain ,Privacy and Identity go hand in hand. Which can help achieve end goals for everyone securely , accurately and safely. I have been researching blockchains that enable this.

[Josefjix]

Blockchain transaction was supposed to be completely anonymous until centralised exchanges start demanding for KYC. As far as one uses the internet and has a unique IP address and using a data subscriptions. No one is entire safe from leaking private information and personal data to the government.

[franky1]

there are ways to allow offering identification 'permissions' and withdraw them again

we all know the government know where everyone is. they are the department that hand out birth certificates/ social security numbers.

now imagine you certify those records as a key-pair
imagine this first layer as you having your name/hometown logged a pubkey. where you own the only private key in secret

when someone wants you to prove your identity. you then make a message saying .
"i validate i am who i am to company X
from July 6th2020 to july 20th2020"
for purpose of:
postal mail
emails 
"
and you sign it and hand over the signed message
(remember all message signatures are unique)

they can now validate you are who you are. but only that one is dedicated to them for a spefic time that they can legally use it under your permission. as they have proof you gave them permission
..
now take things like junk mail.
imagine instead of a postage stamp. there is a corner of envelope that has to include the desired recipients signed message in QR code format.
and if the expiry has passed the postal company just doesnt bother to send on the junk mail.

signing a credit card purchase that authorises you to spend X on date X
that helps them know your not a card cloner as each signed message is unique while still verifiable as you.
it helps avoid multiple payments on different days trying to use the same date X message. you know that its their mistake as they cant prove you authorised the other payments on other days

things like then getting random postal mail from other companies. you can request the permission proof and see which signed message they are using. which then tells you who sold them your message
(EG if company X sold facebook your 6thjuly/20th july. and facebook used the company X permissioned message to send you junk.
you can then punish facebook and company X

the main problem about sharing identity between companies isnt that they do it. its that there is no way to link spamjunkmail company number 125 all the way back to the source company X that sold their records
this way. you can. and also limit how long it can be used for legally

[20kevin20]

Do you think we can harness the power of blockchain by having a identity layer which will satisfy both needs, the authorities need to carry out verification in a safe way and for the citizens to be sure that their data is not misused?

A straight "no" from me. We cannot make sure our data is misused by them. If the authorities can't trust us for having full privacy, why should I trust them for handling my information?

They'll always misuse our data. They always have and always will, but we find out when it's too late (or generations after us do). Just think of how many undisclosed documents there have been hidden from us for so many decades - we basically pay the state to do stuff we don't even know about, and it's disturbing (like Berlin secretly doing this program for 30 years) many more times than it should've been.

Blockchain transaction was supposed to be completely anonymous until centralised exchanges start demanding for KYC. As far as one uses the internet and has a unique IP address and using a data subscriptions. No one is entire safe from leaking private information and personal data to the government.

It wasn't really supposed to be completely anonymous, there is enough data the governments could've collected to identify a Bitcoin user without any kind of KYC. Place an order online and pay with BTC - they'll register your full name, address, mobile phone, Bitcoin address etc. Make a transaction and you're probably going to expose your real IP. Even without KYC, there are enough ways people would expose themselves.

The difference is, KYC forces you to hand out 100% real information about you and goes way beyond basic personal information.

[rhomelmabini]

Blockchain transaction was supposed to be completely anonymous until centralised exchanges start demanding for KYC. As far as one uses the internet and has a unique IP address and using a data subscriptions. No one is entire safe from leaking private information and personal data to the government.

It wasn't really supposed to be completely anonymous, there is enough data the governments could've collected to identify a Bitcoin user without any kind of KYC. Place an order online and pay with BTC - they'll register your full name, address, mobile phone, Bitcoin address etc. Make a transaction and you're probably going to expose your real IP. Even without KYC, there are enough ways people would expose themselves.

The difference is, KYC forces you to hand out 100% real information about you and goes way beyond basic personal information.

Exactly and to those who are really trying to use crypto illegally they have been in the wrong place. It's a chain of a block (blockchain) and it's available on the public.

 
When such is the case Do you think we can harness the power of blockchain by having a identity layer which will satisfy both needs, the authorities need to carry out verification in a safe way and for the citizens to be sure that their data is not misused?

I think we can't harness that if authorities are still involved.

[madnessteat]

I think that while in the system of storage and processing of personal data will work a person then the leaks of data simply can not be avoided. In my opinion, the best solution is to try to reduce the number of permissions that you give to the processing of your personal data. In Russia, there are even people who deliberately do not start digital documents to minimize the risks of losing personal data.

[BADecker]

Personally, I would go for this... if it was safe.     

[ataraxiaceleste]

Blockchain transaction was supposed to be completely anonymous until centralised exchanges start demanding for KYC. As far as one uses the internet and has a unique IP address and using a data subscriptions. No one is entire safe from leaking private information and personal data to the government.

Blockchain was meant to bring transparency to all transactions and also make sure protect individuals from any sort of snooping. I think like any other industry, when the industry starts growing it is natural for regulators and governments to get involved. It is something no exchange can risk flouting and face the heat of law enforcement, if they want to run successful exchanges and business they need to be compliant. So that takes us to the point where we lean to live and coexist with the "system" rather than fight against it and risk a complete ban and halt.

I watched a video of the co-founder of Saxo Bank Lars Seier Christensen who is building Concordium which seems like they understand this well and building a solution at the protocol layer.

[ataraxiaceleste]

there are ways to allow offering identification 'permissions' and withdraw them again

we all know the government know where everyone is. they are the department that hand out birth certificates/ social security numbers.

now imagine you certify those records as a key-pair
imagine this first layer as you having your name/hometown logged a pubkey. where you own the only private key in secret

when someone wants you to prove your identity. you then make a message saying .
"i validate i am who i am to company X
from July 6th2020 to july 20th2020"
for purpose of:
postal mail
emails 
"
and you sign it and hand over the signed message
(remember all message signatures are unique)

they can now validate you are who you are. but only that one is dedicated to them for a spefic time that they can legally use it under your permission. as they have proof you gave them permission
..
now take things like junk mail.
imagine instead of a postage stamp. there is a corner of envelope that has to include the desired recipients signed message in QR code format.
and if the expiry has passed the postal company just doesnt bother to send on the junk mail.

signing a credit card purchase that authorises you to spend X on date X
that helps them know your not a card cloner as each signed message is unique while still verifiable as you.
it helps avoid multiple payments on different days trying to use the same date X message. you know that its their mistake as they cant prove you authorised the other payments on other days

things like then getting random postal mail from other companies. you can request the permission proof and see which signed message they are using. which then tells you who sold them your message
(EG if company X sold facebook your 6thjuly/20th july. and facebook used the company X permissioned message to send you junk.
you can then punish facebook and company X

the main problem about sharing identity between companies isnt that they do it. its that there is no way to link spamjunkmail company number 125 all the way back to the source company X that sold their records
this way. you can. and also limit how long it can be used for legally

What you mentioned is really brilliant. I think what you mentioned is largely aligned with what Concordium is doing they claim to have regulatory compliance by design. Privacy and verification of user's identity at a protocol level. Best part is, they are building public and permissionless blockchain architecture. Unlike the Hyperledger frameworks that business' were adopting.

[ataraxiaceleste]

A straight "no" from me. We cannot make sure our data is misused by them. If the authorities can't trust us for having full privacy, why should I trust them for handling my information?

They'll always misuse our data. They always have and always will, but we find out when it's too late (or generations after us do). Just think of how many undisclosed documents there have been hidden from us for so many decades - we basically pay the state to do stuff we don't even know about, and it's disturbing (like Berlin secretly doing this program for 30 years) many more times than it should've been.

The difference is, KYC forces you to hand out 100% real information about you and goes way beyond basic personal information.

'Kentler Project' was really messed up. It's sad that governments would allow such a thing. I think incidents like this all the more a reason for the world to adopt more transparent technologies that we can rely on to verify claims about everything rather than just "beleive" governments. What is much needed is an innovative identity layer that provides a compliance-centric balance between anonymity and accountability IMHO.

[ataraxiaceleste]

I think that while in the system of storage and processing of personal data will work a person then the leaks of data simply can not be avoided. In my opinion, the best solution is to try to reduce the number of permissions that you give to the processing of your personal data. In Russia, there are even people who deliberately do not start digital documents to minimize the risks of losing personal data.

People understand that their data is not safe, but due to fear of consequences by law enforcement people tend to become lax about such thing. Bringing accountability and transparecny is the only way for all parties to be comfortable. The only way is to have an inbuilt system that does this complete securely and transparently.

[ataraxiaceleste]

Personally, I would go for this... if it was safe.     

Do check our more about Concordium https://concordium.com/

It seems like they are still very early. I joined their community a few weeks ago after reading their whitepaper and research papers they are still 100+ strong members on Telegram. I will be spinning up their Testnet 2 as well. Best part is, they had no ICO!

If you wnt to join , https://t.me/concordium_official

[BADecker]

Would you trust identification on Blockchain if it was permissionless?


However, it's a really good idea if we can make up as many identities as we want.