Technology can help people create more sophisticated forms of misinformation, but it can also aid us in our quest to detect said information. New verification technologies - designed to confirm everything from the validity of an image to an identity - appear every day. We’ve highlighted and explored a few examples below, in addition to providing a run-down of blockchain, which has the potential to cause aseachange in the way we think about verification.
These blocks are public, meaning that all the parties in the network have access to them, but once a block is processed it cannot be altered or erased, and if any party wants to add new information, it needs to go through a validation process.
To certify information for a transaction to occur in a blockchain and avoid any type of fraud, blockchain relies on a “cryptographic protocol” which validates a transaction through a mathematical challenge. If anyone tries to alter a block that was already processed and recorded, the results from the challenge will be different than the ones that the network expects, stopping the processing of the information and, consequently, its addition to the record.
Blockchain allows trades to be made one on one, without intermediate parties (such as companies and banks). With blockchain, the transaction is made possible through a high amount of software codes that run on thousands of different computers, running the same software guaranteeing the transactions.
Once the transaction is initiated, it gets logged and is verified by other parties. If all the information matches and is verified, the transaction goes through without an intermediate and gets stored. If the initial parties want to make further transactions, the information of the previous one is already embedded in the ledger. Since it’s secured by cryptography, tracking isn’t possible, and the accounting system and ledger are owned by everybody instead of just one company.
Security: The structure of the “chain of blocks” makes it impossible to be violated, since if an intruder decides to try to alter or erase any recorded transactions, it would need to control more than half of thousands of interfaces to allow a change by consensus. So, in order to make any changes to a record, this update would need to be verified by the whole software coded databases, making it impossible for one intruder to have access to thousands of interfaces.
Availability:The decentralized structure keeps the network running and working properly, even if some nodes are disconnected from the network. Once these nodes are reconnected to the network, they are immediately updated.
Trust: Since all the records in the blockchain can’t be altered or erased, the parties can be sure that all transactions recorded are legitimate.
Transparency: All the transactions are public, meaning all nodes have access to it. The record of the identity of the users is possible using the cryptographic mechanism, which ensures that only legitimate users are participating in that transaction, providing even more security.
Blockchain allows verifiability of legitimacy. For example, in a trade, it allows the verification that one of the parties involved is the actual seller or producer of the item in question.
Blockchain can be used as a tool to sign cryptographically for a given attribute. For example, the Government can sign that a person is a US citizen, or an academic institution can sign that a student is properly enrolled. Since this information is public, the person in question has control and access to this record and can use it as a certification.
Blockchain allows for the record of users or clients in the system, which prevents identity fraud or fake identities. This can be particularly useful in contracts, for example, when transferring a properly or finalizing an electronic contract.
Blockchain technology by being persistent, transparent and public, gives the users that want to make a transaction a reliable database of previous and updated records. That secure and reliable database can be used to answer certain questions about the provenance, transparency, copyright ownership, valuation and authenticity of documents, products, properties and other information.
This technology can allow the connection of the networks of libraries and universities, supporting a skill sharing program since all the records would be public and could be used as a study case across different institutions.
Since blockchain is a distributed database, it’s possible to use this technology to distribute documents, manuals, academic articles, digitized books. Basically, blockchain can be use to distribute practically all types of information. This uniformity of information can be a groundbreaking system since it would allow records from museums, libraries and archives to cross and allow every institution to have the same information. It would be an exchange of information that can be made worldwide, giving opportunities, for example, for researchers to have more information to create their work that can be beneficial for all institutions. -ARdA
For those keeping up with current trends and events in the technology sector, it is nearly impossible to not be confronted with articles and discussions on the use of blockchain in today’s society. Even those not plugged in to technology news have likely heard of Bitcoin, the most well-known exemplar of the use of blockchain technology. While many are lauding the possibilities of blockchain, others are not so sure or ready to jump on the bandwagon. Writing for the Harvard Business Review, Marco Iansiti and Karim R. Lakhani express their reservations: “Although we share the enthusiasm for its potential, we worry about the hype.” What are the criticisms of blockchain that constitute these skeptics’ concerns?
Some Criticisms of Blockchain and Blockchain Technologies
Through studying the life cycle of adoption of new technologies, Iansiti and Lakhani argue that the growing pains currently experienced by blockchain technology are due to the fact that it is expected to merely be a disruptive technology, when in reality it is a foundational technology. A disruptive technology is one “which can attack a traditional business model with a lower-cost solution”, whereas a foundational technology seeks to fundamentally alter the infrastructure upon which the current business models are built. If Blockchain is ever going to be able to become what it purports to be, it will take time. Iansiti and Lakhani go on further to say “if there’s to be a blockchain revolution, many barriers—technological, governance, organizational, and even societal—will have to fall.” This large-scale blockchain revolution may or may not ever come to fruition, but In the meantime, blockchain will more likely than not continue to be implemented in localized or smaller-scale projects, or used in conjunction with traditional record-keeping methods.
There are legitimate concerns and criticisms about blockchain. Be skeptical about the hype that evangelizes blockchain as the solution to record-keeping information verification, but keep your eyes open to the occasions where blockchain technologies do have the capability to rise to the occasion and solve these challenges. More likely than not, blockchain technologies will only continue to mature and be implemented in more innovative ways to suit the needs of various user bases. -SA
Digital Identity Verification
By Clker-Free-Vector-Images, [Pixabay], CC0 Creative Commons
Modern life all but requires individuals to use online services to access goods and services. To do so, it is likely that the individual will be required to make an online account, which allows a user to have a personalized experience. In order to maintain that personalization, it is necessary for the individual to security as well. As online networks become more complex, and as nefarious online players gain increasingly adept hacking skills, it is necessary for service providers to move beyond the simple username and password combo.
Passwords and Knowledge-Based Authentication
The most common way users can verify their identity online is to provide a username and password. Knowledge-Based Authentication [KBA] may be employed by a website as an intermediary step for the user to retrieve or reset a forgotten password, or KBA might be an integral part of the identity verification process itself, in addition to a password. There are two types of KBA.
Static KBA relies upon the user typing in the same string of characters that was used to set up the answer to the question in the first place. “What is the name of your first pet?”, “Where did you go to high school?”, or “What was the name of your best friend in elementary school?” are examples of KBA questions which “rely upon information the user would readily know but not necessarily share.”
Dynamic KBA generates relatively unique questions that only the user should know by culling through publicly obtainable information, typically credit reports. An example of dynamic KBA would be if a website listed out four addresses, and asked you as a user to identify which address was a location at which you had previously lived.
Another increasingly common method of digital identity verification is the two-step authentication. Two-step authentication usually still includes, at minimum, the process of supplying some sort of password or user-knowable information, but the secondary step is the addition of a physical component of identity confirmation. Most commonly, this comes in the form of a website sending an SMS to the phone of the registered user providing an additional code needed to complete the login process. A prime example of two-step authentication is an ATM - the user requires the knowledge of a secret pin, in addition to their physical bank card in order to access their account information. There are additional types of security keys that can act as the “physical embodiment” for the two-step factor authentication. These can include USBs, key fobs, smart cards, cell phones, bluetooth devices, and many other forms. One engineer even designed a pair of earrings that can hold a device that can be used as the physical component of two-factor identification.
Social Logins
By Sebastiano_Rizzardo [Pixabay], CC0 Creative Commons
Companies and organizations requiring digital identity verification of their users walk along the tightrope of needing to securely identify users, while still cultivating a pleasant and not-too-cumbersome user experience. A survey by the company Econsultancy found that “... a quarter (26%) of respondents in a recent Econsultancy survey stating that being forced to register would cause them to abandon a purchase.” What is an online site to do? Enter the process of social logins. “Would you like to create an account or would you like to sign in via facebook, twitter, or google?” Sometimes the option of operating within a site by way of an external social login is encouragement enough to keep users on a site without “burdening” them to create yet another unique online account to fully access the engage with the site’s content or functions.
Of course this solution has its own problems. The visiting users’ accounts could be compromised if there is a problem with the social network servers, if the social network changes its terms of service, or if the user cancels their social network account. Additionally, if more than one social login is provided, a user might not be able to remember which login they used. Most notably, however, the social login options offered increased convenience at the expense of security and privacy. If a user’s social network account is hacked, the hacker could easily gain access to all of the user’s other online accounts for which the social login tool was used to login by proxy. Additionally, as evidenced by this year’s Cambridge Analytica scandal, using facebook as a social login put users at risk of their social data being harvested in ways they were either unaware of or did not consent to.
Biometrics
Moving steadfastly closer to realizing the vision of sci-fi films and literature, the use of biometrics for the purpose of digital identity verification continues to be employed and is being pushed for use in new ways. In the mobile phone arena, the use of a user’s fingerprint to unlock a phone was the first iteration of fingerprint biometrics widely presented to the public. Next up on the biometric docket is the use of facial recognition to verify identities. Other experiments in biometric recognition have been payment by selfie and MasterCard’s proposal of heartbeat recognition as an alternative to merely facial recognition. As with the social login option, the ability to use a fingerprint or a facial scan to identify oneself to an online entity makes the process more convenient, but biometrics are not inherently more secure just because they are inherently unique to each individual. Alvaro Bedoya, Professor of Law at Georgetown University, argues that, though they have their faults, passwords are intentionally secret and therefore private, whereas biometrics are “inherently public”. For example, fingerprint unlock hack “how-to” released by Mashable revealed that “people leave copies of their fingerprints everywhere - and lifting a copy can be used to unlock devices.” While use of biometrics offers one solution to digital identity verification, it is necessary to be cognizant of the potential associated risks.
Conclusion
As various digital verification processes continue to be improved, other innovative options are just getting their walking legs - like blockchain for identity management or the new World Wide Web Consortium (W3C) login standard WebAuthn, for example. Regardless of the status of a digital identity verification or login method, successful digital identity management platforms must balance their users’ security with their users’ interaction experience in order to be viable. Being mindful of how various verification and login methods operate can help users understand the risks and benefits associated with each type of digital identity verification. -SA
Some hoaxes can be detected through simple skepticism: the fairies that fooled Doyle, for example, bear a striking resemblance to paper cutouts - which they turned out to be. Others require more advanced knowledge, such as x-ray analysis combined with knowledge of when certain paints or canvases were developed in the context of researching art forgeries. As image forgery and tampering techniques have grown more sophisticated, our means of detecting doctored images have followed suit. In the words of information forensics researchers Schetinger, et al, we’re in the middle of “an arms race between forgers and forensics analysts.”
By Philip Halling [Geograph], Creative Commons.
You don’t have to get on Antiques Roadshow to see this in action. Some such forensic analyst “arms” are freely available tools that you don’t need to be an expert to use. If you suspect an image is a hoax, you can investigate it from the comfort of home. A few examples:
Error Level Analysis
When you resave a digital image, the whole image should compress at the same rate. Error Level Analysis (ELA) re-saves an image and identifies if there are portions of said image with different levels of compression - indicating that the image has probably been digitally modified. After ELA, different levels of compression show up brighter than the rest of the image.
And that’s really as much as you need to know about digital image compression to get the gist of the results of an Error Level Analysis. You can try it out yourself at FotoForensics.com, an ELA tool created and provided by Hacker Factor, a computer forensics research organization.
EXIF Data
The majority of digital cameras - including those on phones - collect data for every photo that you take and attach it to said photo as EXIF Data. This data varies, but typically includes the camera make and model, the GPS location, and the date and time of photo being taken, along with more technical details like shutter speed and lens type.
EXIF Data can be very useful if you want to determine if a photo was really taken where and when someone claims it was. You can only read EXIF Data in JPEG images, and there are ways for people to scrub the data before the post it (a good idea for privacy!). If you have a JPEG image and want to see if it has EXIF Data attached, you can use a free metadata-revealing services, like FindEXIF.com.
There are many ways to detect forged or doctored images, and more new methods are appearing all the time. A few developers have created tools combine methods, so that you can see, for example, an Image Error Analysis and the EXIF Data for an image all at once. Examples of this include ImageForensic.org and Image Error Level Analyser (it sounds like it just does ELA, but it’s been modified to include much more). Now that you have some of the relevant terms in your vocabulary, you can also conduct some searches of your own, finding the methods and tools that work best for you. -MM
