Blockchain Identity Management: The Beginning of a Data Security Revolution

Blockchain Identity Management

Story originally published on

Massive data breaches have become all too common, from the 3 billion Yahoo email accounts exposed in 2013 to the credit and identity data of 143 million Americans taken from credit agency Equifax (and a slew of additional attacks).

The frequency and intensity of these assaults, together with the high degree of security and technological expertise of their victims, has sparked public indignation as well as worries about whether effective protection against future breaches is even conceivable. “More and more businesses are recognising the truth that, despite their best efforts, security breaches are inescapable,” according to Gemalto’s Breach Level Index Report from the first half of 2017: “Despite their best efforts, security breaches are unavoidable.”

Centralization is the issue

To grasp how blockchain technology may be used as an identity management solution, it’s necessary to first comprehend how the present system’s flaws have emerged.

The internet was created as a peer-to-peer, decentralised web of connections, which meant that any user could interact and connect with any other user without the need for a middleman. Third-party intermediates evolved as the internet got more privatised, and they became more vital to the internet’s structure.

Everything from providing website security certifications to controlling access to the internet to cultivating individual online identities was taken over by a tiny handful of firms. This centralised control allowed these firms to accumulate massive amounts of personal data from everyone who used the internet, which was stored on servers. These systems can (and have) been hacked, and the accumulation of personal data in the hands of a small handful of firms raises the danger of future breaches.

A Theoretical Solution for Blockchain Identity Management

By allowing individuals to keep data on a blockchain rather than on hackable servers, blockchain technology offers a feasible solution mentioned. Once information is recorded on a blockchain, it is encrypted and cannot be changed or removed, making big data breaches extremely difficult, if not impossible.

Although storing data on a blockchain appears to be a simple, high-level answer, there are a variety of theoretical techniques to putting it into practice. One option is to eliminate the need for middlemen by allowing people to keep their credentials and data directly on a blockchain, which they can carry with them wherever they go online.

Building a Better Internet with Blockstack

Blockstack was established by Ryan Shea and Muneeb Ali in 2013. (originally called the Onename app). Blockstack promises to overcome the aforementioned security concerns by removing the need for digital intermediaries and enabling users to maintain complete control over their data using blockchain technology. Individuals may use Blockstack’s browser to run decentralised apps instead of depending on external third parties to store data, and user information is encrypted and stored on users’ own devices.

The wider, core objective of Blockstack is simple to explain yet far-reaching: to build a new, decentralised internet. “The internet was constructed 40 years ago and is displaying signs of age,” according to Blockstack’s technical white paper. Blockstack attempts to replace the internet as we know it today with a system that is both more secure and more closely aligned with the original intention of the internet’s inventors.

“What we call the web predates the internet… and that was built to be decentralised,” Shea explains. A new article in the New York Times Magazine explains the internet’s basic design in detail. The internet was created utilising open protocols, which meant that communication between computers over the internet was free and not controlled by anybody.

Civic: A Solution for Targeted Identity Protection

Civic, which was created in 2016, is a blockchain-based identity management company. Civic tries to function inside an existing framework and focuses exclusively on identity management and security, rather than eliminating the need for third parties and building a totally new internet environment, like Blockstack hopes to achieve. Civic uses blockchain technology to allow individuals and businesses to authenticate their identities without storing sensitive information on centralised, hackable systems.

This approach is explained in a recent Forbes article. After signing up for Civic’s app, the user’s identity is verified using official (e.g. government) documents. Civic then encrypts the data and puts it on a blockchain using cryptography.

Other entities desiring such personal data may then compare the information provided by an individual to the information stored on Civic’s blockchain, eliminating the need for any entity to maintain sensitive data on a centralized server.


Blockstack and Civic both provide identity management services based on blockchain technology to decentralise and safeguard personal information. They also employ tokens (their own currency) to fuel and reward the use of their own platforms. In the instance of Blockstack, developers use tokens to construct apps on the network, while users use tokens to register Blockstack usernames. Civic users may earn tokens by using the app.

Each startup has received money via these tokens, with Blockstack receiving $50 million thus far (to be accessible after a set of growth milestones are met) and Civic receiving $33 million. However, when governments and whole nations tighten down on cryptocurrency trade, the full impact on initiatives like Blockstack and others will be seen.

The Securities Exchange Commission (SEC), as Muneeb Ali remarked in a December 2017 interview, has mostly remained on the sidelines during the recent cryptocurrency frenzy: “I genuinely feel that the SEC is being extremely clever about this field… “They’re simply observing,” Ali explained, “and so far, all of the moves they’ve taken…appear to be the proper thing to do.”

However, the legal climate remains unpredictable, and the chance that tokens may not be exchanged as easily in the future looms as a possible danger that initiatives like Blockstack and Civic should not overlook.

Nonetheless, this issue should not deter researchers from investigating blockchain-based identity management. It’s crucial to remember that blockchain technology isn’t a cure-all. Indeed, as Ali stated in the last interview, blockchain technology is ideal for some applications but may be completely wrong for others. Data security and identity management are two applications that are well-suited to this technology and that are in critical need of development in the future.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store