UNIT- 4

Online identity management (OIM)

Online identity management (OIM), also known as online image management, online
personal branding, or personal reputation management (PRM), is a set of methods
for generating a distinguished web presence of a person on the Internet. Online identity
management also refers to identity exposure and identity disclosure, and has particularly
developed in the management on online identity in social network services or online
dating services.

Identity management is also an important building block of cybersecurity. It forms the

basis for most access control types and establishing accountability online.

The Objective of Online Identity Management is to:

1. Maximize the appearances of positive online references about a specific person,

targeting not only to users that actively search for that person on any search
engine, but also to those that eventually can reach a person's reference while
browsing the web.
2. Build an online identity in case the person's web presence is minimal or
nonexistent.
3. Solve online reputation problems. In this case, the process can also be
named online reputation management.[9]
4. To express opinions that may be unheard, if the person's reputation was not
previously favored.
Digital Identity

A digital identity is data stored on computer systems relating to an individual,

organization, application, or device. For individuals, it involves the collection
of personal data that is essential for facilitating automated access to digital
services, confirming one's identity on the internet, and allowing digital systems to
manage interactions between different parties. It is a component of a person's
social identity in the digital realm, often referred to as their online identity.
Digital identities are composed of the full range of data produced by a person's
activities on the internet, which may include usernames and passwords, search
histories, dates of birth, social security numbers, and records of online purchases.
When such personal information is accessible in the public domain, it can be used
by others to piece together a person's offline identity. Furthermore, this information
can be compiled to construct a "data double"—a comprehensive profile created
from a person's scattered digital footprints across various platforms. These profiles
are instrumental in enabling personalized experiences on the internet and within
different digital services.[1][2]
Should the exchange of personal data for online content and services become a
practice of the past, an alternative transactional model must emerge. As the
internet becomes more attuned to privacy concerns, media publishers, application
 developers, and online retailers are re-evaluating their strategies, sometimes
reinventing their business models completely. Increasingly, the trend is shifting
towards monetizing online offerings directly, with users being asked to pay for
access through subscriptions and other forms of payment, moving away from the
reliance on collecting personal data.

Identity Management Models

The digital identity models that have existed to date are mainly three:
 Centralized Model
 Federated Model
 Self-Sovereign Identity model

The Internet, a technology that is increasingly used in our daily lives, has presented us
with the challenge of identifying the ever-growing number of online users. For this reason,
together with the growth of the Internet, we have seen an increasing growth in the use of
digital identities. It is in this context that the definition of identity providers has been
coined. The latter are entities that, from the outset, have been responsible for creating
and managing the digital identities of users, identified by means of specific attributes
(such as e-mail and passwords).

Centralized model

The centralized model of digital identity is also called the ‘Silos Model’. Within this model, as mentioned
before, the organisation that creates the user identity for its service remains the central point of the
model.
To understand what is meant by a centralized digital identity model, one can think of all those services
where it is necessary to create an account with the organisation (e.g. Facebook) that runs that service.
The identity and all related information is stored and represented within the account.
Inside this model, users can create their own digital identity (often in the form of an ‘account’). The
identity is then effectively centralized by the organisations that act as identity providers (which in this
case is also the service provider itself) and allow users to access services, for example by requesting
‘secrets’ that only the user can know, such as a password or PIN.
All the user’s personal data is stored within the organisation’s internal databases, also called ‘Silos’
(hence the name ‘Silos model’).
The centralized model makes users completely ‘dependent’ on the organisations that hold their data,
and brings with it some potential risks and weaknesses:
 Since most personal data is held within centralized databases, there are cyber security
risks due to the fact that a leak of the organisation’s database would expose sensitive
user data (as seen in the many hacking incidents that have occurred in recent years, the
latest in time being EasyJet);
 Centralized digital identity systems have created what is known as the ‘multiple identity
phenomenon’. Users now find themselves having a different digital identity for each
service they use: Facebook, LinkedIn, Google, and any other account they may hold
online. This makes the user’s online experience more complicated and they have no way
of managing all their data within the same digital identity.
The centralized model is a simple model for organisations to use and to implement. It
allows companies to store the data of their users, and in this way keep a constant
relationship with the user (as long as he or she uses the service offered). On the other
hand, this model can potentially present security problems, as already seen in several
cases where users’ personal data have been stolen by hackers or have been somehow
exposed on the Internet. Moreover, this model does not have an approach that aims at
better management for the user, but only for the organisations that hold the data, creating
phenomena such as multiple identities.

Federated model

The centralized identity management model presents some problems in terms of how the
user’s experience of managing their online identity is handled. For this reason, over time,
a transition has been observed towards what is known as the federated model. The main
player of this identity model is the identity provider (IDP), which acts as a ‘bridge’
between the user and the service the user is accessing.
In the case of the federated model, the entity that actually ‘holds’ the user’s digital identity
and associated data is the identity provider. The user is able to use his digital identity
with the various services, always ‘passing’ through the IDP, which remains at the core of
the model.
An example of IDP at Italian level can be SPID: through a single identity, owned by a user
through one of the providers that is part of the ‘Federation’, the user is able to access
several services. Another example of federated digital identity management is
represented by Google: a Google user can now access several services in a federated
manner through his Google account (one can simply think of public wi-fi networks, which
require the user to identify himself by logging in to his Google or Facebook account).
This model of digital identity management makes it possible to avoid the phenomenon of
multiple identities for users, who through a single identity can enjoy a Single-Sign-On
experience. At the same time, also in this model, just as in the centralized one, a user is
not the true owner of his or her ‘digital’ data, which are instead always held by a third
party, i.e. the identity provider. For this reason, a federated digital identity model places
a heavy burden on the provider, who has to ‘be present’ in every access by the user to
online services. This, as can be deduced, also poses privacy risks to the user, since the
identity provider can effectively ‘monitor’ the services used with the user’s digital identity.

Self-Sovereign Identity model

A new and completely revolutionary way of managing digital identity is represented by the
Self Sovereign Identity paradigm. The SSI concept is completely user-centric, with the
user being the sole and independent owner of his or her digital identity and all associated
data.
 Self Sovereign Identity is a model that differs from the previous ones and aims to ensure
that the user remains the sole owner of his or her data (from the term Self-Sovereign),
thanks to the use of protocols such as Blockchain. In fact, the models described above
use a ‘centralised name system’ as a database to store the various identity-related
information. SSi replaces this by using the blockchain, creating what is known as a
‘decentralised name system’. It should also be noted that thanks to the essential
characteristics of a blockchain, such as immutability and resilience (no down time), the
Self-Sovereign Identity model boasts greater security for all actors involved.
Self-Sovereign Identity is a concept that is enabled by a number of innovations, such as
the DID and Verifiable Credentials standards that are being defined. The topic will be
explored through a series of guides covering every aspect of this new digital identity
paradigm.

Identity theft
Identity theft on social media occurs when someone steals personal information from
online profiles or interactions to impersonate someone else or commit fraud. This can
involve creating fake profiles, phishing, or gaining unauthorized access to accounts. The
risks include financial damage, reputational harm, and emotional distress.

What it is:
 Social media identity theft: involves the unauthorized use of another person's
personal information on social media platforms.
 This can include using someone's name, photo, or other details to create a fake profile,
which is then used for malicious purposes like phishing or scamming.
Common methods:
 Phishing:
Criminals send fake emails or messages designed to trick victims into revealing
personal information, such as login credentials.
 Fake profiles:
Cybercriminals create fake social media profiles using stolen or fabricated identities to
impersonate individuals or organizations.
 Account takeover:
Gaining unauthorized access to someone's existing social media account by stealing
their login credentials.
 Malware:
Malware can be used to track online activity and steal personal information, including
social media credentials.
 Risks and Consequences:
 Financial damage:
Identity theft can lead to unauthorized credit card charges, loans taken out in the
victim's name, and other financial fraud.
 Reputational harm:
Fake profiles can damage a victim's reputation by spreading misinformation or making
false claims.
 Emotional distress:
Victims of identity theft can experience stress, anxiety, and other mental health
challenges.
 Legal issues:
Using someone's identity for fraudulent purposes can have legal consequences.
How to protect yourself:
 Use strong passwords: Create unique and complex passwords for each social media
account.
 Enable two-factor authentication: This adds an extra layer of security to your
accounts.
 Be cautious about sharing information: Limit the amount of personal information you
share on social media.
 Monitor your accounts: Regularly check your social media profiles and credit reports
for any suspicious activity.
 Be aware of phishing attempts: Verify the authenticity of emails and messages before
clicking on any links or providing personal information.
 Report identity theft: If you suspect your identity has been stolen, report it to
the Federal Trade Commission (FTC).

Online social security issues in online social network

Online social networks present various security issues, including identity theft,
phishing attacks, data breaches, and the spread of malware. These issues
stem from the open nature of these platforms, which allows malicious actors
to exploit vulnerabilities in user profiles, privacy settings, and platform
infrastructure. Additionally, the vast amount of personal information shared on
 these networks makes them attractive targets for cybercriminals seeking to
exploit users or steal sensitive data.
Here's a more detailed look at some of the key security issues:

1. Identity Theft:
 Exploiting User Information:
Criminals can use information gleaned from social media profiles, like names,
addresses, and photos, to impersonate users and gain access to sensitive information
or commit fraudulent activities.
 Profile Cloning:
Attackers can create fake profiles that mimic legitimate users to deceive friends and
family into sharing sensitive information.
2. Phishing and Malware Attacks:
 Phishing:
Malicious actors may send fake emails or messages that appear to be from legitimate
sources, tricking users into revealing personal information or downloading malware.
 Malware:
Viruses and other malicious software can be spread through social media links,
attachments, or advertisements, infecting users' devices and potentially stealing their
data.
3. Data Breaches and Information Leakage:
 Vulnerability of Data Storage:
Social media platforms store large amounts of user data, making them vulnerable to
hacking and data breaches that can expose sensitive information like location data,
personal messages, and photos.
 Privacy Setting Loopholes:
Users may unintentionally disclose more information than they intend to due to unclear
or misconfigured privacy settings, leading to data leakage.
4. Cyberstalking and Harassment:
 Online Harassment:
Social media platforms can be used to harass, stalk, and bully users, potentially
leading to real-world harm.
 Cyberstalking:
 Criminals can track users' movements and activities online, potentially leading to real-
world threats.
5. Other Issues:
 Fake Profiles:
Bots and human-operated fake profiles can disrupt the online social environment,
potentially spreading misinformation or engaging in malicious activities.
 Clickjacking:
Attackers can use malicious techniques to make users unknowingly click on
something they don't intend to, potentially leading to malware infections or data
breaches.
 Social Engineering:
Criminals can use social engineering tactics to manipulate users into disclosing
sensitive information.
6. Privacy Risks:
 Information Leakage:
Users may inadvertently leak personal information through their posts, profile details,
and location settings, which can be used to identify them or track their activities.
 Data Mining:
Social media platforms collect and analyze user data, which can be used for targeted
advertising, user profiling, or other purposes that may raise privacy concerns.
7. Network Structural Attacks:
 Sybil Attacks:
Attackers create multiple fake accounts to influence discussions, manipulate public
opinion, or even infiltrate legitimate groups.
 Identity Clone Attacks:
Attackers create fake profiles that mimic legitimate users to deceive friends and family
into sharing sensitive information.