newbreedofgeek
commented
1 year ago Also raised in - https://github.com/Itheum/datametaverse-evm/issues/4
Open newbreedofgeek opened 1 year ago
newbreedofgeek
commented
1 year ago Also raised in - https://github.com/Itheum/datametaverse-evm/issues/4
icegriffinguru
commented
1 year ago The IP can add/remove wallets as long as their is majority consensus on the action. (this prevents malicious parties from taking over identities and also enables a “recovery” mechanism for lost wallets)
What I'm doubting about here is recovery mechanism is more important than preventing identity tricks or multiple-identity scenario? Everything has trade-offs. We need to think about probabilities and priorities of each case.
If I lose my wallet key, I will also lose my identity on Itheum. The probability of losing my wallet key is very low and if I lose it, I will lose everything on my wallet. If I lose my wallet key, I think I'd better report it to Itheum team and Itheum team will block lost Identity - it's like when we lost our bank card or mobile phone, the official team helps us to block lost one and make new one for us.
Preventing scam or spam identities is a more serious problem than lose of wallet keys. Our main idea is to provide unique decentralized identities to people and the most important thing is to make identities as unique and confirmable, and to prevent scam identities. Multi-wallet DAO governance for one identity is not a desirable solution. In my opinion, it's like one person opens several companies and those several companies are trying to manage the same real estate.
To conclude, I think Single-wallet governance for identities is a solution, and when a user loses his/her key, he/she can report it to the team and the team has to suspend old identities and the user has to issue new identities. (Lose of a wallet key is the user's responsibility so it's reasonable that he issues his new identities by himself.)
newbreedofgeek
commented
1 year ago Tnx for the feedback @icegriffinguru
- If I lose my wallet key, I will also lose my identity on Itheum. The probability of losing my wallet key is very low and if I lose it, I will lose everything on my wallet. If I lose my wallet key, I think I'd better report it to Itheum team and Itheum team will block lost Identity - it's like when we lost our bank card or mobile phone, the official team helps us to block lost one and make new one for us.
The issue here is that eventually there wont be a central "Itheum team", the goal is to decentralise the protocol once it reaches a strong maturity on mainnet. BUT, what we can do is have a "Identity management DAO" or something like that who can with DAO governance be able to provide the service of blocking lost identities after proof has been provided. I've recently seen this with Lens Protocol, where they now have a Curation DAO to help flag spam in their community.
- Preventing scam or spam identities is a more serious problem than lose of wallet keys. Our main idea is to provide unique decentralized identities to people and the most important thing is to make identities as unique and confirmable, and to prevent scam identities. Multi-wallet DAO governance for one identity is not a desirable solution. In my opinion, it's like one person opens several companies and those several companies are trying to manage the same real estate.
Itheum's identity sub-system wont be able to prevent 100% of identity based scams or sybil attacks etc - but it should provide a good mechanism to reduce it without the need for fully doxing or forcing a person to leak all their personal information (like in a KYC). A "person" can still maintain high level of pseudonymous profiles and yet be able to build some "web3 reputation" into those profiles and therefore prove that they are not a BOT type actor. If we can pull this off, it opens up some powerful changes in the way web3 works - e.g. a DAO vote by an identity contract with good social reputation can be worth more than a DAO vote from an address with a lot of tokens (which might be a BOT or a whale with no reputation).
icegriffinguru
commented
1 year ago What I suggest is Several Identity Contracts and No DAO. (I don't need DAO governance over my LinkedIn profile. 😉)
newbreedofgeek
commented
1 year ago @icegriffinguru you are on the right track... eventually, I also feel a user will have several identity contracts/containers. More thinking needs to happen here, but we can keep this for a V2 of the identity design. Usually, when we do UI integrations with smart contracts, we usually find more "boundary cases" so let's complete the current "V1" design integration with the data dex and then test in the real-world, collect feedback, iterate and come up with a V2
icegriffinguru
commented
1 year ago okay. theory and practice are different. i will stick on current design
Based on current design of the identity sub-system, let look at the scenario of:
We need to understand this better and see if this really is an issue. As based on our current design, a human can technically have multiple "identities"... this may necessarily NOT be an issue as humans usually have multiple "identity profiles" - e.g. work identity profile, family identity profile etc
So we can say that our identity sub-system allows for a multiple identity profile structure... but this also means that now Address B will be able to mint multiple SBTs or NFTs that are meath to be for single human owners.. again, this is not a good example but it can provide some form of BOT or sybil attacks where attackers can get creative in the way they setup identities.
I feel our "claims" and "badges" based reputation system might also be "tricked".. as the reputation for Address B will be rolled up into both Identity X and Identity Y.
We should think of a way to get a way to "flag" this duplication into the identity somehow, or even into the identityFactory "events registry" somehow.. so the DAPP or SDK consumer can get some "flag" that states that Address B is is multiple identities.. and then it can make a decision on what to do next