SSI – Your Questions Answered

Guides •
Jun 09, 2022 • logged_by: Hannah Loskamp

False assumptions and misconceptions circulate in the media about the potential and risks of SSI. In this article, we address some of those misconceptions and summarize the most important core aspects of SSI. By doing so, we create a clear picture of what SSI is and, above all, what SSI is not and should not be.

Can SSI data be stolen and used without my knowledge? Is SSI enabling a data market and further misuse of our data?

The focus of SSI lies on self-determined use and simultaneous data security for the individual. At the same time, data economy is important: the user should only ever have to disclose the necessary minimum of information about himself that is necessary for the use of a service. In summary, with SSI you can only decide who you give your data to, but not what happens to it – which is not a technical question, but is due to the trust frameworks and the implementation of policies. This is regulated via certification and approval, as this creates trust in the involved actors of the ecosystem. SSI itself does not offer any general protection against data misuse. Nevertheless, it represents the possibility of managing one’s own data securely and independently using the principle of decentralization. The services to which personal data is transmitted are ultimately also bound by the General Data Protection Regulation. You can not only decide to whom you give the data, but also how (e.g. as ZKP or as VP).

Why does SSI offer more privacy than current systems?

Because we don’t outsource our data to hundreds of platforms, but manage it centrally. Ideally, hacking a service would not result in the capture of thousands of user profiles with sensitive data, only worthless peer-to-peer connects. This creates more privacy and personal responsibility for personal data. Christopher Allan’s first article on SSI already says: The user can and should decide for himself who he or she shows personal data to and for what purpose. The prerequisite for this is interoperability and portability of identities. In a way, this idea is the core of SSI. But the statement that as a user I have complete sovereignty over my digital identity is often misunderstood and is wrong in this form.

Does SSI make me loose my anonymity?

Which data a service requests depends on the service and the legal requirements. If the service provider is not bound by a real name obligation, i.e. not obliged to query and check a real name, he cannot demand this from the user either (according to the General Data Protection Regulation). If he does this anyway, the user must agree and a specific reason must be given.

Why does SSI have nothing to do with blockchain?

SSI is often equated with blockchain technology. This creates the impression that SSI can only work together with blockchain. However, this is not the case. We have summarized a comprehensive explanation here: https://jolocom.io/blog/dezentrale-identitaten-not-blockchain/