This is how you end the Faceopticon
The global identity system Facebook is building can be stopped with private, decentralized credentials that ensure user self-sovereignty.
The global identity system Facebook is building can be stopped with private, decentralized credentials that ensure user self-sovereignty.
Nym Technology: Part 1 of 3 — Credentials
As the U.S. House Financial Services Committee members used up their Libra hearing last week interrogating Mark Zuckerberg about fake news, they missed some telling word salads like “Our wallet is going to have strong identity” that might’ve helped them to see the truth about Libra. Facebook’s Libra strategy is right out in the open — it’s about the data — specifically, the data at the intersection of the Calibra wallet (which will capture your financial activity) and Facebook Login (which already captures your personal activity).
Facebook has stated that Calibra will be anonymous, and that opting in will not merge your personal and financial data without your ‘consent’ — but it is legally obliged to identify you under KYC/AML, or ‘Know your Customer,’ the stringent international agreements that prevent money laundering, and it will link your data. Linking is in Facebook’s nature, as we will see. This is stated plainly in Calibra’s customer commitment:
“Calibra will use Facebook, Inc. data to comply with the law, secure customers’ accounts, mitigate risk, and prevent criminal activity. Beyond these cases, if a Calibra product feature can be personalized or improved with data from Facebook, we will first obtain customers’ consent to share the relevant data with Calibra. For example, people may choose to import their Facebook friend list into Calibra to make sending money easier. This import will not be automatic — we will obtain in-product customer consent.”
Regulators are looking hard at Libra, less so at Calibra and the rest of Facebook’s data-collection business. This is a big mistake. Calibra is the Trojan Horse that would allow Facebook to link everything you buy, sell, say or do, via Facebook Login, to your real identity, permanently — this is how Facebook can become the dominant ID authority of all humanity, Silicon Valley’s answer to China’s civil-obedience-enforcing Social Credit System.
Sign in with email? Or let the gatekeepers do it.
Facebook already does the job of authorizing the identity of any user who clicks ‘Sign in with Facebook’ in order to access a site without registering or remembering a password. If you have ever done this, you have used a credential from Facebook Login, and in return, Facebook now sells everything it knows about you to anyone who will pay for it, in perpetuity. Google has a similar system. This is explicitly the competitive advantage Google and Facebook have as the internet’s de-facto identity providers: they know much more about you than your own government, or anyone in your family.
When you Sign in with Facebook, all your profile information is linked to all your activity on the third-party apps and websites you use, creating a trail of behavioural data behind you that shouldn’t exist. Regulators have been slow to realize this — you can ‘Sign in with Google,’ Facebook or Apple almost everywhere, but rarely can you ‘Sign in’ with your US, EU or any other government-issued ID, much less a self-sovereign identity system that preserves privacy. Rather than, say, mandating user pseudonyms as was crucial for Bitcoin creator Satoshi Nakamoto, Calibra will link to government-mandated identities.
Allowing even the most benign democratic government total knowledge of your life is a clear potential threat to individual freedom, but in a country with underdeveloped financial, regulatory and legal infrastructure — Indonesia, for example — where people often lack both government identity and access to a bank, Libra can step in with its free digital account connected to a ‘verified’ personal profile, and ensure that Facebook quietly becomes the national ID system there. Four billion people are set to come online in the next decade — and most are in countries that sorely need financial services, and the human data flows there like rivers of gold.
Nym credentials are decentralized and private
Nym’s ambition is to encrypt credentials and divert these flows of personal user data around Google, Facebook and others, permanently. Nym credentials can accomplish the same goals as Facebook Login — user authentication and data transfer — while preserving user control and rights. Nym credentials have three key features that Facebook Login and similar systems lack by design:
User-controlled: Nym minimizes data disclosure to only what is necessary to prove you’ve, say, paid for a service, while revealing to the service provider only the fact that you’ve paid, and nothing else. If a site selling a movie ticket requests proof you’re over 18, why provide your full name, gender, phone number, email and home address? Why even provide your date of birth? A Nym credential certifies your date of birth and simply states that, yes, you are over 18. This ensures the user is truly self-sovereign.
Private: Surveillance business models rely on linking your identity and online activity; if Facebook can’t associate activity on a site with a person or profile, it can’t sell access to that person — it doesn’t have a product. Nym credentials are always private, encrypted in transfer, unlinkable and unsurveillable. Coconut aggregate signatures maintain the credential’s uniform appearance regardless of the size of embedded data. Coconut unlinks ciphertext so credentials can be rerandomized an infinite number of times into what looks like new, cryptographically indistinguishable credentials, breaking the links between all of your online activities and transactions. A Nym credential is disposable — it doesn’t follow you for life like Facebook Login, hoovering up everything you do.
Decentralized: The necessity for users to trust a centralized ‘identity provider’ authority ensures a single point of failure; if Facebook is hacked, for example, its data can be used (more) maliciously. Nym distributes trust throughout the network with a proof-of-stake system that removes the barrier of entry to becoming a credential validator (anybody can be one), and has cooperative ID providers (your friends, a government, an organization) verify the data points you require, which are encrypted, blinded, and sent to validators of your choice. You then assemble a credential by aggregating partial credentials from a threshold of validators, ensuring a malicious entity must compromise not just one validator but a supermajority to obtain fake credentials for itself.
(iframe src="https://www.youtube.com/embed/2ziUO32WD-I?feature=oembed" width="700" height="393")(/iframe)
Demonstration of Nym credentials at the Nym Privacy Workshop, ETHBerlin 2019
A world without centralized identity
Blaine Cook designed the OAuth protocol at Twitter in 2007 in the hope that it would contribute to the building of a decentralized web. When he later saw the centralization OAuth had spawned in Facebook Login, he encouraged Nym co-founders Harry Halpin and George Danezis to redesign and privacy-enhance the protocol. Their original formulation, UnlimitID, used anonymous authentication credentials invented by David Chaum, but was still centralized. In 2017, funded by the European Commission’s data-sovereignty project Decode, Danezis and his students created the Coconut signature scheme.
Thanks to Coconut, Nym credentials allow a user to transfer and disclose only selected personal data, and create unlimited decentralized pseudonyms to ensure anonymity and resistance to sybil attacks. Coconut is so powerful that Facebook’s 2018 purchase of Chainspace, also co-founded by Danezis and Nym CTO Dave Hrycyszyn, was widely read as proof that Mark Zuckerberg would use Coconut for a decentralized identity system. While Danezis now works at Libra, Nym is using and improving Coconut to create a world without centralized identity. Selective disclosure, under your control, and without central power, is what we are building.
“Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn’t want the whole world to know, but a secret matter is something one doesn’t want anybody to know. Privacy is the power to selectively reveal oneself to the world.”
— Eric Hughes, Cypherpunk Manifesto (1993)
Join us by hacking on the code
Or contributing to our Telegram chat
Get ready to run a Nym validator yourself
And watch CEO Harry Halpin’s related talk Fighting Back Against Libra
We look forward to integrating with projects and building this new world together!
