- From: Christopher Allen <ChristopherA@lifewithalacrity.com>
- Date: Thu, 15 Aug 2024 20:22:19 -0700
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: W3C Credentials CG <public-credentials@w3.org>, Shannon Appelcline <shannon.appelcline@gmail.com>
- Message-ID: <CACrqygA6YfGMwh54TAGHsZ67UASzuU2ypQSRphhiYuvasohZ+g@mail.gmail.com>
On Thu, Aug 15, 2024 at 6:24 PM Manu Sporny <msporny@digitalbazaar.com> wrote: > I'm thrilled to announce a new research paper that's been in the > making for many months now about Personhood Credentials (PHCs), > artificial intelligence, and the value of privacy-preserving solutions > to online disinformation. An excellent addition to the literature on Proof of Personhood! Part of any good solution is first understanding the problem! I do still feel that we need more effort to understand risks of over-identification—how can we be the heroes the world needs if every action requires an ID?d As an example, many of the requirements to PoP is the use of Proof of Membership. However, Proof of Membership itself has some risks, including (but not exclusively) the "Clark Kent" risk where he is asked to prove that he is, or is not, a member of the superhero group. Refusal to present that proof makes Clark Kent suspicious. There was a group (defunct now?) called `humanetics` where we began to discuss some of the different PoP use cases and their requirements, which I believe is still an important area to tackle. (for some best practices is writing use cases see: https://hackmd.io/lGG23zFsQR6vsyqPZuCfkg ) However, I'm also particularly interested in seeing an "adversarial analysis", i.e. identifying the adversaries for those PoP use cases, ranging from those in common to multiple of the use cases, as well as those unique to singular use cases. And then using these to adapt and weigh their tradeoffs via risk modelling or some form of rubric. Several from the humanetics community joined with me to brainstorm about some PoP adversaries (see google doc at https://docs.google.com/document/d/1DBpSPDaeQ_Ooqq8yH4W47sOVzq5cz0nl7zX5VrBKImY ), and one of the first one we came up with started with one of the important requirements in many PoP use cases, that PoP should be "fair". So who are the adversaries of "fairness", what are their motivations, and what kinds of attacks can they make? This is what we came up with: Attacker Name: Boundary Breaker Assumptions - Public goods often have boundaries (in particular to keep the viability of the system intact, see Ostrom https://www.lifewithalacrity.com/article/10-design-principles-for-governing-the-commons/ ) - Established boundaries are often perceived as unfair. - We (the attacker) don’t want to destroy the value of the system, we want part of it. - We may perceive any legitimate means of changing the boundary as being not possible, too slow, too expensive, etc. Related systems may be used for leverage. Motivation: - Because of my lack of agreement on the boundaries of membership, I desire to change/subvert the boundaries (to include me or others like me, or exclude someone else). - Because the process to change boundaries is “unfair” (has favoritism), I desire to change/subvert the process. - Because I don’t have access to a process to change the boundaries, break the process. We wrote this is 2021, and I think reading this you'll see that this is EXACTLY the strategy used successfully in recent years by various political adversaries as well. My gut feel is that there are no perfect answers, and that like Arrow's Impossibility Theorem https://en.wikipedia.org/wiki/Arrow's_impossibility_theorem that there will be tradeoffs between the different choices, and that our job is to educate developers in fully considering ALL of those tradeoffs, and then make wise choices. I keep hoping that we can continue this kind of deep analysis at Rebooting Web of Trust https://www.eventbrite.com/e/rebooting-the-web-of-trust-13-2024-ventura-tickets-881441755017 . I hope some of you are considering submitting a topic paper and joining us there to discuss these types of problems and solutions. I also am willing to participate in any group that is willing to tackle these issues — it is part of my mission. Let me know! -- Christopher Allen
Received on Friday, 16 August 2024 03:23:00 UTC