For years, we’ve been simply giving away our most valuable asset – our personal data – steadily making ourselves more vulnerable to those nefarious souls out there who would take advantage of it. The lack of control we currently have over our data has become such a problem that Americans have listed the privacy of data as the top priority companies should address, beating issues such as poverty and gun violence.
Have you ever logged into a mobile app using your Facebook or Google ID? Be honest now – we’ve all done it at one point or another. In fact, 73% of us prefer to login with our social media accounts, purely because it’s easier than creating yet another account to log into a site. On average, we have up to 150 login accounts to manage, many of which we rarely use or have even forgotten about. So, if you’re asked if you want to forgo the usual time-consuming registration process and simply click a button to log in with your existing Facebook account ID, what are you going to do? It’s a bit of a no-brainer really.
The cost of convenience
But wait; have you stopped to consider what this convenience is costing you? The convenience that social media apps are offering is not born out of altruism (surprisingly). While the social networks may want to be a trusted source for verifying your identity, they cannot always be counted on to be that trusted source. Privacy is not their main concern; like any for-profit company, their focus is on monetizing their product – you. And so, the motivation behind their largesse is to get access to your data.
Now think about the wealth and range of data that, for example, Facebook and LinkedIn have about you: your birthday, a list of your friends and family, employment history, where you go on holiday, where you like to eat, photos of your mother’s 70th birthday party, and so on.
Let’s now connect these two points. When you use your Facebook ID to log into your grocery store website, for example, you’re allowing it to ask for data about you. These two sites (Groceries R Us and Facebook) can now link the data they each have on you back to its source – you. They know that all this information belongs to the same person. Facebook can get information about how often you order wine, ice cream and cereal, and your grocery store can learn about your date of birth, where you went on holiday and who your best friends are. (If you really want to scare yourself silly with the amount of data collected about you, have a look at this site.) The collaboration of these sites (and the accompanying data) starts to build up a comprehensive database about you. Eventually, you will be “trapped inside those Internet giants’ ecosystems that use personal data to fuel their business models.” Do these sites really need to know all this about you simply to confirm your identity? No; they don’t.
This is an invasion of your privacy, but, since the advent of enhanced data security laws, social media sites do make a “defensible” effort to ask for your consent to use your data, and to keep you informed of what is happening to your personal data. Invariably though, the real (and most pertinent) details are generally hidden way down in the depths of the Ts & Cs. Think about it – how many privacy changes have you agreed to on Facebook without taking the time to read and understand what they’re actually changing? The terms and conditions are constantly in flux. No one has time to read these lengthy, and legally convoluted documents, so, we just all click “accept”. It’s their business model – they need your consent.
Unfortunately, the impact of all this connected online data – information that is directly correlated to you – goes beyond invading your privacy. It impacts your online security. Have you posted lots of pictures of in restaurants eating pizza? well, there’s the answer to “What’s your favorite food?” security question you get asked when you’ve forgotten your password. Your mother’s maiden name? A quick scroll though her birthday pictures and related comments will soon reveal the answer to that. And voila someone has control of your bank account, or medical records, or insurance policies.
So, if not them, who?
This is one of the most frightening things about the digital age. We would never knowingly allow an institution to put trackers on our phones, read our emails or give them the names and addresses of our nearest and dearest, but we give this information away freely online to anyone else who wants it. So, what’s the answer? How do you ensure that any personal information you do share online cannot be connected to you? How do we identify ourselves online without sites gaining access to information about you that they do not need?
A possible answer to the identity conundrum could be the government. However, the wheels of bureaucracy can turn very slowly. This option may have to be discounted simply because it may not be able to keep up with the speed of evolution of market demand.
Wouldn’t it be great if we could have a way of creating an ID to identify ourselves for everything we needed – for purchases, to get on planes, to log onto websites, but one that was not correlated to all the other information that exists online about us? So that your music taste at Spotify could not be correlated with your food preferences from Uber Eats.
Who could we trust to be the guardians of our online selves? As mentioned earlier, a website doesn’t need to know all your shopping habits, and have access to your list of friends just to identify you. One option would be to use your bank as guarantor of your identity. Your bank is a trustworthy source – a site will generally believe that you are who you say you are because it is endorsed by the reputation of your bank. Your bank creates a proxy identity for every site you interact with – an online identity that cannot be correlated by any other site except the bank. The proxy ID contains only the information the website needs to identity you. The rest of your online persona stays separate; it is never used to identify you and it cannot be connected to the ID you use to log into sites.
Your bank becomes your identity wallet – as long as you have a banking app, you can securely log into other websites without needing a password or having to share personal information. In many geographic markets, banks have already made the security investments necessary to authenticate users, and they are among the institutions we most trust with our personal information. A user’s digital relationship with their bank represents an ideal trust provider relationship.