We learned that the existence of yourself on the internet does not interface to people through digital identities, but rather through a digital persona that is created by the information that is available online. Personas can be fake, fictional, and real. Managing your real persona online so it could not be maliciously exploited is important.
Protecting your persona on social media sites might be a difficult task, as even if you limit your public availability of information, there still is something available online to make a fake account. The problem is even greater for those who need to keep their appearance public as it is part of their work. Some social media sites have verification methods set up for that, so the fake accounts will be verified. However, this option is available to only roughly 0.1% of social media users according to Twitter’s standards. One that is verified also has to have an account, thus even more problems can be caused to the public personas that actually do not have any social media accounts, but have public information and pictures about them available online.
In professional online activities, the problem is not only protecting your own persona but also how to trust one. Popular e-signature services do not guarantee the authenticity of the signer but only support finding it out. The signatories must be diligent themselves, to make sure they have all the proof to represent the action of consent by the counterparty.
Public key infrastructure (PKI) combined with trust service providers (TSP) is the most common and reliable method of assuring the authenticity of a person signing or taking other actions on the internet. However, except for Estonia and some other Baltic and Scandinavian countries, PKI is not in common use for assuring trust in e-services. The problems lie in complex end-user interfaces to use PKI certificates and a very geographically fragmented market by technology and interoperability.
The foundation for a more trustworthy and less hostile internet is already in place. Phones are already used as two-factor authentication (2FA) devices. We have more computing power at hand than we usually need. Social media is working on making a better place by more fact-checking and working on reducing hate speech. The technology for remote use of hardware security modules (HSMs) is already there.
Why not start working on putting a barrier to fraud and fake stolen identities. Social media is a place where most people in good faith are portraying themselves as who they actually are. This means that this environment should not tolerate any exploits to this fact. Thus, the suggestion is for the internet to start working on better digital identity mechanisms that assure the authenticity of the personas that these identities are tied to. Also, when someone posts some opinions and information in environments that can make a difference, then when it is tied to the publisher's real person authentically then the distributor of this information will become at least responsible. Influencing people’s societal decision-making and emotions on the internet should not happen under the shield of anonymity.
This is where the progress of digital signature technology could step in. When high trust assurance technology (e.g. PKI) developers would create tools that are easy to use and could completely abolish passwords then we can step into the new digital era. The era where anonymous and verified digital identities do not interact anymore in places where it could be damaging. All posts, articles, emails, logins, etc. could happen online only through verified signing. Nothing could be faked or frauded without linking the perpetrator's own identity to it.
Let’s make the internet decent again as it was when the scientists made it to share facts, not deceptions.
Check out how Agrello takes steps toward secure and trustworthy legal activities online at agrello.id.