User identity is broken on social networks. The one thing we expected from social networks, the empowerment of people, has been crushed by the utter neglect Facebook and other companies have given to the problem of giving users control of the information about their identity. And yet there may be a path to a solution. Biometric data about people, protected by encryption, could return the balance of power where it belongs—­with consumers.
How did we get here?
In the late ‘80s and early ‘90s, the early World Wide Web used a model akin to a public library that just happened to be distributed around the world. The fact that information on the web was free felt right, since the technologies that created it had mostly been paid for and developed using funding from the United States’ government research agencies ARPA and DARPA. Even the terminology used on the web in those days (downloading and accessing pages, connecting via hyperlinks across pages, finding things using a search index, etc.) evoked metaphors of a library. Websites were like books with “pages.” An entire generation grew up assuming they would never pay for anything online.
Into this cauldron came the designers of the next generation internet, dubbed Web 2.0. Its primary content was generated by users, including personal posts, reviews, ratings, opinions, comments, etc. But the legions of consumers who were spending more and more time on the web by this time expected content to be free.
Is it a surprise the developers and entrepreneurs of this new phase found targeted advertising to be the perfect business model? After all, TV and radio had for decades offered “free” content paid for with ads that were loosely targeted, based on demographic data and guesses about who was watching or listening. The bulk of revenue for newspapers, too, was from advertising. If one could “target” ads, it would be a quantum leap forward commercially from previous media, and consumers would be more likely to click and purchase items, leading to better advertising revenues.
Programmers began writing programs that could tailor ads and content to individual users. Websites with names like “” sprang up. Nicholas Negroponte at the MIT Media Lab declared that digital newspapers would soon be customized for individuals, a sort of “daily me”. Banner ads began to diminish and web pages became adorned with ads more or less targeted to individual consumers. The library model slowly disappeared, to be replaced by a model more reminiscent of TV, radio, and newspapers.
Thus emerged social networks and their seeming promise of social empowerment. Pundits predicted that the nature of user identity was going to change. David Birch, in his book “Identity is the New Money,” speculated about using his Facebook credentials to log into his bank. Others rhapsodized about logging into government agencies using Facebook identities. It would be empowering for consumers and good for governments. User identity as developed, controlled, and protected by social networks was going to disrupt government, business and commerce.
Today we find that Facebook and Twitter are besieged by millions of fake accounts, set up by malicious agents and bots, spewing fake content and news, and designed to manipulate and deceive. Perhaps nobody knew you were a dog on the internet, as the famous cartoon said, but nobody thought either that so many dogs on the net would bite.
What can we do?
For more than a decade, well-known technologies have made it possible to use a combination of biometric data and secret phrases to authenticate digital user accounts. The fingerprint and facial recognition systems on smartphones and computers, for example, keep their biometric data safe in a special chip (“secure vault”) inside the device. Years ago we could have developed a universal user authentication system along the lines of these technologies that was not limited to one device manufacturer.
If by now we had such a secure user identity system, it would be possible for users to construct virtual identities that were securely validated by their authenticated and controlled identity. A person could, for example, employ a virtual “persona” on social networks, a different persona for travel apps, and a separate one for use with health apps. Furthermore, users could change those virtual personas at any time or periodically, if they wanted to disconnect from any past data that had been gathered by service providers.
So virtual identities can be established that effectively preserve and protect a user’s private data. At the same time, these virtual identities could make verifiable user data available to service providers that could be used to deliver targeted ads and content. In such an ecosystem, the user would provide his or her data under a privacy guarantee. And since any targeting would be based on profiles maintained and controlled by the user, it would likely be more accurate. In a sense, the user would be able to advertise their interests to the service provider or advertiser.
Users may even be able to be rewarded for this provision of their user data, receiving cryptographically-protected tokens giving access to free content, or resulting in other forms of reward. In such an ecosystem, data becomes a tool that consumers can barter for services. Such proposals form the basis of some current work on smart contracts and cryptographic tokens. There are murmurings of a Web 3.0. (At the Techonomy NYC conference in 2017, venture capitalist Fred Wilson argued that blockchain-based systems were Facebook’s biggest long-term threat.)
The authors work for a small technology company founded a few years ago. It is developing technologies that presume that user privacy is not a passive back office concern, but rather an active component of the service itself. It would not be a surprise if companies with much larger resources were to completely solve these issues. The surprise is that the leading companies in Silicon Valley that we rely on for information every day have not so far paid enough attention to this problem.