Imagine a world where everyone can prove their identity anywhere, anytime, seamlessly and securely.
Imagine a world where the data that describes you — that tells your story — is under your control.
That world does not exist today, but it can exist if enough people come together to support a global digital identity infrastructure for all of the people of the world, that we the people collectively and individually control.
Identity is a human right.
Privacy is a human right.
Security is a human right.
It's more than an aspiration, every one of us deserves to have our identity protected. Those who architect our access to the internet should not be able to bar us from interacting without compromising the security of our identity. And yet, in today's world the growing problem of identity fraud has caused a concerning degradation of the usefulness of our technology. The cost to the global economy is staggering. The lack of inclination to implement the technology that already exists to solve this problem is egregious.
Digital exploitation is now the world's 3rd largest economy at $5 Trillion in 2022.
With just over 5 billion internet users, this puts the annual cost of identity fraud at $1,000 per person.
This is an untenable situation!
If you're an average internet user, your personal data is being held by 350 companies.
That's 350 copies of you... Out of your control.
For the top 5% of people that number swells to an average of 2,834!
The vast majority of data breaches — 85% — are the direct result of compromised passwords.
Personal Identity Information is the primary target of most data breaches — Your identity is not safe.
This is what the human identity infrastructure is being built to eliminate.
Identity is not the problem.
Technology is constantly evolving. The internet was built as a means for human beings to exchange information. It's a place to share stories. It educates us, connects us, and brings value to our lives. We are making it up as we go, and as technology advances we are able to make improvements to what we are capable of doing.
Not all advances in technology make things better. The rise of AI technology has made it harder to know whether you are even interacting with a real person online. A constant stream of new cyber security threats have made protecting your assets and identity harder and harder. As new technology is invented to take advantage of people on the internet, we must evolve by developing new safeguards.
The time has come to develop global infrastructure to stop identity fraud by solving the real problem.
The problem is not identification:
Who are you?
The problem is authentication:
Can I trust that you are, in fact, who you claim to be?
Are you human?
The current system is built around authentication factors. Businesses rely on individuals to self-identify. To open an account they ask a series of questions and store the answers on their servers, to login they check to be sure you still know the answers you provided. They also collect data without your consent, like about your preferences, your purchase activity, your scrolling and search history, your ethnicity, your medical history… Information you probably wouldn’t give anyone willingly. Increasingly your personal data is being collected and stored and shared and sold.
Businesses even make unrestricted access to your personal data part of their terms of service. Many claim they don’t intend to share or sell it, but you wouldn’t know it if they did.
Regardless of whether they are trustworthy guardians of the lists of user credentials they compile, having millions of these lists in circulation is a security issue. The processes they use are far too easy to break or spoof. This is why identity fraud is such a major issue, and why 85% of all successful cyber-attacks are a direct result of credential theft.
The information they collect about you is valuable. The data is stored across countless databases, some of which are virtually unprotected against hackers and identity thieves. Breaches have become so normal, most go completely unreported. Which brings us to the fundamental issue at the core of "the identity problem" itself:
Your identity does not belong to them.
Businesses for years have profited off the problem, and only seek solutions they can further profit from. Businesses do not serve the public. They serve their owners. Businesses that are powerful enough to implement solutions to this situation are too busy exploiting our data to implement any "solution" that they cannot control and monetize for themselves.
The corporate response to the rise in security breaches has been effectively more of the same strategy that’s been failing. Collect more user data to have more authentication factors, create more lists of personal secrets to keep on more servers, and ask users to perform more tasks to prove identity in an endless game of whack a mole aimed at stopping bad actors from taking advantage of the system's inherent flaws — all without ever addressing those flaws in the first place.
All of these so-called security measures create an ever-growing set of insecure databases — filled with the personal data of billions of people who increasingly have less and less control over their own data, let alone any real knowledge of who has it, where it might be, and what they might be doing with it — all strewn across the internet in an ad hoc patchwork of cloned identity sources ripe for even more theft. In short, it's not working!
The solution cannot be more factors.
The solution must be a protocol that can be trusted by everyone because it actually serves everyone equally.
The solution is to start reducing the data points in circulation by eliminating their value. No one needs to know your first grade teacher’s name if no one can use it to break into your bank account.
The solution is in evolving our security technology to mimic how humans have always recognized each other — via the physical factors that make us unique. Our devices have sensors that mimic our senses. Those sensors are already used to record our faces, voices, and fingerprints. Our devices have perfect memories and will never forget anything we record on them unless we delete the data. All we need to do now is to combine the ability of our devices to recognize us in the physical world with a network that can make that recognition useful without violating our privacy. And the technology already exists to do it.
The solution is an independent human identity infrastructure that replaces authentication factors (like passwords, maiden names, birthdates, surveillance data, and other hackable personal trivia) with simple biometric confirmations. We call this zero-knowledge authentication. “Zero-knowledge” means that even the biometric scans performed by your device — that are the truest way to prove you are you — are never shared with the network. Nothing of any real value is ever stored or transmitted anywhere, making the entire network perfectly secure from end to end for every imaginable use case.
We can build a network that isn’t controlled or corrupted by the forces of unbridled capitalism. We can choose to use evolved technology to counter advancing cyber threats. We can choose to build a secure network that serves all of us equally.
All of us. Together.
This is why we're building
human identity infrastructure
hii is being built as an open source project with a simple mission: we will take back our privacy and security by providing all of the people, businesses, governments, and organizations of the world with FREE access to a single universal identity system that we can all rely upon to prove and protect our identities.
