Privacy on the Internet Computer

If the Internet Computer eventually should replace our current internet, it seems that there will be no more privacy (not even the flimsy pseudo-privacy we have now).

It seems to me that giving up all privacy when being online is not a desirable outcome.

Thoughts anybody? Thank you!

What do u mean by that ? How does it seem like there’s no privacy

If I understand it right (and I may not!) then you have to log into the Internet Computer to do anything. Authentication is mandatory (and currently enforced even with a hardware dongle).

And isn’t the ultimate goal for the Internet Computer to basically replace the internet as we know it? If that’s true then everybody will be logged in, no matter how they want to use the Internet Computer. I don’t know if there are any plans for privacy or usage without being authenticated. That’s what my question is about.

perhaps it’s just during this initial development phase where authentication is Uber difficult (seemingly) .

Hi Rich, thanks for your interest in the project!

I’m one of the devs who worked on the Internet Identity project leading up to Genesis, and I maintain the JavaScript SDK normally. Hope I can clear a few things up for you.

Logging in

Canisters don’t require any sort of authentication by default. The JS agent sets users up with an AnonymousIdentity, which is typically going to have permission to request data from canisters. Think of DSCVR’s logged-out view. However, as apps get more sophisticated, it becomes useful to have a persistent identity so that a user can log in as the same person repeatedly. That, along with high security by default, is what the Internet Identity is solving for.

Privacy with Internet Identity

The authentication code for the Internet Identity is pretty simple. It’s all inspectable at https://github.com/dfinity/internet-identity, and the identity is stored simply as a user number, a credential from the WebAuthentication creation ceremony, and an anonymous public key. The Internet Identity doesn’t know who you are, and doesn’t share any information between apps, not even your user number. It is simply a way of reliably logging in anonymously as the same user with multiple devices, while only requiring you to configure those devices once.

Internet Identity as mandatory

It may seem like that, because many of the developers we’ve partnered with have chosen to integrate with the Internet Identity. However, authentication isn’t ever a requirement that the organization imposes on apps, and developers can choose whether to integrate or to roll their own identity solution. We maintain a dedicated package that provides developers with the tools to create their own identity solutions in JavaScript that play nicely with Candid.

Hope this helps!

5 Likes

I’m not a developer, so forgive me my probable lack of understanding shining through in the following question:

I can create Internet Computer identity 1 with phone 1 using my thumb print. I can create an identity 2 on phone 2 with that same thumb print. Is there any party: WebAuthn, Dfinity, the government, etc. that can relate identity 1 to 2 through that same thumb print data?

No. Maybe a government could notice that both accounts were created from someone in the same location, but the data cryptographic data that is submitted to the Internet Identity by your security device does not include the biometric data, and has no other useful information. At most, which kind of device you used (maybe iphones would be distinguishable from Android phones).

2 Likes

“In the Android OS, fingerprint biometrics are required to be stored in the Trusted Execution Environment (TEE), where the information is encrypted and kept in a separate part of the smartphone, completely inaccessible to the regular OS. It can’t even be exported. Android can ask the TEE to verify a user’s identity using biometrics, but it can’t extract the biometric information. In other words, when the user stores their biometric information, such as a fingerprint, they’re not sharing that information outside of their own smartphone or tablet; they’re just establishing a way to identify themselves to their device.”

Source: How to use biometrics for authentication in Android