Comments on proof of identity

[virgile-dev]

The purpose of the proof of identity protocol (POI) is to avoid duplicates members in the network (which is very important as verified members provoke minting of VOTE tokens which are then allocated to them).

POI is then more about telling if someone is unique on the network rather than telling that a person is who he/she says he/she is.

To complete the POI protocol we should develop a technology that would be able to tell if an individual has already made its proof of identity video. It could be by generating a unique hash of a facial recognition and look for duplicate every time a video is published for review (need techies inspiration for how this could work).

In that line of thinking Little brothers attention mining would be more about verifying that the video format respect the rules set in the protocol (no mask etc.) and verifying that the info / evidence demonstrated in the video matches the meta data of the identity.

[herbstephens]

Hey @virgile-dev ..agree .. as I understand, 'Little Brothers' is more about verifying the criteria of the video post .. and not relying on LB for catching duplicates.

[santisiri]

POIs should be (included this on paper today):

• Incorruptible: The video file must be protected against any modifications once it has been used as a source for proof.
• Truthful: The contents expressed in the proof must be proven by other parties as valid or invalid.
• Singular: The proof shall validate a single identity and forbid having a same identity connected to other proofs.

How many identities are out there, impact generation of token. This is critical, and very hard to nail. I need help.

[paula-berman]

Santi there are many different papers on the subject, any favorites? https://scholar.google.com.br/scholar?as_ylo=2017&q=%22structured+p2p+networks%22+sybil+attacks&hl=en&as_sdt=0,5&as_vis=1

[paula-berman]

I'm reading this one rn https://pdfs.semanticscholar.org/c964/aa09b2ad17717669ccf55ab4a8e369b189d3.pdf

[herbstephens]

@santisiri ..@sandra and I did some work around "dinotid" ("Digital Notarized ID") .. physical process of creating a digital ID in front of a legal notary ..essentially using a digital wallet to create unique, new key pairs ..and thus have a public key legally tied to that person showing state-issued ID. Upon creation and subsequent verification [by notary registered with the State and already registered to a blockchain]...new public key is on blockchain. Bonus: great way to install wallets for citizens ...as process walks citizen through ... downloading app/wallet, generating address, printing out private keys, printing 'wet ink' notarized paper (with PK as new ID number), etc. To show false ID to notary would be a crime. Would this help??

[SFSandra]

Something interesting to add here - Kodak was interested in being part of the project (did you know they make the printing dies for all U.S. money?) , and the CEO has also invested in a biometrics ID company that is in use at airports now.

[santisiri]

@herbstephens a legacy approach in my view won't cut it for the paper. we need something that scales globally and is intrinsic to crypto.

[herbstephens]

@santisiri agree for long-term .. but reality is we unfortunately live in a 'bridged world' right now...one foot in analog/legacy, one foot in digital/future. My only (legal) ID is analog and legacy. I think our approach has to be an honest one .. stating (as you did) that we do (and will) work with many ID providers and within requirements of given ORG and that much still needs to be figured out - technically and socially. Also, I believe that dilution (fake IDs, basically) will not be a major concern IF we incorporate ability for 'clawback' [taking ID and tokens IF certain paramers are met].

[santisiri]

agree, but none of that makes sense to include in a paper of this nature. by definition we would be leaving out most of humanity (myself included).

[SFSandra]

Re: @santisiri 's comment to @herbstephens "a legacy approach in my view won't cut it for the paper. we need something that scales globally and is intrinsic to crypto."

It's entirely possible that I'm just too uneducated/naive on the topic - but when I look at the existing/vaunted POI systems they all seem to have a legacy component - India's Aadhaar system collects biometrics (iris scan, fingerprints). In Estonia's ID-kaart system the citizen brings an identity document issued by the state plus has a photo taken...are there any ID solutions out there or being considered that don't have some legacy component? Phillip Rosedale at High Fidelity is convinced there will always have to be a biometric element to authenticating a person's identity in virtual reality.

Is it reasonable to expect that there is any solution that is immediately globally scalable? I don't see that as a stopper, just a reality that, in the beginning, ID solutions will have some legacy features of the issuing nation-state - isn't that unavoidable?

[SFSandra]

@virgile-dev @paulamlb @santisiri @herbstephens I've been reading IDcubed's paper on digital ID - they put their 10 principles of identity on Github here.. their statement of vision/mission has similarities to our manifesto and their white paper has eerie echoes of our Open Source paper - theirs is titled Towards A Post Industrial Networked Democracy: A Decentralized Data Commons for The Exchange Of Tokens of Trust and Value

Excerpt where they talk about multiple roles, like DEF "Multiple Personas and Proof of Standing Metrics; Individuals have multiple analog and digital identities – personal, professional, recreational, financial – each of which have their own credential to verify their specific attributes. In order for the digital subject to have control over their digital identities, the digital subject needs to control all these multiple ”personas” and have them linked to their root identity. Personas can also be official identities – medical – passport – each verified by trusted tokens of an official authority that signs and attests to the veracity of certain attributes or assertions – such as, college education and performance, job and competency attainments etc. Such trust tokens may be required as proof of standing for some oversight or qualification for participation or reward. For example, an individual has standing in a particular event or action if they are a direct participant – as either the initiator or recipient of an action – or the witness to an action. Standing can be a highly flexible tool that allows for bottom up democracy in determining how to form and govern groups and allocate resources and rewards. The computation of a proof of standing should be done in a provable and independent fashion. In some respects, it is like an independent reputation metric that is contextual, dynamic, time and place dependent. For example, in order to design effective democratic oversight processes, proof of standing would be used to qualify who could vote on a particular issue or have sufficient standing to render oversight judgments. Proof of standing combines the best of both direct and representative democracy as it allocates decision rights specifically to those who are affected by an issue or decision and those who may have the expertise to render informed decisions."

Seems appropriate if we, too, handled POI discussion in the same way as these guys have....laying their ideas out as a work in progress but not an airtight solution as yet.

[santisiri]

Very interesting, thanks for pointing this out @SFSandra. Helps to see that we are not alone in trying to figure this out.

[paula-berman]

The other thing is... a lot of the research on how to prevent sybil attacks deals with imposing challenges that sybils could not fulfill. So, requesting more POI over time is doing that, as a dead person could not make another video. But I also thought about fake POI videos as a captcha that only real and alive people could detect. We could automate the generation of those fake POIs by mixing videos, eliminating voices, inserting images in the middle, and all sort of distortions. We solve two things at once bc also helps increase the confiability of authentic attention mining. Just had this idea... what do you think?

[SFSandra]

the idea that the simple genius of captcha can be applied to POI is very compelling..

[herbstephens]

Agree @SFSandra @paulamlb @santisiri ... using video captcha for POI compelling.

What about POI from the ORG perspective? Using the SELF/ORG/ANON framework .. POI (so far) has been centered on the 'SELF' (of self-sovereign) and how an individual proves their individual ID (to sign up and get VOTEs). Of course, voting doesn't exist without the ORG ... and the ORG's verification that SELF belongs to the ORG.

Can we triangulate in some way with the ORG proving that a particular SELF is 1) part of ORG and 2) a unique individual. (?)

[santisiri]

pretty amazing comment @herbstephens considering yesterday i've been writing exactly that to @paulamlb on chat :)

[virgile-dev]

Hey @herbstephens , we were saying exactly that during the call you missed on wednesday.

POI should be an organization centric protocol. In a way a SSI becomes an active member only if when he joins an organization and starts participating. I'd go even a little bit further, the attention mining / little brother certification should be made by organization members since they are more prone to be able to tell if POI documents are OK.

From that perspective the process diagram would be updated in this way :

[santisiri]

@virgile-dev omg another MASTERPIECE. review that section again (if you have the time). tl;dr is: I refer to 'duplicate identities' (the one and only threat if we are actually reaching for 10 billion humans) as 'replicants'.

[virgile-dev]

And while Facebook mines user attention for profit, the Democracy Earth network will use the same resource to strengthen the trust of the vote token in a process referred as Proof of Identity. As we acknowledge the growing political influence social media already has in the world, the urgency of laying out an open social network that is uncensorable, sovereign and free becomes pressing.

This is brilliant guys, it makes the whole purpose of attention mining much clearer

[paula-berman]

"The Criteria used for the Singularity score is also subject for voting by every validated POI participating in the network. Democracies are a always a work in progress, perpetually self-correcting with a feedback loop that defines how the observers get observed. The threshold that establishes the sovereign right to vote must constantly adapt to the exponential growth of computing capacity that can risk subverting the network. By being backed with a decentralized identity index using an incorruptible blockchain that gets maintained with distributed attention (i.e. an open face book), the vote token becomes a trusted device for a digital democracy to emerge anywhere. Allocating attention to secure the network not only brings consciousness to a system otherwise blind to Artificial Intelligences, but also allows participants to own their identities without being coerced by a centralized power that could monetize from it without consent. Conscious attention must always be put in the service of strengthening a global democracy because it is only in the realm of human consciousness that we can define what it means to be human."

[santisiri]

what excites me the most is the process that we are finding among us all (in california, new york, brazil, paris or argentina) to build this amazing stuff.

[SFSandra]

If someone has an OpenID would/could that be accepted as a POI for getting a vote token?

[santisiri]

@SFSandra wow, so many memories. That's more oriented towards an authentication standard for online services that competed with OAuth if I recall properly. Many years ago I reserached on this.

[arcalinea]

Concerned about privacy implications of the video-based identity verification proposal in the whitepaper. The validators can be anyone who volunteers to review this personal information, which is hashed and stored on-chain, right? Does not seem like a good idea for users to submit personal information to random people in the network. Instead, users should be able to choose who they trust to get identity attestations from, and others can choose whether to trust that attestation.

Also, where are the videos with personal information stored, since validators must be able to view it, and it's stored somewhere as proof? If in a decentralized data store, how are they secured? Are users keeping the copy to themselves, and communicating directly with validators to share it? If so, then how would a third-party check it?

[santisiri]

@arcalinea great points.

regarding storage: video proofs can be stored privately if desired. only relevant thing to have stored in public is its hash encoded on a bitcoin transaction. in that sense: we guarantee privacy of the information contained and self-sovereign can send it to trusted participants to get their vote in a controlled way (not public).

i think that answers your first concern too.

[arcalinea]

Also, instead of hashing a video, why not just have a form of some sort with fields for certain kinds of identity data? Would be much more straightforward to create and verify. If there's any incentive to fake it, videos can still be easily faked, so any verification is eventually going to rest on the social proof in a "web of trust" anyways. Plus, future cryptographic protocols could work more easily with form data. For example, zk-SNARKS could likely be used to create proofs to verify certain attributes to third-parties without revealing sensitive information. Society has evolved to use forms everywhere because forms play well with databases.

[arcalinea]

Getting a decentralized identity system working well is hard, and it's just one component here. Glad you guys are working on this project though :)

[santisiri]

@arcalinea yes, but i think that we need to address the core of how identity gets generated with a protocol that can rely on evidence (not just stated facts). it's likely other tokens will already include these kind of attestations (ie: civic), so interoperating with those i think could be feasible.

[dylangessner]

+1 to the idea of interoperating with other self-sovereign identity management protocols like uPort and Civic

[adamstallard]

In the paper, it's proposed that we follow the W3Cs specification of DIDs. This is a specification to publicly (on a blockchain) verify control of globally legible identifiers--like a website domain--by an entity--like a person or an organization. It's done by binding identifiers to a public key. This is great for publicly proving that I am who I say I am--for instance that I control this user or this website, but why is this a recommendation for a global democracy? For a global, liquid democracy, transferring votes could (and I would argue should) be done privately, not publicly. The actual voting could (and possibly should) be done anonymously, not requiring any proof that I am who I say I am. Global citizenship and unique personhood are exactly the same thing; no identifying information should be required.

I have a similar concern about all the personal information and my image itself in the video "proof." Why are we collecting it?

I have a similar concern about uPort, Civic, Sovrin, Bloom, et alia: they require me to collect attestations from 3rd-party agencies about certain attributes of my "identity". Which one(s) of these attributes equate to my being a unique person? Do I just go to an office somewhere and they say "I've never seen your face (or never heard your name) before--you must be unique" and then I get a stamp from them that says I'm unique?

[adamstallard]

Does the proof-of-identity in DemocracyEarth rely on software that can match faces combined with the human ability of judges to tell whether or not someone is disguising their face in some way?

Are we open to using a different approach altogether?