Who Owns Your Digital Identity

Hi frens,

This weekend I went to Kaohsiung to meet friends and gave a talk about “who owns your digital identity.” You may find Google Slides here or PDF at Speaker Deck. I’ll just skip all the details, but directly talk about the core topic.

Our identities are built with our cumulative certificates, our life trails, our lookings, etc. When it comes to the digital world, we would use cryptography to verify our certificates without the need for human interaction anymore. Cryptocurrency or web3 world has been exploring it.

How do we present our digital “verifiable” certificates? We need to hold the private key, like a private seal (私章), for proving our ownership of certificates. It’s “something you have” to prove your identity. We do have possessed our certificates paper or private seal, but do we really have full control of our private keys?

Private keys are quite abstract that majority people may never understand. Those “keys” are stored and used within secure chip, and usually you can’t export the keys. However, passkeys are designed for users’ convenience, and that does sync with users’ Google/Apple/Microsoft account! In the cryptocurrency world, people believe that only revealing and storing the keys by ourselves would be proven fully controlled. So we have mnemonic mechanism to derive our private keys.

Do we need to have the ability to “copy the key”? In the real world, we need locksmiths. In the digital world, do we still depend on secure chips, software providers, or shall we give the freedom of choice back to the users?

Your friend,

Denken

P.S. "keys" by ph0rk is licensed under CC BY-SA 2.0.