The Last Week Tonight host discussed the ‘sprawling, unregulated ecosystem’ that allows for companies to use personal data to target consumers
John Oliver: ‘I don’t know about you, but I don’t want a whole crowd of strangers watching what I search for on the internet. Not because it’s gross, but because it’s private.’
John Oliver took aim at the dark art of data brokers, raising the alarm on unregulated practices that many internet users are unaware of.
The Last Week Tonight host discussed the “unsettling moments” that often happen throughout the day online, as we discover that companies are “monitoring our activities a little bit closer than we would like”.
John Oliver on next-day shipping: ‘Someone somewhere pays the price’
He called attention to data brokers, who are part of a multibillion-dollar industry that encompasses “everyone from credit reporting companies to these weird people-finding websites whenever you Google the name of your friend’s sketchy new boyfriend”.
They “collect your personal information and then resell or share it with others” and have once been referred to as the “middlemen of surveillance capitalism”. It’s a sprawling, unregulated ecosystem”, and looking into what they do and how they do it can get “very creepy, very fast”.
“They know significantly more about you than you might think, and do significantly more with it than you might like,” Oliver said.
The main tools are cookies, which enable websites to remember you and have evolved to include third-party cookies, which track where else you are going on the internet. “I don’t know about you but I don’t want a whole crowd of strangers watching what I search for on the internet,” he said. “Not because it’s gross, but because it’s private.”
The process takes breadcrumbs of where we have gone and what we have done online, and packages it to share with marketing firms. Users are then sorted into groups, such as couples with clout, ambitious singles, boomers and boomerangs and kids and cabernet.
The dark side of this includes more narrowly targeted lists, which separate us by certain ailments or sexual preferences. Investigations have found that people are defined by their depression, diabetes, cancer and pregnancy. It’s a “system that seems ripe for abuse” as “what they can buy is pretty troubling”.
While marketing firms have claimed the data is anonymous, the process of “de-anonymising” is fairly easy as Oliver details as people can be discovered by a quick data investigation. “None of us are really anonymous online,” he said.
He called it all “objectively unsettling” and used an example of a priest who was forced to resign after a Catholic newsletter used app data signals from Grindr and matched his phone to his residence, outing him.
It’s a “massive, harmful invasion of privacy” and also incredibly dangerous. He used the example of a domestic violence victim whose address came up on a data broker website. Oliver also shared a horrifying story of a stalker who killed a former classmate after finding her with info he brought for $45.
Requesting removal of information is a “complex process” and there is no federal law requiring that the companies honour an opt-out request.
It also suits the government as both FBI and Ice have bought data to aid criminal investigations and deportations.
“The entire economy of the internet is basically built on this practice,” he said. “All the free stuff that you take for granted online is only free because you are the product.”
He said there needs to be a comprehensive federal privacy law but many politicians build their campaigns on use of personal data.
He used the example of the Video Privacy Protection Act of 1988, which was passed when Congress freaked out when they realised their video rental histories could be shared. “It seems when Congress’s own privacy is at risk they somehow find a way to act,” he said.
To show this, Oliver’s team used “perfectly legal bits of fuckery” to target members of Congress. They bought ads and showed them to men over 45 in DC who had searched for divorce, massage, hair loss and mid-life crisis, creating a group called Congress and cabernet.
“This whole exercise was fucking creepy,” he said with ads that pushed divorce help, Ted Cruz erotic fiction and voting twice. He said it might worry members of Congress that he now has the information of who clicked on what. “You might want to channel that worry into making sure that I can’t do anything with it,” he said.
Distributed digital identity, decentralized identity, blockchain, and distributed ledgers: what do they mean and how can they help keep my company secure?
What is a digital identity? A digital identity is information that combines all your personal online activities and data. Examples of what would make up your digital identity include usernames, passwords, online searches, date of birth, and social security number.
What Is the History of Digital Identity?
Digital identity is a critical and ever-present part of our lives. Identities play a role in almost every aspect of our lives, from business to commerce to entertainment. Additionally, many jurisdictions are turning to digital identity as civic documentation to cover identification purposes outside of the private sphere.
The history of digital identity has followed security, privacy, and usability questions, with different technologies attempting to address various aspects of these categories. One of the central challenges to digital identity has been centralization.
Centralization brings a host of problems to administrators, enterprises, and users alike:
Central Points of Failure: Centralized identity relies on central control over the implementation of that identity, which often means on-premise databases of login credentials (typically usernames and passwords or PINs). If that database is hacked, then those credentials are compromised and all user information has most likely been exposed.
Usability and Security Practices: Centralized identity schemes force organizations to either adopt outside identity management systems or implement their own—a reality that has led to a fragmentation of identity management. Users have to remember individual credentials for multiple systems, leading to poor security (from simple or reused passwords) and identity theft.
Lack of Ownership: The question of digital identity ownership is a lively one, with different regulations and business practices vying for control of private information. Centralized identity management requires that organizations mediate control between digital identities and users rather than placing ownership in the users’ hands.
Modern identity and access management have worked toward addressing some of these issues, primarily to support a connected, cloud-based, and secure digital world.
One of the emerging technologies to address these issues is single sign-on. The goal of SSO (also known as federated identity) is to facilitate authentication across multiple systems using a centralized repository of identities and policies.
Generally speaking, there are a few protocols through which SSO works:
Security Assertion Markup Language
SAML is an open markup language used by identity providers to format and transmit authorization credentials to other platforms or service providers. The idea is that a centralized SSO provider manages identities through a server and formats SAML authentication through an XML-based token system that connects identity providers and service providers (the organization handling your identities and the company with which you want to authenticate).
Open Authorization
As the name suggests, OAuth is more an authorization approach than an authentication method, but it can be used as part of an SSO scheme. Unlike SAML, where federation happens from a centralized identity provider across multiple service providers, it’s more often the case with OAuth that a user in an authorized session with one provider can access another provider from that session.
Of course, it bears stating that SSO is a smaller part of the larger discipline of IAM explicitly focused on how to provide federated identity and authentication without compromising security.
The problem with SSO and IAM, in general, is that they only address a small subset of issues with centralized SSO or OAuth. To start with, SSO systems still have security issues, and a compromised identity provider will still pose a risk to all users. Additionally, none of this addresses the issue of identity and data ownership.
To take steps in facing some of these lingering issues, developers and scientists are working toward developing distributed identities.
What Is Distributed Identity?
Distributed identity, also called decentralized identity, is the practice of truly removing the centralized nature of identity management from the equation.
Instead of creating localized or platform-specific usernames that rely on a single organization or consortium of participating organizations to manage, decentralization uses technology to place ownership of identity data into the hands of the users that information is supposed to represent.
How is this possible? The truth is that there isn’t a clear-cut answer yet but rather a collection of technologies that are stepping up to introduce decentralization into IAM as a whole:
Blockchain: Originally introduced in cryptocurrencies, like Bitcoin, as part of the nascent “Web 3.0,” the blockchain has been isolated as a uniquely powerful technology that provides an immutable, decentralized ledger of ownership. Under a blockchain, users have programs called wallets that store information and denote ownership, and this ownership is not dependent on a central organization to manage.
Decentralized Identifiers: Created by the World Wide Web Consortium, DID is a scheme of identity decentralization outside of blockchains proposed as a general protocol for managing identity. With DIDs, users can control their data, be protected by cryptography, and authenticate with participating organizations.
The blockchain, in particular, is part of what is currently being dubbed Web 3.0, emphasizing decentralization of control over information. It works by creating a ledger that the users of that network control through their participation, protected with cryptography.
Why Is Distributed Digital Identity So Important?
Right now, data ownership and protection are critical questions for large enterprises, governments, and end users alike. The General Data Protection Regulation is one of the most stringent privacy and security jurisdictions globally, due in no small part to its driving mission to place control of private data into the hands of consumers.
But giving users control over their digital identity and their personal data is no small task. Data is often seen as ephemeral, and users in many places (including the United States) have willingly given up control over their information to large corporations.
A distributed identity system could allow users to take control of their digital identities. Several governments have already begun to develop distributed forms of digital identities to support their citizens.
The European Union, for example, has started creating a self-sovereign identity framework built on DID and blockchain to modernize government ID for citizens. Countries like Germany, Uruguay, and Finland have started issuing electronic IDs and bank-issued eIDs to serve as national identification.
On a smaller scale, distributed identity can still benefit enterprises internally. By leveraging distributed identity systems, enterprises can connect user IDs with several different service platforms and authorization policies without reinventing or replacing existing identity systems. Additionally, enterprises can then adopt their schemes or extend existing ones offered through government agencies.
Strong Authentication and Distributed Identity with 1Kosmos
Distributed identity isn’t just a powerful new technology or the future of identification—it is a business imperative that will eventually shape how enterprise organizations integrate and adopt different types of managed services, cloud applications, and internal security measures. By working with user-owned, self-sovereign ID, businesses can mitigate some of the most significant weaknesses of centralized identity (security and usability) while expanding their ability to adapt and scale with new technologies.
BlockID from 1Kosmos provides secure authentication and promotes identity ownership through a few critical features:
Private and Permissioned Blockchain: 1Kosmos protects personally identifiable information in a private and permissioned blockchain and encrypts digital identities in secure enclaves only accessible through advanced biometric verification. Our ledger is immutable, secure, and private, so there are no databases to breach or honeypots for hackers to target.
Identity Proofing: BlockID includes Identity Assurance Level 2 (NIST 800-63A IAL2), detects fraudulent or duplicate identities, and establishes or reestablishes credential verification.
Streamlined User Experience: The distributed ledger makes it easier for users to onboard digital IDs. It’s as simple as installing the app, providing biometric information and any required identity proofing documents and entering any information required under ID creation. The blockchain allows these users more control over their digital identity while making authentication much easier.
Identity-Based Authentication: We push biometrics and authentication into a new “who you are” paradigm. BlockID uses biometrics to identify individuals, not devices, through identity credential triangulation and validation.
Interoperability: BlockID and its distributed ledger readily integrate with a standard-based API to operating systems, applications, and MFA infrastructure at AAL2. BlockID is also FIDO2 certified, protecting against attacks that attempt to circumvent multi-factor authentication.
Cloud-Native Architecture: Flexible and scalable cloud architecture makes it simple to build applications using our standard API, including private blockchains.
To discover the self-sovereign identity and BlockID, read more about 1Kosmos as a Distributed Digital Identity Solution. Also, make sure to sign up for the 1Kosmos newsletter to receive updates on 1Kosmos products and services.
Blockchain is a distributed ledger technology that is revolutionizing the way we conduct transactions, protect our identity, and preserve our privacy. By providing a secure and transparent platform for recording and verifying transactions, blockchain is fortifying the traditional finance system and unlocking new opportunities for innovation and growth. With its decentralized and immutable nature, blockchain is also empowering individuals to take control of their personal data and protect it from unauthorized access and exploitation. Whether you are a business owner, investor, or consumer, blockchain is a technology that you cannot afford to ignore in today's digital age.
Blockchain and AI are revolutionizing the way we perceive identity. With virtual identity tokenization, individuals can take ownership of their digital self and protect their data. The impact of this technology is inevitable, and it will change the way we interact with the digital world forever.
The anime classic Ghost in the Shell has been praised for its exploration of transhumanist themes, questioning what it means to be human in a world where artificial intelligence is advancing rapidly. The central question of the film is whether AI is just a shell, or if it is capable of developing true consciousness and emotions.
As our lives become more intertwined with technology, the concept of virtual identity has become increasingly important. From social media profiles to online banking accounts, our virtual identities can have a significant impact on our lives. However, with the rise of AI and other advanced technologies, questions about the ethics of virtual identity are becoming more complex. In this article, we will explore the different systems and technologies that make up virtual identity, as well as the ethical considerations that must be taken into account when developing these systems.
As technology continues to advance, our lives are becoming increasingly intertwined with virtual spaces. From social media platforms to online gaming communities, virtual identities have become an integral part of our daily lives. In these virtual spaces, we have the opportunity to express ourselves, interact with others, and explore new identities. However, as we spend more time in these virtual spaces, it is important that we understand the systems, behaviours, and ethics related to virtual identities.
Virtual Identity and Digital Integrity In today’s digital age, virtual identity has become an integral part of our online existence. It is the representation of who we are in the digital world, and it plays a significant role in our interactions with the online community. However, the growing concern of identity theft and data breaches highlights the need for a secure and reliable system to manage virtual identity. Blockchain technology has emerged as a potential solution to these challenges, offering a secure and decentralized platform for identity management. In this article, we will explore the role of blockchain in virtual identity and its impact on digital integrity. Understanding the Blockchain Technology Blockchain technology is a distributed ledger that provides a secure and transparent system for recording transactions. It is a decentralized system that operates on a peer-to-peer network, eliminating the need for a central authority to govern the transactions. Each block in the chain is linked to the previous block, creating an unalterable record of all the transactions. The security of the blockchain lies in its consensus mechanism, which ensures that all network participants agree on the validity of each transaction. The Role of Blockchain in Identity Management Blockchain technology offers a secure and decentralized platform for identity management, enabling individuals to have greater control over their personal data. Instead of relying on central authorities to manage identity, blockchain allows individuals to create and manage their own digital identities. This eliminates the need for third-party authentication, providing a more secure and efficient system for identity verification. Safeguarding Personal Data with Blockchain Blockchain technology provides a secure platform for storing and sharing personal data. The decentralization of the blockchain ensures that there is no single point of failure, making it difficult for hackers to breach the system. The use of encryption algorithms further enhances the security of the data, ensuring that only authorized individuals can access it. The Benefits of Blockchain for Digital Integrity Blockchain technology has the potential to revolutionize the way we manage digital identities, offering several benefits for digital integrity. Firstly, it provides a secure and decentralized platform for identity management, eliminating the need for third-party authentication. Secondly, it ensures the security of personal data, safeguarding against data breaches and identity theft. Thirdly, it provides greater transparency and accountability, enabling individuals to have greater control over their data. Blockchain and Biometric Authentication Blockchain technology can also be used for biometric authentication, providing an additional layer of security for identity management. Biometric authentication uses unique biological characteristics such as fingerprints and facial recognition to verify identity. By combining biometric authentication with blockchain, we can create a more secure and efficient system for identity verification. The Future of Digital Identity with Blockchain The future of digital identity is closely linked to the development of blockchain technology. With the increasing use of blockchain in identity management, we can expect to see a more secure and efficient system for managing virtual identity. The use of biometric authentication and encryption algorithms will further enhance the security of the system, providing a reliable platform for managing personal data. Overcoming the Challenges of Blockchain Implementation The implementation of blockchain technology presents several challenges, including scalability, interoperability and regulatory issues. Scalability is a major challenge for blockchain, as the system needs to be able to handle a large number of transactions. Interoperability is also a challenge, as different blockchain networks may not be compatible with each other. Regulatory issues also need to be addressed, as the use of blockchain in identity management raises several legal and ethical concerns. Regulatory Frameworks for Blockchain and Virtual Identity Regulatory frameworks for blockchain and virtual identity are still in the early stages of development. However, several initiatives have been launched to address the legal and ethical issues surrounding blockchain technology. The EU’s General Data Protection Regulation (GDPR) and the US’s National Institute of Standards and Technology (NIST) are two examples of regulatory frameworks that aim to promote the responsible use of blockchain in identity management. Use Cases of Blockchain in Virtual Identity Blockchain technology has several use cases in virtual identity, including digital identity management, biometric authentication, and secure data storage. The use of blockchain in virtual identity can also be extended to other applications, such as healthcare, finance, and e-commerce. Conclusion: The Path Towards Digital Integrity Blockchain technology has the potential to transform the way we manage virtual identity and promote digital integrity. By providing a secure and decentralized platform for identity management, blockchain can eliminate the need for third-party authentication, safeguard personal data, and enhance transparency and accountability. While there are still challenges to overcome, the future of digital identity looks promising with the use of blockchain technology. References and Further Reading
04 Feb’23 | By Amit Ghosh As the country pushes its sustainability agenda, the use of new technology deserves a closer look in order to make a difference in this cause When we examine blockchain’s role in environmental, social, and governance (ESG) policies and markets around the world, we can see how technology is already changing ESG markets. If more Indian companies adopt blockchain as part of their sustainability practises and policies, we will be one step closer to realising the ambitious goals that the country and the world have set for themselves As the world moves towards a greener future, it is imperative for businesses to build and lead with sustainable practices. India, one of the most populous countries in the world, has a tremendous stake in the global responsibility towards building a more sustainable world. The responsibility is especially magnified given the country’s reputation as a major economic powerhouse that ranks among the world’s largest energy-consuming countries. Link
