Identity

Chinese government plans for blockchain-based identity verification

The Chinese Ministry of Public Security plans to implement a blockchain-based identity verification system that it claims will help keep personal data and identity credentials safe.

The Chinese Ministry of Public Security plans to roll out a new blockchain-based platform called RealDID to verify the real-name identities of its citizens. 

According to a press release for an event held on Dec. 12 by the Blockchain Service Network (BSN), a Chinese blockchain firm, the project, planned with the Chinese government, will have multiple use cases. These include personal real name confirmation, personal data encrypted protection and certification, private logins, business identities, personal identification certificate services and information vouchers on personal identity.

The application will allow Chinese citizens to register and log into online portals anonymously using DID addresses, which will ensure transactions and data remain private between individuals and businesses.

Read more

Chinese government plans blockchain-based identity verification

The Chinese Ministry of Public Security plans to implement a blockchain-based identity verification system that it claims will help keep personal data and identity credentials safe.

The Chinese Ministry of Public Security plans to roll out a new blockchain-based platform called RealDID to verify the real-name identities of its citizens. 

According to a press release for an event held on Dec. 12 by the Blockchain Service Network (BSN), a Chinese blockchain firm, the project, planned with the Chinese government, will have multiple use cases.

These include personal real name confirmation, personal data encrypted protection and certification, private logins, business identities, personal identification certificate services, and information vouchers on personal identity.

Read more

Europe’s digital ID wallet — Easy for users or a data privacy nightmare?

European Union lawmakers are planning an EU-wide digital identity wallet for access to essential services.

On March 15, the European Parliament voted 418 to 103 (with 24 abstentions) in favor of negotiating a mandate for talks with the European Union member states about revising the new European Digital Identity (eID) framework and creating the “European Digital Identity Wallet,” also known as EUDI Wallet or EU wallet. 

Citizen’s IDs, health cards, certificates and many other documents could soon be digitally stored in a smartphone application for EU citizens.

According to an official statement from the European Parliament, the system would allow citizens to identify and authenticate themselves online without relying on big commercial providers like Apple, Google, Amazon or Facebook.

The new eID framework will purportedly give EU citizens digital access to key public services across the EU. Citizens will remain in “full control of their data” and be able to “decide for themselves what information to share and with whom.”

European lawmakers have set an ambitious goal for this new wallet, aiming to bring it to 80% of the population by 2030. This could be achieved by mandating that the wallet be supported by e-government services and companies that have a legal requirement to identify their customers through Know Your Customer checks. It could require major online platforms like Google or Facebook to offer the EU wallet to log in to their services, with soft law and delegated acts that could require small and medium-sized enterprises to support the wallet.

Negotiations with the European Council on implementation would be the next step, but digital transformation and data protection experts have doubts and differing opinions about implementing the wallet.

Usability is the key to adoption

The EU wallet — like the current electronic ID cards in Germany and other European countries — will hardly be adopted by citizens in their daily lives if it doesn’t offer a good use case.

The challenge is to make it easier and more efficient for citizens to interact with public services and administrations, enabling authentication and verification processes, especially in the private sector.

According to Clemens Schleupner, policy officer of digital identity and trust services at Germany’s digital association Bitkom, the possibility of storing electronic IDs on a smartphone to use online as well as digitizing drivers’ licenses, health cards, passports, tickets, school reports, credit cards, membership certificates, etc., and combining them into one wallet could have mass market potential.

Applying for a bank loan with eID. Source: European Commission

The EUDI Wallet could make that happen; however, this will only succeed “if adoption among citizens in Europe is ensured through security and usability, relevance through a high number of possible uses and interoperability of different applications throughout Europe,” Schleupner told Cointelegraph.

Lack of usability and public awareness are also significant concerns for Christof Stein, spokesperson for Germany’s Federal Commissioner for Data Protection and Freedom of Information (BfDI).

Stein told Cointelegraph that using proven technologies and trusted infrastructures with enforced IT security and data protection standards are crucial for citizens using the EU wallet.

Privacy is king

As the final rules are not yet known, it is too early to evaluate the EU wallet at this early stage of implementation. For citizens, it is important that the legal framework provides a data-saving solution that only lets organizations ask for user data when they need it.

According to Stein, it is critical that users are protected from tracking by wallet providers, and wallet providers must ensure that wallet data processing is in line with legal requirements.

“What is necessary is a central anchor of trust enabling the enforcement of rules for the protection of individuals. For example, the infrastructure must be designed so that all organizations participating in the system must register to ‘identify’ themselves to users.”

The previous proposal from the European Commission lacked essential privacy safeguards that would have enabled third parties to obtain data about user transactions, possibly allowing bad actors to exploit the system for identity theft or fraud.

According to Thomas Lohninger, executive director of data protection Austrian NGO epicenter.works, the European Parliament has drastically improved the law and adopted a good position in the first reading. He told Cointelegraph:

“It is unlikely that the Parliament will win 100% of the trialogue negotiations. But we hope that the Council and the Commission will realize that the success of the whole system depends on the privacy and trust that is built in. Only if it is the trusted and chosen tool of citizens for their most sensitive health, identity and financial data can the European Digital Identity Wallet be a success.”

The problem of “over-identification”

Lohninger also warned of “over-identification,” i.e., if everyone in the EU is obliged to always use the wallet, this could lead to a loss of anonymity and pseudonymity in everyday interactions.

BfDI’s Stein shared this view, arguing that there should be no general obligation to use the EUDI Wallet and that there should be alternatives.

The European Parliament appears to have heard these concerns, as one of the most important safeguards in the recently passed identity framework is a non-discrimination clause that “protects anyone who chooses not to use the EU wallet, whether it’s in access to government services, freedom of business or the labour market.”

In the European Parliament, all four committees adopted this safeguard with a cross-party consensus. Now this safeguard must survive the trialogue — negotiations with representatives from the European Parliament, the Council of the European Union and the European Commission.

What about zero-knowledge proofs?

As Cointelegraph reported, the EU’s Industry, Research and Energy Committee included a standard for zero-knowledge proofs (ZK-proofs) in its eID amendments.

This technology, which allows the selective disclosure of certain information — like revealing only one’s age, for example — could become a core function of the EU wallet, said Stein.

Epicenter.work’s Lohninger noted that ZK-proofs could provide “unlikability.” For example, someone could prove they are of age to someone else on different occasions without the latter party knowing the former is the same person.

Recent: Islam and crypto: How digital assets can comply with Islamic financial law

Although ZK-proofs allow personal data to be anonymized, Schleupner sees two challenges. First, ZK-proofs in their current application are “a new technology and vulnerabilities may arise if they are not implemented properly,” and second, “many use cases [of ZK-proofs] have not yet been conclusively evaluated.”

Before trusting the technology, EU regulators must ensure that ZK-proofs comply with privacy regulations and meet all specific requirements of the General Data Protection Regulation.

The trialogue at the EU has much to consider before passing eID into a usable, safe and reliable tool for Europeans. How regulators balance these considerations could have profound implications for other formers of digital or blockchain-based ID.

Masa announces soulbound ID tokens for Coinbase’s Base Network

The token protocol can be used for a wide variety of applications, including membership badges, loyalty programs, decentralized captcha bots, and credit underwriting.

Masa Finance’s soulbound tokens will soon be available on Coinbase’s Base network, according to an April 4 announcement from Masa Finance. The new tokens will allow users to link identifying and reputational characteristics to their wallet addresses, making credit underwriting possible on the blockchain, the company said.

Masa had previously released its Soulbound Token protocol for Ethereum and Celer.

In its announcement, Masa stated that the protocol can be used for a wide variety of applications, including human-readable domain names, membership badges, loyalty programs, achievement badges, decentralized captcha bots and more.

It will release a Base SBT Developer Toolkit within the coming weeks that “will support the seamless deployment and interaction with SBTs on Base,” which will include a quickstart guide, Masa command line interface, software development kit, REACT developer tools and examples of how to build applications using Masa soulbound tokens.

Related: Coinbase wants devs to build inflation-pegged ‘flatcoins’ for ‘Base’ network

Coinbase is the largest centralized crypto exchange in North America. It launched its Base Network testnet on Feb. 23, planning to implement it as an optimistic rollup layer 2 for Ethereum. On March 23, Coinbase issued a Request for Builders asking developers to create several protocol types for Base, including an on-chain reputation system.

In response to this request, Masa began developing a Base version of its soulbound protocol, the company said in its announcement.

The announcement of Base Network’s creation has contributed to bullish sentiment within the Ethereum community, with some users expressing hope that it will lead to greater onboarding of Coinbase users to Ethereum. In an interview with Bloomberg Radio, Coinbase CEO Brian Armstrong claimed that “centralized players” on Base will need to implement some form of identity verification for users.

OpenAI co-founder’s ‘World ID’ project launches, along with SDK waitlist

The new IDs will allow users to prove they are unique humans without revealing personal information on websites.

Crypto unicorn Worldcoin has launched a waitlist for its “World ID” software development kit (SDK), which will allow websites to verify the uniqueness and humanness of its users without storing their personal information. 

The company has also launched the World ID software itself, allowing end users to obtain their “World ID” immediately, according to a March 14 announcement on the Worldcoin website.

Worldcoin is co-founded by Sam Altman, who also co-founded OpenAI.

According to the announcement, World ID is a “global digital passport” that each user is able to store locally on their phone. This ID will allow users to prove that they are not bots, but without needing to provide phone numbers or other identifying information to the websites they log into.

The ID is attached to a cryptographic “proof of personhood” that uses zero-knowledge (ZK) proofs to obscure the user’s personally identifying data. This means that it allows users to verify their identities without revealing the personal information used to make the verifications, it said.

Users can obtain a World ID right now, without waiting on websites to implement the new standard.

Phone verification is available “in most countries for users and developers starting today” and iris verification is available in “Argentina, Chile, India, Kenya, Portugal and Spain, as well as [through] demos at blockchain and identity conferences,” the firm said.

The “Orb,” an open iris imaging device used to verify a person’s World ID. Source: Worldcoin

Worldcoin has also launched a waitlist for the protocol’s software development kit (SDK). When it becomes available, the SDK will allow developers to integrate with the World ID system to screen out bots from their apps.

A Worldcoin spokesperson told Cointelegraph that the company hopes its protocol will help provide ID to millions of people throughout the world, even in areas where traditional forms of ID are difficult to obtain, stating: 

“Artificial intelligence is presenting new opportunities across all industries and World ID aims to bring global proof of personhood to the internet.”

The spokesperson noted that over 50% of the world’s population lacks verifiable legal identification, and that Worldcoin is attempting to address this via a privacy-first, decentralized means. 

“The World ID SDK beta makes web, mobile and on-chain integrations fast and simple, and we are excited to see developers from every corner of the world build upon this powerful new primitive,” the spokesperson added.

Related: Polygon launches decentralized ID product powered by ZK proofs

Worldcoin launched in October 2021 by giving away cryptocurrency in exchange for iris scans. According to Worldcoin, these scans produced numbers that could be tied to a user’s identity, but no image of the scans was stored.

In December 2015, the first Worldcoin ATM was implemented in Bratislava, Slovakia, when operator Cryptodiggers.eu decided to offer the coin in its ATM alongside Bitcoin.

Soulbound tokens power new identity solution on Celo blockchain

Masa Finance announced its deployment on the Celo blockchain with its new “Prosperity Passport” identity solution for users.

A central focus for many in the Web3 community has been improving identity solutions available to consumers. Last year, the emergence of soulbound tokens (SBT) introduced a new way for users to define themselves. 

Although the SBT hype quieted over the last months, they have not disappeared off the scene. On March 1, the SBT protocol Masa Finance announced that it will deploy on the carbon-negative Celo blockchain to create a new identity solution

More than 10 million wallets active in the Celo ecosystem will be able to generate a Masa “prosperity passport.” This new Web3 identity solution allows users to mint a variety of SBTs related to their digital life, such as an authenticated user verification SBT, a credit score SBT, a community reputation SBT and a “.celo” domain name SBT.

Calanthia Mei, co-founder of Masa Finance, said nonfungible tokens (NFTs) were the first pioneers for Web3 user customization, and SBTs are the next breakthrough technology.

“Web3 has a trust issue, and SBTs represent a composable and scalable way to build a trust layer between projects and users, and users amongst each other.”

The prosperity passport solution also gives access to other utilities from Celo projects, which have integrated the technology, such as micro-loans and universal basic income.

Mei believes that the identity solutions provided by SBTs will help onboard the next 1 billion authentic users into Web3:

“We see SBTs as a way to build bridges for global economies, industries and users to merge with Web3 and truly usher in the new economy.”

According to the announcement, the protocol already has 250,000 Masa Soulbound Identities minted, along with nearly 300,000 Masa .Soul Names minted.

Related: What is decentralized identity in blockchain?

At the end of 2022, MetaMask Institutional, Cobo and Gnosis DAO all teamed up to create an SBT project to bring exclusivity and identity verification to its users. Back in December, the Japanese financial firm Sumitomo Mitsui also revealed it is looking into SBTs for social reasons.

These new digital assets are thought to be a possible solution to future digital identity in the metaverse, along with digital citizenship.

While not directly mentioning digital assets, on Feb. 9, the European Union mentioned using zero-knowledge proofs for future digital IDs.

SEC leaked crypto miners’ personal information during investigation: Report

The financial regulator reportedly unintentionally included 650 names and email addresses in communications with blockchain firm Green as part of an investigation.

The United States Securities and Exchange Commission, or SEC, has reportedly leaked the names and email addresses of many crypto miners connected to the blockchain firm Green.

According to a Jan. 17 report from the Washington Examiner, the SEC unintentionally included 650 names and email addresses in an email communication with Green as part of an investigation, leaving the blockchain’s nodes vulnerable to hacks. The financial regulator had reportedly been reaching out to Green users regarding their purchase of the firm’s products.

“The Privacy Act of 1974 […] prohibits the disclosure without consent of information about individuals that the federal government maintains in a system of records,” the SEC website says. “If we store information about you in a system of records from which we retrieve that information by personal identifier […] we will safeguard your information in accordance with the Privacy Act.”

Hackers have often targeted centralized crypto exchanges to obtain information about users, but alleged unintentional leaks by government officials are less common. In October, the U.S. Justice Department announced charges against two Chinese intelligence officers who allegedly bribed a double agent with Bitcoin (BTC).

Related: LBRY says it ‘will likely be dead’ following SEC loss

The SEC has also executed several crackdowns on crypto firms in 2022 in what many critics have called the agency taking a “regulation by enforcement” approach. In December, the financial regulator added its name to the list of federal agencies charging former FTX CEO Sam Bankman-Fried, alleging violations of the anti-fraud provisions of securities laws.

Turkey to use blockchain-based digital identity for online public services

Shortly after its central bank completed its first CBDC tests, Turkey announced a blockchain-based digital identity application.

Turkey plans to use blockchain technology during the login process for online public services. E-Devlet, Turkey’s digital government portal used to access a wide range of public services, will use a blockchain-based digital identity to verify Turkish citizens during login.

Fuat Oktay, the vice president of Turkey, announced during the Digital Turkey 2023 event that citizens will be able to use blockchain-based digital identity to access e-wallet applications, Cointelegraph Turkey reported.

Oktay called the blockchain-based application a revolution for e-government efforts, adding that online services will be more secure and accessible with blockchain. Users will be able to keep their digital information on their mobile phones.

“With the login system that will work within the scope of the e-wallet application, our citizens will be able to enter the e-Devlet with a digital identity created in the blockchain network,” the vice president said.

Related: Turkey’s central bank completes first CBDC test with more to come in 2023

Turkey has announced several projects powered by blockchain over the years, but very few have been realized yet. The country’s plans for a national blockchain infrastructure date back to 2019. However, aside from some proof-of-concept projects and its central bank digital currency test — executed after several delays — its blockchain ambitions have yet to bear fruits.

As of January 2020, Turkey’s cultural hub of Konya was developing a “City Coin” project to be used by citizens to pay for public services, but no further updates have been shared with the public in the last two years.

Identity in the metaverse at risk, says former Windows architect

As metaverse adoption climbs and users join digital reality, they put themselves at risk of identity theft in new ways, including minors who engage in metaverse games.

The metaverse is coming for users at full speed. Companies and brands are jumping into digital reality, and according to a recent survey, consumer interest is climbing alongside all the activity.

At the same time, as more users join in on metaverse activity, the risk grows for nefarious activity in digital reality. A report from cybersecurity firm ​Kaspersky revealed that exploitation and abuse in the metaverse are set to rise in the next year.

Threats range from scams, to be expected with digital interactions but also avatar-related identity theft and abuse.

For a better understanding of the dangers and risks users can face stepping into digital reality, Cointelegraph spoke with Andrew Newman, chief technology officer and co-founder of cybersecurity firm ReasonLabs and former architect of Microsoft’s Windows Defender anti-malware software.

The primary concept users must understand is that metaverse identity is “likely to become users’ digital identity,” according to Newman:

“As our real-life and online identities continue to merge, the stakes for identity theft on the Metaverse will increase.”

He highlighted that avatar scams have already been reported on platforms like Roblox. The example given by Newman was that the hacker may try to convince a user that they need access to their avatar for a number of reasons, with the ultimate aim of stealing their digital identity.

Although it’s a common occurrence to have digital identity threats, as money or virtual currencies become tied to metaverse avatars, these threats will increase. Newman warns consumers as more money is spent on digital assets for these avatars

“Just as we are protective of our physical assets, we need to make sure that people protect their digital assets and personal information within the Metaverse.”

The amount and various types of digital assets with real value that users can own are endlessly expanding. This incites that cyber crimes and theft will only become more complex and digital reality expands.

Related: Self-sovereignty in the creator economy and Web3 — Is there room for both?

There is a lot of promise in blockchain and emerging technologies for transparency and security. However, Newman says users need to be vigilant nonetheless:

“We shouldn’t assume that our funds are not susceptible to theft simply because they are in the Metaverse rather than in a traditional banking network.”

Another component to identity theft in the metaverse is that minors are susceptible to such threats. In many ways, the metaverse is designed to engage both youth and young adults.

Minecraft, Fortnite, and Roblox all have attracted young user bases. Often, minors don’t grasp the importance of cybersecurity or their digital footprint. Newman said, there are already existing threats minors face in online digital worlds. However:

“Finances might shift over time from virtual in-game currency and items, to more traditional finances such as real money or crypto ties to newer ‘web3’ identities in games.”

This would create more value to be exploited from unsuspecting minors.

Currently many major Web3 developers such as Chainlink, are developing new security protocols for users in digital reality. Developers both inside and outside of the industry are looking to create a global metaverse policy to troubleshoot a list of growing concerns.

MetaMask Institutional, Cobo and Gnosis DAO team up for soulbound token project

A new soulbound NFT project from Cobo, MetaMask Institutional and Gnosis Safe is bringing new nonfungible exclusivity and proof of identity to users.

Soulbound tokens (SBTs) are becoming a mainstay in the Web3 space for users and projects to define themselves in digital reality. 

A Dec. 13 announcement from Cobo, a digital asset custodian and blockchain technology developer, revealed a new SBT project which unites crypto industry giants to cater to users’ developing digital identities.

Cobo, MetaMask Institutional and Gnosis DAO teamed up to create “Evolution,” an SBT project, a tool to help users define themselves in digital reality and stay up to date on industry trends.

A spokesperson for Cobo told Cointelegraph that since SBTs cannot be sold on the market, it helps create a bridge between Web2 and Web3 surrounding user identity.

“This provides assurance to the token provider and allows them to give exclusive access and benefits to their targeted users by giving them an identity.”

While SBTs may be the new trend to mark a digital persona, they will not replace nonfungible tokens (NFTs) and the inherent utilities that come with tradable assets.

However, according to the Cobo spokesperson, SBTs may be increasingly used to create another level of exclusivity not achievable by a standard NFT. Using the “Evolution” collection as an example, holders will receive exclusive quarterly research on the decentralized finance space unavailable to those outside their SBT community.

“Although the tokens can be used to identify and reward certain users, they can also be used to limit and exclude users from certain projects or benefits.

From a perspective of brands or wallets, SBTs may “dissuade users from changing wallets or rotating keys for security purposes,” says the Cobo representative

Related: Vitalik Buterin suggests making NFTs ‘soulbound’ like World of Warcraft items

This development from major Web3 players comes as the space shifts with the development and introduction of SBTs.

These new digital assets are now being looked at as a potential key to the metaverse of the future, in which users have citizenship as a part of their digital identity.

Recently in Japan, the financial giant Sumitomo Mitsui announced it is experimenting with SBTs to help meet local social needs.