Why FIDO U2F Was Designed to Protect Your Privacy

If you are not a dictator, you probably love the Internet.

During the Arab Spring protests, social media played an important role in helping people to connect and organize protests against non-democratic governments. Inevitably, this created a backlash against such sites, intimidating them to provide information about individuals. In a discussion with a security engineer at one of the leading providers in this field, I really understood the concerns and the moral dilemma – you provide the tools, but also expose your user base, ultimately leading to punishment and death. One way it was phrased was “There have been times when we wished we didn’t have any personal data about our users. Arab Spring was one of those events.”

This highlights a key problem – do social media sites and e-mail providers themselves have a responsibility to ensure the integrity of their user base and their accounts? Even if a service is provided for free and on a best-effort basis?

Account integrity has been one of the main drivers for myself and Yubico. With this in mind, we’ve been one of the main contributors behind FIDO U2F (Universal Second Factor);  a high-security authentication technology designed to protect your online privacy. Two weeks ago, Google Accounts enabled support for FIDO U2F, and since then we have donated a large amount of blue Security Keys to global dissidents to help them protect their online identities from assaults by non-democratic forces.

The FIDO U2F Security Key is designed to be anonymous, a key without any publicly available serial number or central authority. The device is not tied to a user’s computer, phone, credit card, fingerprint or any means of a real identity. Every time you register a device to a new service, it generates a new set of cryptographic secrets that are only stored with the specific service, leaving no footprints. No personal data nor secrets are shared among service providers, making it impossible to track the user across multiple web sites.

Another aspect is openness and transparency; the technology behind U2F is public and documented. Anyone can implement and review, the are no hidden secrets. Yubico is actively contributing with open-source code to allow third-parties to make their own implementations. It is available to be used for good guys and for bad ones, but that is the way it has to be. Any organization that has tried to own and control online identity has failed.

YubiKeys and Security Keys supporting U2F are now available for anyone to order from our store and Amazon. In the future, you will walk into a retail store, and hanging among the gift cards,  any number of real and hidden secure online identities will be available for you.

In the picture above, a young Egyptian man paints civic-minded messages on a wall in downtown Alexandria, February 2011. The top line of the message he is painting reads, “I am Egyptian.” The message in blue on the far right reads,” I will throw the litter in the trash can.” And the second one from right reads, “I will respect the traffic lights.”

p.s. To learn more about Internet privacy from the advocates and experts in the field, join me at Pii, the Privacy Internet Identity conference, starting today in Palo Alto, CA. And read John Fontana’s blog on ZDNet on privacy.

Talk to our teamTalk to our team

Share this article:


  • AI is booming — but proving you’re human matters more than everIf you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains […]Read moreAIArtificial IntelligencephishingRSAC
  • Ditching passwords for good: Celebrating the inaugural World Passkey DayHave you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable? Odds are you cut your losses, packed up your things and moved on. Today is the day to do the same with your passwords: say goodbye forever! The reality is a majority of […]Read morepasskeyspasswordlessWorld Passkey Day
  • Digital security’s unique role in protecting our environmentAs sustainability expands to include social, economic, and technological challenges, cybersecurity has emerged as a top global threat – with cybercrime projected to cost $12 trillion this year. Stolen credentials and phishing account for 80% of breaches. At Yubico, making the world more secure is just part of how we care for the world around […]Read moreCSREarth DaySecure It ForwardSustainability
  • Breaking down Australia’s plan to combat AI-driven phishing scamsAcross Australia, cybercrime continues to be a major challenge impacting businesses, critical infrastructure and consumers alike. The use of AI by bad actors across the spectrum of cybercrime is on the rise, and as a result, credential phishing scams are becoming increasingly sophisticated. AI is effectively helping to lower the cost of phishing and increase […]Read moreAIAPACAustraliaphishing