This article will shed a narrow light on the global financial war being fought over the control of user’s data. It will solely highlight Efani, a company who is waging a silent, but deadly, guerrilla war against the current standards of user data protections.
These are simply my thoughts on a proposed solution to data security via mobile phone hardware services.
Efani is a telecom SIM service. It’s a mobile service provider that claims to ensure secure access to existing networks. Efani wants to protect you from other people assuming your identity through your mobile device – before that adversely affects your life.
I believe these services are an absolute necessity in a modern and globally decentralized financial system. Will Efani remain the sole defender of user data privacy on domestic US telecom networks? Only time and the open market can claim to know the answer.
In my own observations, modern companies that sell-out their user’s data need to have those profitable practices fundamentally rejected by the market. In this current digitally globalized environment, a user’s rights to privacy are routinely infringed based on a terms of service agreements that most users DO NOT read.
The valuation of Facebook is not based on the value of their technology to the user. Their valuation is based on the value of the user’s data to other entities who want to access it effectively.
Some people may think Facebook is adding value to their lives, but that value is not realized by the user without Facebook pushing back against that claim in almost every way in every jurisdiction they service.
The markets that these entities service need to have the data they access distributed away from centralized control. The value of the user’s data needs to always belong to the user first – and exchanged for a good or service after the value has been realized primarily to the user first.
Inversely, companies that protect their user’s data, while increasing the ability to interoperate in traditionally data-centralized systems, like telecoms and finance, need to be highlighted and rewarded for their innovations in the face of this modern market environment.
Some companies, like Efani, have decided to compete against these traditional user data aggregator giants.
They are the last line of defense against the complete abstraction of the value of information in the form of data to the user who creates it. This data-utility dilemma establishes a problem that leads to an imbalance of value between the data of the user in relation to the service provided by a third party.
How far must a user’s natural rights be infringed upon before basic protections are not a marketable service but, become a user data privacy standard? Tough question, but it creates a small voice of reason when the answer is pondered.
The main issue with the current user-data security model lies in the valuation of your data to the entity that provides access to a good or service in exchange to access a user’s data – this synthetic imbalance always favors the service provider generating them a realized portion of the value of your data as profit.
Your personal information, in the form of the data you create by interacting in a digitally globalized world, is priceless – but only to you. Other people only want your data to increase their own value.
The Founder and CEO of Efani, Haseeb Awan, says this in the best way,
We’ve more Identities linked to our telephone number than the social network. Think about it, a personal corporation has far more data on you than the government itself, and that organization is only meant to maximize their profit and serve its stakeholders. Rest assured, you don’t count as a stakeholder. You’re just a product for them, who serve their purpose as they want.
Haseeb’s entire blog is an actual goldmine of wisdom in this sense. I implore you to read up on this thought leader. The user-facing hardware service that Hasseb, through Efani, is focused on is commonly called a SIM card.
A SIM card, a subscriber identity module, or subscriber identification module is an integrated circuit that is intended to securely store the international mobile subscriber identity number and its related key, which are used to identify and authenticate subscribers on mobile telephony devices.
If you have a mobile phone through a traditional carrier network in the United States, it has a SIM Card. If you want to migrate your information from one service to another, that information comes from your SIM card (even if a virtual clone is stored on a server somewhere the raw data is coming from your device).
Your worldview is based on this data, and your value to society is judged by it. The more we use our phones to explore the world, connected to a mobile network, the more valuable data you create around yourself and your actions.
In the eastern world socioeconomic credit systems proposed to be run on mobile phones is becoming a major trend. Driving the rest of the world to ask hard questions about social norms in relation to technology and data privacy to adapt to this dynamic model.
The SIM card on mobile phones is traditionally the only reliable way users can protect their identity from others around the world claiming it.
However, this information is rarely actually protected by the service providers, because it costs too much for them to offer security as a part of their terms of service throughout the customer’s life-cycle. Again, they just want to sell your data for profit – not protect you from illicit access of that same data later on.
In fact, entire deep-web marketplaces exist to trade and exchange known user information based on cracks/hacks/stacks of badly managed user data that has already escaped from the data-prison that is centralized corporate or cloud servers. Cell phone information is a relatively easy attack vector once identified. Robocaller volume is a perfect example of this increasing trend.
Unfortunately, most people don’t worry about their information being compromised until it adversely affects their financial lives. However, by the time these red flags are noticed it is much too late to do anything about the availability of your data all over the internet. Tracking down the source of the exchange of your information through these deeper channels is fruitless.
How might this information be used against you? Let’s explain an intriguing tactic known as a Sim swap.
A SIM swap is when nefarious actors access your basic information online and combine it with a digital sleight of hand to switch the SIM on your mobile device for one under their control.
Once your device’s SIM is established under their control, they can brute-bypass traditional 2FA security and begin to essentially do whatever they want through your device as you. Because you are your SIM to the telecoms companies. But what happens when someone else breaks those terms – as you (or your SIM)? Who is responsibly for that breach of contract?
Let’s paint a picture to show this question in a hypothetical sense. In our example let’s assume hackers want to liquidate digital assets from an online exchange you use, or even your traditional bank account.
For this to happen, attackers only need to access a telecom carriers notoriously terrible customer service network to exchange your basic user information (which they obtained nefariously) in exchange for access to your mobile device just so that they can pretend to be you for a few more moments.
Once they have tricked this telecom service provider into thinking that they are you, the burden of proof for really claiming your identity back is now solely on you.
Meanwhile, as you rush to figure out how you can prove to a customer service representative that you are who you claim to be – which to them seems like a phishing attempt in itself.
In the eyes of the service provider, you are claiming not to be you – you have been hacked; but you also no longer have any other means of proving your identity without giving up MORE information to the telecom.
As you fight this paradoxical battle over the phone with customer support, the nefarious actors are now changing your email password. You can’t even access the digital files proving your identity now. In an additional stroke of woe-unto-you, they discover links to reset your financial passwords via your bank/digital exchange service. Now you can’t pay for anything in the hopes of restoring access to your services.
Meanwhile telecom customer support needs more proof that you are who you say you are. By now the attackers are figuring out how to move your assets out of your accounts. They are porting over as much of your personal information for future use as they can get. And they are starting to burn the bridges that lead back to their bad actions. You could lose everything.
So how do you prevent this from happening? Well once it has already happened – damn, good luck. We need to think about discouraging the attack from ever occurring. What are the options? Well you really have to think outside the box, adapt to the attacker strategy, and chase after the source of any previously leaked identity online. This may be a seemingly impossible task for the average human – that is unless you utilize Efani.
Efani is like the personal digital bodyguard that reacts to a threat before it becomes one. This reaction time is were its value lies inherently. Efani is a fraud-seeking digital search-and-destroy missile system for your digital identity and it WILL go after the source of the threat before attacks seek the same information for nefarious means.
Remember, this is a financial war fought over control of data. In times of war, ammunition depots are almost always destroyed to stop them from falling into enemy hands. Efani is willing to go blow up your ‘data-ammo’, wherever it may be, before attacks can use it against you.
After this base service, Efani goes even further to ensure that you are protected from the threat of your data being exposed to such networks again. They do this in brilliant ways. The security service of their business model is HIGHLY advantageous when compared to traditional mobile phone service packages.
To a data aggregation company such as a telecom, search engine service, email provider, or even a social media platform, your data is not priceless. In fact your data has a dynamic price attached to it. These services sell that information to third parties when the cost of securing the same data drops below the profit point for securing it.
Firms buy this information on surface markets and sell this information on sub-surface markets.
This is good business in the world of centralized finance. And terrible business in the world of decentralized finance. As the world continues to race towards a distributed financial environment, so too must the services that provide security to that ecosystem adjust to value their customer’s secured data over the free-market’s bid to access it.
Some may consider themselves immune to such notions. They would claim that they do not have an attack vector that is worth exploiting because they are not “valuable enough”. This baseless assumption is the reason why there exists both surface and underground marketplaces to sell people’s data to others who value it more than the originator.
To consider your data worthless, and not in need of protection, you fundamentally give up the right to protect it, and pass that right onto the service providers.
Efani, assumes that sacred right of privacy in exchange for a fee that includes the traditional mobile network experience. You aren’t sacrificing data security for access to a network – you are ensuring that a portion of that service fee is directly spent protecting you against harmful actions originating from the use of your data. Their service lies in prevention of existing data being used against you, and ensuring future data generated is not sold, shared, or exchanged by other users.
Hasseb, when asked about his ideas of data ownership again strikes true with this quote that he shared with a trusted advisor of mine, this is the quote that inspired me to look deeply into his service as a philosophical stance, not a simple product offering:
Personal information such as your name, DOB, House/Work address, occupants in the house as well as your cellphone records and the live location is also available on the illegal markets. Think about if a criminal is paying for it, what return does he expect to get out of this investment? Would you prefer to pay for a product or want to be a product sold to criminals?
I want to see other mobile networks even attempt to begin to talk about how they protect their user’s data outside of their own systems.
I would applaud a domestic cell carrier to even acknowledge the amount of information that has been gleaned from their systems already by bad actors. In fact, I would even go so far as to ask them whose actually owns that information. The answer would surprise you I would wager.
Efani is challenging the status quo of mobile data security by calling into question the proposed value of a user’s information in a data driven world. Should this be a feature in a modern market? Should we assume our data is not protected until we pay someone to protect it?
Until we can force information and user generated data to be valuable to the user first, such security services as features are an absolute necessity – especially if you are involved in digital economic spaces, where ‘proof of self’ lies in the pudding, and the pudding is your SIM card.
Cheers to Hasseb Awan, through his company Efani, for calling current standards inadequate and offering the market a fair and effective way to protect themselves. Perhaps one day in the future we won’t have to worry about the attack on our right to privacy, until then I will continue to look for the best weapons to defend oneself from an aggressor – Efani is one of those services.