Anonymity vs Validated Identity on the SAFE Network

The prospect of complete anonymity and communiation security on the SAFE network is one of its most important features, as discussed in another recent thread.

The flip side of this needs some discussion, too, I think.

Since the network is cryptographically secured, it is inherent that, even while anonymous, an address is verifiable as belonging to the signing identity. This should allow for the ablility for anyone to have a persona which can be verified as belonging to a publicly verified identity. This would be needed for various purposes such as banking, social networking, etc., where we WANT our communications tied to our physical person.

I am assuming that both of these uses can be managed within the same “account”, but would love to have a brief from @dirvine (or anyone else who knows) how this will be managed in the native account interface. It would be important to not cross-pollenate these states, but hopefully it won’t be necessary to have separate “accounts” for them, either.

I think you can ID yourself as John Doe, but they won’t be able to tell which account to associate with that, so you’d also have to let them know your MaidSafe unique ID. But if your name is indeed real, that’s basically the beginning of the end of your anonymity. Next they google your ID to figure out your activity on various forums where you maybe exchange files or tax evasion tips, and so on…

I would rather not take the convenience of using my main MaidSafe account than let any service provider know my account (which means even if this ID mapping thing was safe, I would not want to transact with them) because once you do, you admit you own the account and the account owner may legally responsible (now or in the future) to perform various activities mandated by the state. So I’d rather use cash, pencil and paper to take care of my fiat-related business (but that’s just me).

This is one of the areas we need to be really clear about, i recall posting about specific possible actions, and stating clearly the impacts of each action on privacy and anonymity for each.

The UI’s if SAFE apps should be easy to use in ways that preserve these, harder to take actions that might unknowingly affect privacy.

The thing is, I seem to remember @dirvine talking about having multiple persona under your main SAFE access ID, which are not traceable to each other or to your main ID.

I’d like to get clarification on this, as it makes a real difference as to how one uses the network.

The main point I’m looking at in this thread is how to also have an ID solidly linked to one’s true meat-world identity so you can have verified interactions with real-world people, as without that the network is only for phantoms. IT needs to be both.

Ghosting as a whistleblower is great, but you need even then to be able to prove that you’re the same person from post to post, and when you go public (if), proving that you are communicating as your public self and can prove your ghost self is linked are both vital.

Separate accounts may be the best way to handle such, so you don’t accidentally make a cross-over mistake, but it seems that the same should be doable within one logon as well.

Yes we are looking at enabling two public names per account, these can cycle, but limited to two. So you can use an anonymous one and throw it away, but perhaps keep your real ID or the one you want to be known as. You can also create a separate account and charge safecoin from your old account to if you want. :slight_smile:

5 Likes

That’s such a cool idea I give a yes vote for that feature. It could also be an option to have a disposable cloak address similar to what the app gliph does with email. You could choose to keep or dispose. Possibly have a warning about identity exposure or a pin so no mistakes are made for someone with sensitive information. Maidsafe is so feature packed I can’t wait to play with it. Btw not sure if anyone listens to sovryn tech but Brian sovryn gives an honorable mention in almost every episode. I think mr Irvine should do another interview and give an update when he’s free. Though everyone on the team is busy right now :confused: but just a thought :wink:

I hope that the personas are non-unique. Having unique usernames on the SAFE network would be crazy. That would mean that someone could grab the name @BarackObama and squat on it forever and ever. Twenty years from now it would be a horrible username situation.

It’s better to let anyone who wants the username BarackObama use it. The main ID will identify the real Barack Obama. So if the main ID is untraceable then that would be problematic too.

For the private shares the user IDs should be untraceable. For the public shares the user IDs should be traceable to prevent people from pretending to be other users.

Having non unique persona’s will remove the ability for people to tip or email eachother if they are known only by their persona’s.

Someone can already grab the name and squat on BarackObama lol; You can rename yourself; and also children can be named whatever in the current system of identities, so your parents could have also name you barackobama and you could also squat on it forever.

I know that there is unique names; and in the current naming system in nations allows for two people to have the same name and be considered obviously two different people since different attributes;

An interesting study would go into what attributes of interenet people are obvious and will allow tracing of a person for example.
A barackobama the president is obviously differentiated from barackobama the auto salesman;
Public key is practically like a self issued disposable social security number.
Loss on SSN is due to the fact that SSNs are not cryptographic key pair items;
In fact SSN system is intensely primitive.
So is it possible to simulate such unique characteristics of a person’s ID on SAFE?
And if so, how? that is a possible answer to assume.

To email someone the unique user ID has to be used in addition to the username. With an address book in the email client that can be handled automatically without the sender needing to specify the user IDs every time.

Twitter usernames have already become more like user IDs than usernames. So Twitter has added an extra username that people can use. That’s a bit messy. It’s clearer and more concise to use a non-username ID and have name alias(es) connected to the unique ID.

Yes! I like that. Is that how unique user IDs are managed in the SAFE network today? That would work well. I could register a public key and call myself Barack Obama. I could also register another public key and use the name Hillary Clinton for that. Or even have two or more names for the same public key. That’s individual freedom and flexibility.

What we are looking at is a little complex in implementation, but makes sense. Its this basically

  1. You create public names (2 off) - always 2 you can throw one away and create another etc.
  2. The name is non unique, but carries a 10 digit identifier. (this is a short version of the public key and manages collisions, to allow this shorter version)
  3. Your address book will use the identifier to separate identities.
  4. You will be able to add some info to your public name (like country, town, sex etc., this may be private or public or nothing)
  5. Every ID can have safecoin sent/received (so you can even remove the last owner of a safecoin if you want to replace with a throw away ID, if you want).

The network tests that when you create a public account that it is far away from all other public names that are similar. This should keep the ability for collisions or close to the ID type attacks. This means if you are dirvine and the id is ABCDEF456 there will not be another dirvine with an ID anywhere near ABC (we check leading bits to ensure any close address is rejected and the client app tries again to create a new id for the public name).

This seems to prevent name squatting and allows people to use names they like and thrown these away and start again if they wish. Apps will allow you to send a name change to your contacts that can be automated I imagine. That way you can drop your history of public info but keep your pals in tow.

We felt this was the most flexible and secured mechanism based on all your feedback (thanks very much, huge help) and removed much of the human ability to mess with it. So folks all comments and critique very welcomed. This will be implemented in the upcoming code sprint (sprints are 2 weeks, should start Mon/Tues) along with the messaging system.

7 Likes

But if you for example want to change your name to divine, then if some other user has the name divine and an ID that starts with ABC… then you would be unable to change your name. Or?

The network would reject an attempt at a key that is close to ABC, you need to create another key (its all underneath the user and invisible). So you are still dirvine, but cannot force he network to accept a keypair you create, it may reject it. So you create another random keypair and see if the network accepts that.

Unless you are a hacker this is no issue as your client app (it’s a core library feature) will be creating and testing keys for you.
[edit clarity]

The 10 digit identifier is what is rejected, not the dirvine name itself. All the network is saying is that you cannot use the keys you created for this id, create new keys. The name is fine though, just cannot be stored in the place you are trying, so create new keys. Should be invisible to users.

[edit more clarity - sorry]
Each ID you create will create a keypair chain. You will not keep this as you throw away or change id’s you create new keys. That way you really do drop your old identity. Creating keys is a common op in SAFE, we create key with any change in identities (an account will have tens of keypair chains for security and all actions are separated with differing keypairs)

1 Like

That seems problematic. If I have used one username for a long time and want to change it, then I want to keep my unique ID (since that is used on social apps, blogs etc) and only change the name. With the current approach I would need to throw away my ID and create a new one.

1 Like

If you are only changing the metadata (name, town etc.) then you are not throwing it away. You can change that metadata at any time, it will not be throwing it away though. So you can just change the name on its own and keep all the history in that case. A new ID will throw everything away, but you can change the name if you want. People may even store your name as something else if they want as well.

We should make that more clear I think, good point.

1 Like

I should say though you will not be able to change it to a name like dirvine with an ID of ABC if one exists there, the network won’t allow this if it is too close to another name.

1 Like

That’s my point. If it happens that I want to change my name from JohnSmith to John, and I have an ID that starts with XYZ… and another John already has another ID that starts with XYZ… then the network will refuse my name change! Maybe that situation is unlikely to happen in reality, but anyway.

Is there merit in allowing three names per ID?

I’m thinking I’ll generally want to keep one public real name (Mark Hughes), one anonymous name with longevity (happybeing), and have another anonymous but more vanity/fun/disposable name.

Am not 100% sure I’ve understood tho! :slight_smile:

1 Like

In which case you would have to change what you want to “John123” or “PhillyJohn” or something else, just like on gmail or yahoo when account names are taken, except the collision rate on SAFE will be EXTREMELY less likely.