Protect Your Personal Data with Internet of People

Authors: Juan Cancino and Rich McDowell

The news has been overflowing with stories of people’s personal data being used without their consent. We’re finally waking up to the problems of centralized data storage and the way social media networks like Facebook harvest and sell on our data without our consent. As governments flail about trying to fix the problem, many people are confused about what they can do, even considering leaving social media altogether.

This fear and confusion is understandable, but at Internet of People (IoP), we believe it’s possible to have the best of both worlds: all the amazing benefits of social media while still giving users full control of their data and privacy. All it takes is a simple inversion of the business model: instead of companies trying to extract data from users by whatever means possible, users and companies can work together in a way which benefits everyone.

Let me explain how the IoP system works. But first, some background:

The big news at the moment surrounds Facebook and consulting firm Cambridge Analytica, which used an application to pass data from 50 million Facebook users onto third parties, including the Trump presidential campaign. The scandal has rocked Facebook to its core, with advertisers and investors pulling out of the platform en masse. Experts predict the scandal has wiped $45bn from Facebook’s value, and that there’s still much further to fall as advertisers, investors and most importantly users reevaluate their relationship with the platform

But this is hardly the first time Facebook has been in the spotlight for misusing user data. The Spanish data protection agency has also fined Facebook €600,000 for transmitting WhatsApp user data to Facebook without their consent and using it in unauthorised ways.

When WhatsApp was acquired by Facebook in 2014, users had no choice but to accept the new terms of use if they wanted to maintain the service they’d been using for years.

And it’s not just Facebook in the spotlight. In 2016, Uber suffered a data breach and lost the personal data of 57 million users and drivers. However, Uber kept the data breach secret until 2017. The company also reportedly paid the hackers $100,000 to delete their copy of the data.

Similar data breaches have plagued Airbnb, Visa, Amazon, eBay, Target, Experian and many, many more companies and institutions. If you use the internet regularly, it’s extremely likely that some of your data has been exposed in one of these breaches.

In the new digital economy, our personal data has become the new gold, a consumer product coveted by third parties.

This is hardly a revelation: stories and opinion pieces have circulated for almost a decade about the insidious relationship between companies and data, urging users to consider just how much they’re giving up when they check that tiny box next to the terms and conditions. But the sheer volume of stories at the moment is hopefully the trigger to get people to take this seriously. The main worry now is how to move forward productively. As always, the answer is through thoughtful cooperation.

An Internet of People

The story of online data privacy is almost always framed as a struggle between two opposing forces: the tech companies on one side and the users on the other. In the middle we have government and regulators, who are responsible for ensuring our data is not used inappropriately and punishing companies that misuse it. When companies fail the authorities fine them, but what happens to the users and their data? The damage is done, and there’s often nothing users can do to recover their data or even find out if they’ve been affected. The companies involved have all become enormously rich from misusing our data, so they just pay the fines and it’s back to business as usual.

But it doesn’t have to be this way. Tech companies and users don’t have to be at odds with each other, locked in a zero-sum battle where helping one group hurts the other. We can work together to protect user privacy while actually providing better services. Internet of People offers the solution via decentralized apps which rely on IoP’s unique profile servers and open social graph.

So How Does It Work?

We start with a basic idea: you should own your own data, and you should be in full control of what happens to that data. If you want to share it, great. If you want to stay private, also great. If you want to share some data with your friends and other with your work colleagues and businesses, that’s awesome. If you want to have two or more completely different social media personas which don’t overlap at all, that’s your business and we’ll support you. However you want to live your online life should be up to you.

In the Internet of People this is achieved via profiles. Users can create as many profiles as they want, all with different characteristics and privacy levels. These will all be linked via your device, so they’ll be incredibly simple to manage, but no-one else will be able to see these profiles or the links between them unless you actively agree to share.

Even more importantly, you can change your mind. Every piece of information you share can be revoked, and other users can no longer see that data. This is much better than the current model, where when you no longer want companies to access your data you have to trust them to delete it.

The only way this is possible is in a truly decentralized model: your data stays on your device, so you always have full control over it. Communication and data sharing should always be directly between you and the person or business you want to share with, so there’s no chance of any middlemen hoovering up your data. This kind of peer-to-peer communication and data sharing is difficult to provide while retaining all the apps and features we know and love, especially on mobile devices which have limited battery life. But IoP has solved this problem with two innovations: the profile server and social graph.

The profile server

One huge advantage of centralized social networks is everyone’s data is in the same place, making it easy to search for people. In a decentralized network, making connections is much harder: you have to potentially explore the whole network until you find someone that matches what you’re looking for. And even if you make a connection, the route between you can be very complicated and inefficient, with many steps in between. Maintaining this connection is difficult and consumes a lot of resources.

IoP’s profile servers allow users to provide these discovery and connection services for P2P applications. Users set up profile servers on their computers to help other users find each other and then form a direct peer-to-peer connection. Crucially, no private data ends up on these servers: it’s just a way to help users connect. Users who help provide this service will be rewarded with our token, IOP.

Profile servers provide three services to help connect people:

Profile hosting: Mobile devices are rarely online all the time. Profile servers host end users’ profiles and keep them online, regardless of the state of the mobile devices where the apps are running.

Profile querying: Profile servers allow any entity to request profile lists and profile information in general. Profile searching is the natural way for end users to find each other in the Internet Of People; particularly when they’re connecting for the first time. Once connected, both parties store the location of the profile server of their counterpart. Remember, the information stored on the profile server has all been approved by the user.

Relationship cards: When two profiles connect, they may want to establish a relationship. They could be friends, employer and employee, business and customer, etc. The relationship between two profiles is stored in a data structure and signed by the users’ public keys, establishing the validity of their relationship. This relationship card can be used to show a relationship between profiles, which helps for establishing reputation and identifying when users are online. Each user’s relationship cards helps identify the interactions and activity between each of a user’s profiles.

The combination of profiles and the relationships between them creates what we call the social graph: a huge web of interconnections that, crucially, is formed only using the data that users actively want to share.

The extraordinary feature of the profile servers is that they work openly, so the social graphs can be seen by any peer-to-peer application that wants to access it. The profile servers are a public infrastructure that will forward requests and answer queries, but will never store users’ personal data. This data will always be safely where it belongs: on users’ own devices.

In the Internet of People, people and their privacy come first. In doing this we hope to help to personal data being stolen, marketed or used without our consent

If you want to learn more, visit us at https://iop.global

References:
Data as Labor and Internet of People.- Cancino, J. (2018). https://iop.global/data-labor-internet-people/

IoP Bluepaper.- Maiwald, M. And Blattel, B. (2017).  https://iop.global/wp-content/uploads/2017/11/IoP-Bluepaper.pdf