W3C home > Mailing lists > Public > public-credentials@w3.org > September 2020

Re: Who Watches the Watchmen? A Review of Subjective Approaches for Sybil-resistance in Proof of Personhood Protocols

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Thu, 10 Sep 2020 10:17:07 +0200
Message-ID: <CAKaEYhK25+qwYUTg3VqrxkkMDX7iRdtXLXEo5szeH0xgY-uoZg@mail.gmail.com>
To: "email@yancy.lol" <email@yancy.lol>
Cc: Adam Stallard <adam.stallard@gmail.com>, Wayne Chang <wyc@fastmail.fm>, W3C Credentials CG <public-credentials@w3.org>
On Thu, 10 Sep 2020 at 10:03, email@yancy.lol <email@yancy.lol> wrote:

> I agree that a one-person-per-vote system is ideal, however it's hard map
> such a system to cyber space directly without a central authority.
> Consider how one-vote-per-cpu can allow a way to directly prove the number
> of identities (cpus).  For example we know some entity is 10 cpus because
> they solve x of the last y blocks.  There is no need to trust any
> authority, only the  solution.
>

Funnily enough, this is exactly what Satoshi said.  He would have preferred
a more democratic process, but he didnt know how to do it without it being
gamed.  So we ended up with one CPU one vote.  This turned out to be
incredibly successful because it was a vector for building trust.


>
> I think Git system might be the closest to one-person-per-vote where you
> can know about how many people contribute to the longest known chain of
> commits of a git repo (the trunk branch) aka the current consensus.  Of
> course this doesn't map directly for a number of reasons (people are not
> simple cpus for one).
>

Yes, and you get anonymous people.  There's also

https://en.wikipedia.org/wiki/Goodhart%27s_law

When a measure becomes a target, it ceases to be a good measure

So what can start out as a good system can become increasingly gamed over
time.  Society is full of examples of this.

It's typical for people to have 3 or so identities on the web

What I think would be valuable in terms of verifiable claims is for a user
to be able to say this is my "main" or "preferred" identity.  That is the
one they use, say, for voting.  For vouching.  So that if you get a synonym
of that it will get translated to the main identity

Doesnt solve bot nets of course.  But perhaps that could be a separate
claim with incentives


>
> -Yancy
>
> On Wednesday, September 09, 2020 19:09 CEST, Adam Stallard <
> adam.stallard@gmail.com> wrote:
>
>
> Verifiable credentials can certainly help. At BrightID, we're working on
> way for a decentralized group of computer nodes that analyze an anonymous
> social graph and make determinations about uniqueness to collaborate to
> sign a credential for a user.
>
> These credentials also have a notion of "context" to avoid unwanted
> linkage between a user as they participate in various apps and networks. A
> user of app A should be able to prove they're using only one account there
> without linking that account to an account in app B.
>
> On Wed, Sep 9, 2020, 3:55 AM Melvin Carvalho <melvincarvalho@gmail.com>
> wrote:
>
>> I think this was the important insight of the paper here.  And I wonder
>> if it can be solved with verifiable credentials?
>>
>> "If blockchains are to become a significant public infrastructure,
>> particularly in the space of civic engagement, then Proof of Work's
>> “one-CPU-one-vote” or Proof of Stake's “one-dollar-one-vote” systems will
>> not suffice: in order to enable democratic governance, protocols that
>> signal unique human identities to enable "one-person-one-vote" systems must
>> be created."
>>
>> On Wed, 9 Sep 2020 at 12:50, Melvin Carvalho <melvincarvalho@gmail.com>
>> wrote:
>>
>>> PDF is here: https://arxiv.org/pdf/2008..05300.pdf
>>>
>>> Keywords: decentralized identity, Sybil-protection, crypto-governance
>>>
>>> Abstract.
>>>
>>> Most self-sovereign identity systems consist of strictly objective
>>> claims, cryptographically signed by trusted third party attestors. Lacking
>>> protocols in place to account for subjectivity, these systems do not form
>>> new sources of legitimacy that can address the central question concerning
>>> identity authentication: "Who verifies the verifier?". Instead, the
>>> legitimacy of claims is derived from traditional centralized institutions
>>> such as national ID issuers and KYC providers. Thisarchitecture has been
>>> employed, in part, to safeguard protocols from a vulnerability previously
>>> thought to be impossible to address in peer-to-peer systems: the Sybil
>>> attack, which refers to the abuse of an online system by creating many
>>> illegitimate virtual personas. Inspired by the progress in cryptocurrencies
>>> and blockchain technology, there has recently been a surge in networked
>>> protocols that make use of subjective inputs such as voting, vouching,and
>>> interpreting, to arrive at a decentralized and sybil-resistant consensus
>>> for identity. In this review, we will outline the approaches of these new
>>> and natively digital sources of authentication - their attributes,
>>> methodologies strengths, and weaknesses - and sketch out possible
>>> directions for future developments.
>>>
>>> On Wed, 9 Sep 2020 at 03:21, Wayne Chang <wyc@fastmail.fm> wrote:
>>>
>>>> link: https://arxiv.org/abs/2008.05300
>>>>
>>>> discussion from strangers on the internet:
>>>> https://news.ycombinator.com/item?id=24411076
>>>>
>>>
>>>
>
>
>
Received on Thursday, 10 September 2020 08:17:32 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:02 UTC