Twitter Wouldnt Be Hacked If It Were Backed by Blockchain Technology – Cointelegraph

Murphys law states: Anything that can go wrong will go wrong. It always happens with centralized services. A year ago, we saw how half a million Facebook accounts were leaked online, exposing personal data. We will see it many times more with other services. The recent Twitter hack underscores this once again. The accounts of Elon Musk, Bill Gates, Jeff Bezos, Kanye West, Kim Kardashian, Mike Bloomberg, Joe Biden, Barack Obama, among others, were hacked to push a fraudulent offer with Bitcoin (BTC).

Writing for the BBC, cybersecurity commentator Joe Tidy opined: The fact that so many different users have been compromised at the same time implies that this is a problem with Twitters platform itself. All accounts were vulnerable; it was just a matter of choice for the hackers: Using celebrities is better to endorse scams.

The problem is that even if Twitter or any other service with similar architecture continues building the cybersecurity walls around its system, it will become more complicated and expensive, but not safer. The current paradigm of centralized services cannot offer a safer solution for users authentication.

I have recently written about new technologies that could protect data and digital identity, using the example of Australia and the European experience and how public key certificates could be protected with blockchain technology against distributed denial-of-service and man-in-the-middle attacks. Although my analysis was quite technical and thorough, perhaps it would be better to take a step back and comb through some general yet pertinent details that may enhance data protection.

Here is some terminology for you to use when asking your service provider, your online store or your government about whether they are protecting your personal data:

To put things into perspective, lets go through a hypothetical situation.

Alice generates her cryptographic pair: a private and public key. The private key encrypts transactions, using a digital signature; the public key decrypts them. The public key is used to verify whether Alice signed in, signed the contract, signed the blockchain transaction, etc.

To protect the private key, she will store it on a secure hardware device with PIN protection, for instance, on a smart card, a USB authentication token or a hardware cryptocurrency wallet. Nevertheless, a cryptocurrency address is a representation of a public key, meaning Alice can use it as her coin and token wallet.

Although the public key is anonymous, she can also create a verified digital identity. She can ask Bob to certify her identity. Bob is a certificate authority. Alice will visit Bob and show her ID. Bob will create a certificate and publish it on a blockchain. Certificate is a file that announces to the general public: Alices public key is valid. Bob will not publish it on his server the same way other traditional certificate authorities do now. If a centralized server were ever disabled in a DDoS attack, no one would be able to confirm whether Alices digital identity is valid or not, which could lead to someone stealing her certificate and faking her identity. This would be impossible if the certificate or at least its hash sum were published on-chain.

With a verified ID, she can perform official transactions, for example, registering a company. If Alice is an entrepreneur, she may want to publish her contacts, such as a telephone number. Using a blockchain is a safer choice because when data is published on social media, a hacker can break into an account and replace it to redirect calls to another number. None of this would be possible on a blockchain.

If Alice goes to a liquor store, she can use her verified DID. The seller, Dave, will use his app to verify and confirm Alices DID instead of her paper ID. Alice does not need to disclose her name and date of birth. She will share with Daves app her identifier, which Bob certified, her picture and an Above 21 y.o. statement. Dave trusts this record because Bob is a certificate authority.

Alice can create various pseudonyms for online shopping, social media and crypto exchanges. If she loses her private key, she will ask Bob to update his record on the blockchain to announce that Alices public key is invalid. Therefore, if someone stole it, everyone who interacts with her public key will know that they should not believe transactions signed with this key.

Of course, this is a simplified scenario, but it is not unrealistic. Moreover, some of these processes already exist. For example, the Estonian e-Residency card is nothing more than a smart card with the users private key. With this card, you can remotely register a company in Estonia or even sign contracts. Being integrated into a larger market, Estonian digital signatures are recognized across the European Union. Unfortunately, its governments still do not protect certificates on blockchains.

Knowledge is power. Users should know that their cybersecurity is not only in their hands, as one might say. Software and social media giants ought to make the shift to improve security standards, and users ought to demand it.

The views, thoughts and opinions expressed here are the authors alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Oleksii Konashevych is the author of the Cross-Blockchain Protocol for Government Databases: The Technology for Public Registries and Smart Laws. Oleksii is a Ph.D. fellow in the Joint International Doctoral Degree in Law, Science and Technology program funded by the EU government. Oleksii has been collaborating with the RMIT University Blockchain Innovation Hub, researching the use of blockchain technology for e-governance and e-democracy. He also works on the tokenization of real estate titles, digital IDs, public registries and e-voting. Oleksii co-authored a law on e-petitions in Ukraine, collaborating with the countrys presidential administration and serving as the manager of the nongovernmental e-Democracy Group from 2014 to 2016. In 2019, Oleksii participated in drafting a bill on Anti-Money Laundering and taxation issues for crypto assets in Ukraine.

See more here:

Twitter Wouldnt Be Hacked If It Were Backed by Blockchain Technology - Cointelegraph