TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Tech | Startup hopes single sign-on tool can help turn the tide against botnets Related reading: What to know when vetting and buying data subject request tech

rss_feed
GDPR-Ready_300x250-Ad

Bastian Purrer did something many people have done — or hope to do — in their professional careers. He leveraged the experiences and lessons from his past work experiences into a brand-new venture, one Purrer hopes can solve two problems he observed during his time in the digital space. 

Working as a marketer for e-commerce companies, Purrer saw firsthand how privacy was discarded when he was asked to purchase personal data for targeted advertising. When he moved to Indonesia and ran campaigns for political parties, Purrer was exposed to the world of artificial accounts and botnets, the same ones spreading disinformation across social media platforms to influence U.S. political events.

At business school, Purrer came to meet Shuyao Kong, who had worked at privacy-focused browser Brave and had her own experiences with botnets, and the pair decided to take on these issues in one fell swoop.

Kong and Purrer co-founded humanID, a single sign-on tool designed to verify users when they log on to a platform. It's a product the pair hopes can turn the tide in the battle against botnets.

humanID is a software development kit that functions as a single sign-on for various applications and websites. When a user logs on to a particular website, humanID verifies their phone number to ensure only one person is tied to an account.

"Let’s say you are logging onto platform A. You verify your phone number with humanID. We then, after verification, hash that phone number in a nonreversible way and only share that hash with platform A," Purrer explained. "We then delete the personally identifiable information on our end completely and only save the hash so no personal information is saved anywhere or ever communicated to a third party."

Should the same user log on to a different platform, humanID would identify the individual and go through the same process, only the second platform would receive a completely separate hash tied to the person's phone number. Purrer said this prevents companies from collaborating to create customer profiles.

The tool ensures each person has a unique phone number and stops individuals from operating multiple accounts on one device. humanID also does not encrypt a user's country code. Purrer said this level an important level of transparency, as botnets typically use codes derived from a short list of countries.

Purrer said one of the goals of humanID is to drive up the cost of operating botnets. By forcing users to deliver a unique phone number for each login, Purrer said it becomes much more challenging to curate an effective botnet.

"If you go on the dark web, you can buy bot networks for approximately one dollar apiece, and we are talking quality accounts with pictures and history and so on," Purrer said. "If you think about how much it would cost to maintain a phone number and the scale it would take to obtain many of them, it is considerably higher than that."

By driving up the costs of botnets, Purrer hopes it will help combat malicious campaigns started by government-backed groups and political campaigns to the average "bullies on the internet." While tech companies have taken steps to rid themselves of bots, Purrer believes these efforts have simply not gone far enough.

"Many people don’t see the specifics of how social media manipulation runs and how it can actually be slowed significantly with relatively easy steps, and those are the step we are taking," Purrer said. "When we talk to our clients, that’s the main selling position that we have because they are seeing so much spam coming in and even the smallest networks, communities and forums experience massive problems with bots, authentic users and spam."

As the co-founders had fruitless conversations with startup accelerators, Kong said a common refrain was there was no way to break through Big Tech's grasp on digital identities. It's a mindset Kong and Purrer want to prove wrong.

"We’ve done hundreds of customer testing. We’ve talked to hundreds of experts. People care about their privacy, but there is no better alternative that’s as easy as existing big tech solutions," Kong said. "Our ethos is to see if there is anything we can take from our experiences in the for-profit, private sectors that we can bring to the nonprofit sector and provide a solution that is nonprofit in nature but is just as good as a for-profit identity provider."

The main goal of humanID is to put a stop to the spread of "fake news" and abuse via botnets, but Purrer said other use cases have arisen through client interactions. One organization uses humanID to provide anonymity for any employees who wished to use the anti-addiction tools it provided. Another uses the tool to power a portal where staff can ask questions or report any illicit behavior without fear of retribution.

Purrer said humanID works in these situations because they are services employees would be hesitant to use should they be distrustful of their employer. 

Kong and Purrer have high expectations for the future of humanID. Purrer hopes it will be used as public infrastructure companies and entrepreneurs can expand and improve upon. Kong would like to see a future social media platform be built upon humanID.

The pair also wants to highlight the importance of digital identity, both right now in 2020 and beyond.

"Every human being should have one digital identity that is completely secured and protected. A good comparison is how democracy works," Purrer said. "We all get one vote, and it’s anonymous. Nobody knows how we voted, but it’s important that we can only vote once. That’s why democracy works."

Photo by Ben Sweet on Unsplash


Approved
CIPM, CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPT
Credits: 1

Submit for CPEs

Comments

If you want to comment on this post, you need to login.