Re: Stopping "Bots" and "Fake News" from Adam Sobieski on 2017-08-15 (public-credentials@w3.org from August 2017)

From: Adam Sobieski <adamsobieski@hotmail.com>
Date: Tue, 15 Aug 2017 22:24:54 +0000
To: "public-credentials@w3.org" <public-credentials@w3.org>
Message-ID: <DM5PR01MB3275E776AF69A4286E092D99C58D0@DM5PR01MB3275.prod.exchangelabs.com>

David,

Thanks for these points.

Here is a Wikipedia article on know your customer: https://en.wikipedia.org/wiki/Know_your_customer .

Here is a note I wrote on these topics: https://github.com/w3c/webauthn/issues/521 .

It’s possible that multiple justifications or supporting evidences can be of use in supporting a real name or date of birth, a set of verifiable claims. This is an API topic pertinent to what is provided when a user is prompted to provide such data. A multi-select GUI could be provided for users to provide parallel evidences. We're accustomed to a driver’s license or passport sufficing; it could be that a dozen virtual documents, and claims from each, corroborate one another.

You might also be interested in: http://securityintelligence.com/identity-security-and-privacy-for-electronic-user-authentication/ , https://github.com/IBM-Bluemix/idemix-issuer-verifier , https://www.youtube.com/watch?v=gKK1PxGu6Fo .

Best regards,
Adam

--------

Hi Adam

You are correct in saying that VCs can easily enable users to present
their real names to web sites. The practical difficulty I envisage, at
least in the short term, is not in developing easy to use GUIs (I think
these already exist), but rather in getting an authoritative source such
as a government department to issue a VC containing your registered
name. Besides the bureaucracy that is involved in getting the government
to implement the VC technology, it is quite likely that no government
department has a correct list of all its citizens. It is well known that
some citizens have multiple SSNs, have different names in different
systems, and many systems do not have a complete register (e.g. passport
and driving licence systems). So who does the inspector trust?

If a site such as Facebook trusts a non-authoritative source to issue a
VC containing your name, then we are no better off, as fake news
providers will simply register a fake name with the non-authoritative VC
issuer.

Perhaps banks, who are now using very strong 'know your customer' rules
before they will open a new bank account, due to strong international
money laudering rules, could be the best option as a trusted issuer.

regards

David

Received on Tuesday, 15 August 2017 22:25:18 UTC