What is digital identity and how to protect it?

Technology has made the boundary between the real world and the virtual world increasingly blurred. It is as if there were two planes of existence that are different, but in some points converge. At this point, terms such as digital identity appear, which are very topical today.

We understand digital identity as the set of data that make up who we are on the Internet. This includes everything from our personal data to images, comments, tastes, bank details, etc. That is why it is essential to protect it to avoid possible impersonations and fraudulent uses.

Why is digital identity important?

In one sentence. Digital identity is what we are on the network. What we share, what we publish, the people and companies with whom we establish a relationship and even the pages we visit are part of it. Any action on the Internet leaves a trace, even if the user is not aware of it.

All this information, whether provided voluntarily or not, differentiates one person from another. Digital identity allows users to access online services, which in turn leaves a digital trail.

Some of this data is under the control of users. For example, the information that a social network has about a person. With this, you can interact with other people, have personalized content or access services that require identification.

Other data, on the other hand, are not controlled by their owners, as they are created by third parties. For example, a review of a restaurant. This is what is known as online reputation.

In any case, digital identity has become a market asset. Large companies can use it to offer products and services that best suit users based on what they know about them. They can also sell them to third parties to do the same.

When we enter a page we are giving data without being fully aware of it. For example:

• Geographic location.
• Language.
• Access device.
• Browser.
• Gender.
• Age.
• Search histories, pages visited, etc.

Most of this data is obtained through cookies. These are files that websites send to browsers to learn more about the user. Hence, the great existing interest because these are accepted when visiting a web page.

What are the risks to digital identity?

In this new reality, proper data protection is a major challenge for both technology companies and governments. There are numerous channels of interaction, which increases the possibility of information being extracted and used for illegitimate purposes.

Thus, there are several problems that need to be addressed in the coming years:

• Impersonation. A person impersonates another person by appropriating his or her digital identity. In turn, it is used to commit other crimes such as fraud, scams or accessing your bank accounts.

There are very secure identity verification systems, but they are often not enough to avoid this problem. These do not work exclusively through passwords, but use unique authentication factors, such as facial or fingerprint recognition.

• Theft of banking data. A person’s financial information and passwords can be revealed if extra precautions are not taken.

• Blackmail. If a person gains access to a person’s private data, he or she can extort money by making it public if he or she does not receive financial compensation.

• Cyber-attacks. Companies are the most exposed to this problem. With the rise of teleworking, employees’ computers are often less protected. It is more likely that breaches will appear that facilitate the leaking of confidential data.

All this continues to generate trust issues for many people, who refuse to have more online presence than is strictly necessary in the face of these vulnerabilities.

What are the characteristics of digital identity?

According to David Goldstein’s paper “At a Crossroads: Personhood and Digital Identity in the Information Society”, digital identity is defined by being:

• Social. It is constructed when interacting on the Internet.
• Subjective. It generates a perception in other people and organizations.
• Valuable. It can guide purchasing decisions and even be sold to third parties.
• Indirect. It is formed through a trace.
• Composite. It is formed by the person him/herself and others without his/her consent and/or knowledge.
• Real. May have reflections and consequences in the real world.
• Contextual. It is possible to generate a negative impact if used where it is not appropriate.
• Dynamic It is constantly changing and evolving.

In terms of its elements, these are multiple and not so narrowly defined. Some of the most notable are:

• Publications made. Both in social networks and in comments, blogs.
• Pages and services used.
• Name, nicknames, avatars, etc.
• Contacts.
• Photos.
• Interests.
• Purchases in e-commerce.
• Etc.

Even what you do is also part of the digital identity. If, for example, a person does not have social networks, it is also information that is included in this concept.

How to protect digital identity?

Many people are overconfident about the security of their devices and the security of the sites they visit. This overconfidence can be costly. It is a good idea to check the permissions granted on your computer and cell phone, and to carefully read the data requests that appear when you visit certain sites.

There are a number of tips to protect your digital identity from those who want to access it:

• Do not access public networks. Most of the open wifi are not secure and have security breaches through which it is easy to access. Always use private networks, as they also hide the user’s location.

• Use secure websites. The Secure Hypertext Transfer Protocol protects against many vulnerabilities. The sites that fulfill this condition, show in their URL bar ‘https’ instead of the ‘http’ that, until now, was habitual.

• Strong passwords. Although there is more and more digital culture, many users continue to use weak passwords. It is also important to change them regularly and not to use the same one for all the services used.

• Update the software. Many times these come to solve security problems that have been detected.

• Read the terms and conditions. When you install software on a device, you can unknowingly give it access to personal data that it doesn’t really need to function.

• Google your name. It is advisable to do this frequently to confirm that no one is using it for their own benefit.

• Check social networks. The information these services have about their users is a vital part of your digital identity. Eliminating those that are not used and reviewing the permissions granted is an extra security measure.

The role of blockchain

The introduction of blockchain is going to change the way digital identity is built. This technology makes it possible to ensure the authenticity of data and that it cannot be modified by third parties.

The blockchain is going to allow users to have full control over their own data. In addition, it will allow a decentralized use of information, allowing unique verification systems that will guarantee that whoever uses them is the person they claim to be.

These tokens store a large amount of information about the user. Thus, for example, it would not be necessary to present a document to certify that one is in possession of it. With the new blockchain-based digital identity, it would be enough to authenticate oneself in a system. By logging into the system, the document in question would be certified.

The way in which information is shared on blockchains is different from the way it has been shared online until now. Sensitive information is never exposed; it is always the user who decides what to share and what not to share.

These developments are still at an early stage. There is great interest in their democratization, since they protect sensitive information and have a large number of applications. Many companies are already working on this technology, but it will take years for it to reach the majority of Internet users.

How is it different from online reputation?

Digital identity and online reputation are often thought to be synonymous. The latter term refers to the opinion that third parties have of a person, brand or organization. Moreover, it is an abstract concept, difficult to quantify.

All organizations and individuals can have one. Even if they do not manage it. Online reputation is not under the control of the person who projects it, but of his or her environment. It is created based on content, opinions and testimonials about the person, company or institution in question.

It can be both positive and negative, being in this case quite difficult to repeat, especially if there has been an image crisis. Forgetfulness in the network is something that plays against, since it is very difficult to eliminate content that does harm, whether it is true or not.

Digital reputation is also under permanent construction and is not linear. The large amount of information that is created every day makes it fluid and changing.

An indelible trace

Everything that is done online leaves a trace. Consciously or not, the data used to interact on the Internet defines people. This, together with other information provided voluntarily, forms what is called digital identity.

The large number of channels in which we make use of our digital identity means that it can be compromised. Taking extra security measures such as periodically checking passwords or not connecting to public networks are good practices to avoid damage.

You may also like:

• New digital profiles in the 4.0 society
• Uses of Augmented Reality in educational centers