Respect for users’ personal privacy must be top of mind when developing proof-of-humanity identity solutions.
Trust is in shorter supply in the digital world these days. As artificial intelligence evolves and produces more “humanlike” and realistic results, users of digital services are increasingly concerned with knowing who and/or what, precisely, they’re interacting with. With a commitment to decentralization and broad access, the crypto industry in particular needs proof-of-humanity solutions to avoid issues like fake accounts and automated bots — and, of course, to comply with Know Your Customer and Anti-Money Laundering regulations.
The crypto industry is nothing if not innovative, and proof-of-humanity solutions that leverage verified video registries, social connections and biometric identification are among those in the works. But user privacy and control are a cornerstone of the crypto philosophy, so it’s essential that developers demonstrate a commitment to these principles. Below, nine members of Cointelegraph Innovation Circle share their advice and ideas to help developers of proof-of-humanity solutions preserve the privacy of personal information.
Aim for anonymous verification methods
Developers should aim for anonymous verification methods, such as zero-knowledge proofs, and process data on the user’s device to prevent personal information from being transmitted. When transmission is necessary, use end-to-end encryption. Emphasize transparency and user consent, and consider decentralized storage solutions to minimize centralized data breach risks. – Irina Litchfield, Lumeria
Consider blockchain-based “proof of burn”
Since the latest proof-of-humanity measures involve facial or video recognition methods, it’s concerning that these providers record and store new layers of personal information beyond the “normal” personal data that could be exploited. It would be interesting to see whether blockchain could be employed to show a “proof of burn” of the personal information obtained during a proof-of-humanity verification. – Timothy Enneking, Digital Capital Management
Verify identity without revealing it
Privacy isn’t an add-on; it’s the foundation of crypto. The pursuit of proof-of-humanity solutions mustn’t overshadow the sanctity of personal data. Use techniques like zero-knowledge proofs or homomorphic encryption to verify identity without revealing it. When done right, the result is a solution that respects identity and cherishes privacy. – Erki Koldits, OÜ Popspot
Implement a “forget me” feature
Give users the ability to fully delete their data. If a user changes their mind about using a particular identity solution, they should be able to completely exit the ecosystem without any lingering privacy concerns. This means developers should implement a “forget me” feature for users to remove both their data assets and their entire account history. – Wolfgang Rückerl, ENT Technologies AG
Adopt privacy-by-design principles
Adopt privacy-by-design principles during the development phase. Integrate privacy and data-protection measures into the architecture of the identity solution, including data minimization, user consent and secure data handling throughout the entire system. Implement robust encryption and decentralized storage to protect users’ data from unauthorized breaches. – Anthony Georgiades, Pastel Network
Practice data minimization
While it is tempting for Big Tech to harvest our data for profit, developers of proof-of-humanity identity solutions must practice data minimization, collecting only the necessary information to verify humanity. By limiting the scope of data collected, they reduce the potential risks associated with unauthorized access or misuse, thereby safeguarding individuals’ privacy. – Sheraz Ahmed, STORM Partners
Focus on self-sovereign identity and multiparty computation
In the context of digital identity in a Web3 world, we really should be talking about self-sovereign identity, which gives users true ownership of their data. While zero knowledge is great at simple proofs, the Holy Grail for privacy is the use of multiparty computation, where privacy becomes fully programmable, allowing for multi-input computation without compromises. – Tiago Serôdio, Partisia Blockchain
Leverage homomorphic encryption
The anonymization-individuality conundrum is commonly disregarded. Proof-of-humanity systems authenticate unique human identities, which may violate privacy. Homomorphic encryption can compute encrypted data without decrypting it; thus, humanity can be proven without compromising privacy. – Arvin Khamseh, SOLDOUT NFTs
Be wary of stockpiling biometric data
There’s a real question to answer when it comes to proof-of-humanity protocols: “Just because we can, does it mean we should?” History demonstrates, on a wide scale, the unwieldy nature of power. Not only is this a pivot from crypto’s tradition of eschewing institutionalized control, but collecting stockpiles of biometric data invites a scenario where it falls into the wrong hands. – Oleksandr Lutskevych, CEX.IO
This article was published through Cointelegraph Innovation Circle, a vetted organization of senior executives and experts in the blockchain technology industry who are building the future through the power of connections, collaboration and thought leadership. Opinions expressed do not necessarily reflect those of Cointelegraph.