Proof of unique human


#243

Actually they walk amongst us already. Identical twins.

Yes I know there are laborious methods to separate them, but for the purposes of POUH, they will show as identical.

There are also people who have dual DNA. More rare but often enough to be a problem for POUH.

And the real problem is that any test (so far) that does not involve a trusted 3rd party to verify, is subject to fooling. Many can allow one person to appear as multiple different humans. All so far allow tricking.


#244

I have thought a lot about this and I think the only solution is issuing IDs by mail. This is the same as banking and voting - an address is required. Most people only have rights/access to one residence. You can’t fake a mailing address.

There would have to be a maximum limit of say 5 users per address, to prevent individuals obtaining countless IDs. Individual addresses could be recorded and managed by a system that notes which have already been applied for (and so no more IDs can be issued to said address).

To prevent persons sending other people unwanted user IDs (and these people may want to apply at a later date, without having to search for a letter someone else applied for 2 years previous and thought it was rubbish then threw away, for example), these new IDs and users could be linked to a confirmation code included in said letter, meaning that only the person who has access to the mail can confirm if it was them that applied for it or not.

IDs and passwords received by mail should be required to be “scratch to reveal” - allowing anonymity to be retained regardless of the fact it was sent to your private address, and then changed upon receipt - quite like modern banking security.
Yes there is a physical cost here and someone is going to have to do it, but is necessary for this function. If there was a small fee to cover physical cost network this could help fund GETs or something like that. This would mean maidsafe being not fully decentralized but there would be no loss of anonymization. At most maidsafe would have a record of who has applied for a maidsafe ID, but is that really a problem?


#245

Not true, I live in a van and have had to do this alot tbh lol


#246

But could you send mail to said address? Jealous of van life!


#247

i guess that would be harder


#248

I think the issue here we don’t want an “authority” of any kind administering the proof. This eliminates anonymity because a central “authority” has to process your “ID”

Mail redirection is one way. I can put a mail redirection into the post office and they will redirect any mail sent to that address with the name supplied. No proof needed that I ever lived at that address and AFAIK no proof the address actually exists. So as long no one by that name lives there, no one will care.

Another way is to have a mail collection service that you subscribe to that provides an address for mail to be sent to and it is bundled up and sent to anywhere in the world.

In other words I could become as many people as I wish to. No longer unique


#249

Correct me if I am wrong, but this has been discussed since May and still not been resolved. Seems like this project is going to take till 2020 to launch lol.


#250

This thread is about grappling with a difficult concept (easy to use, reliable proof of unique human on a distributed network). Thankfully it doesn’t need to be resolved for the Safe network to launch, or we could be waiting far beyond 2020!


#251

A single validation system is flawed, no matter how it is built … It’s about time to be bypassed by someone.

I believe that a good solution is entropy. Imagine instead of a single proof (when creating the account), was created a system of challenges, where eventually the user will be asked to solve a random challenge … Keeping proof of being a human.

I’m talking about thousands of challenges, where automation is a pain in the ass to be built…


#252

This is purely a concept topic and not used or needed for the SAFE network

Any of the issues in SAFE that caused this topic to be considered were resolved satisfactorily by other means.


#253

To prove that a human is human, the following question must be answered first: what is human?
Defining the essence of the human condition should be the first step to establish the proper criteria to detect one.

The only skill that singles out our species from others is the capacity of our human cognition to interpret semantics… and this ability seems to be targeted by deep learning.
I actually expect machines to eventually take over the turing test and score even better than humans some day.

But until that fateful day, I think that semantic tests would replace efficiently captchas to detect humans.
For instance, identify metaphors:
"The sea flowed inconsolably from her face"
Options 1: It is about sea tides
Option 2: It is about someone crying
Option 3: It is about water currents in the sea
Option 4: It is about someone drowining.

I gotta be honest, there were kids failing metaphors in SATs (Standardized exams for college admission in the US), so it may filter illiterate or undereducated people as a side effect. Is that good or bad? I leave it to you guys to judge…

Another way of doing semantic tests would be visual, where images are shown and it has to be matched with its context.
Example: "Jeremy is very tired, he needs a ____"
Option 1: (show a picture of someone running)
Option 2: (show a picture of someone driving)
Option 3: (show a picture of a chair)
Option 4: (show picture of a comb)

Now, if you need proof of UNIQUE human, that would mean that a means to identify the individual in a way that any behavior or characteristic will be detected as singular. That is a huge challenge and the only reliable way of doing that is by forcing a deanonymization of the user, which we know it is not acceptable.
I think we have to ask ourselves if “proof” is the right objective here, I think that is misguided.

What we need is not “proof of unique human”, but a high cost for bot makers and mass account creation, and that is a much more achievable goal.


#254

What IF… what if we ASSUME every account is a cloned one, and each account must “prove” its humanity and uniqueness through its usage and reputation? The more they use the account the more behavioral points exists to analyze.
For instance, we could have keyboard keystroke biometrics enabled and then seed out or disable the accounts (if that is even possibl) that are detected as identical.
Secondly, enable functionalities (such as voting) when an account has enough usage and good reputation built over time.


#255

I officially HATE this idea as it discriminates against anyone living on the road, a nomadic lifestyle in general, who is homeless and is trying to access the SAFE network with either a laptop or borrowed computer, or any other instance where the user does not have a fixed location. Just because you don’t live in a fixed location doesn’t mean you aren’t human. What if your address is “That cabin deep in the woods at GPS coordinantes so and so.”

I in general like your idea here. But as has been discussed in other threads a reputation system inherently degrades anonymity. One can’t really develop a reputation system while maintaining anonymity and security so I don’t think it’s fundamentally fair to tie a reputation system to having an account because some might choose not to use said system in order to preserve their anonymity and security. If you do discover a way to consolidate anonymity and reputation please hop on over to the bitlaw thread. :slightly_smiling:

How is this different from keylogging? If this is enabled how can privacy be maintained?


#256

I think zk-SNARKs could be used to prove that an anonymous ID x belongs to a public ID w with a particular or minimal score in reputation system F without revealing which w that is.

Consider the setting where a client owns a public input x, a server owns a private input w, and the client wishes to learn z:=F(x;w) for a program F known to both parties. For instance, x may be a query, w a confidential database, and F the program that executes the query on the database.

**Security.**The client is concerned about integrity of computation: how can he ascertain that the server reports the correct output z? In contrast, the server is concerned about confidentiality of his own input: how can he prevent the client from learning information about w? Cryptography offers a powerful tool to address these security concerns: zero-knowledge proofs[GMR89]. The server, acting as the prover, attempts to convince the client, acting as the verifier, that the following NP statement is true: “there exists w such thatz=F(x;w)”. Indeed:The soundness property of the proof system guarantees that, if the NP statement is false, the prover cannot convince the verifier (with high probability). Thus, soundness addresses the client’s integrity concern. The zero-knowledge property of the proof system guarantees that, if the NP statement is true, the prover can convince the verifier without leaking any information about w (beyond was is leaked by the output z). Thus, zero knowledge addresses the server’s confidentiality concern. Moreover, the client sometimes not only seeks soundness but also proof of knowledge[GMR89, BG93], which guarantees that, whenever he is convinced, not only can he deduce that a witness w exists, but alsothat the server knows one such witness. This stronger property is often necessary to security if F encodes cryptographic computations, and is satisfied by most zero-knowledge proof systems.


#257

Why would that be?
OTC bitcoin markets operate in anonymity and yet they learn to trust users who have a high trust score.
You don’t need to know who they are or where they live as long as they behave in the way you expect them to behave.


#258

Actually bitcoin operates using psudoanonymity not true anonymity. And the problem is even if one doesn’t know a user’s name or where they live one can still profile their behaviour, writing style, habits, history, psychology and so forth in order to identify them.


#259

One common mistake a lot of people seem to be making in this thread is thinking that Biometric Authentication = Proof of Unique Human. Those aren’t the same thing. Even if we had a perfect biometric authentication system which was completely foolproof (we don’t), it would only prevent a person from impersonating another specific person. That’s what biometric authentication systems are designed to do. What it wouldn’t (necessarily) do is prevent a human or bot from pretending to be a completely new (fake) person whose information is not in the system. (E.g. Just because I can’t spoof your fingerprint, doesn’t mean I can’t generate a new fingerprint which could plausibly belong to a real human.) That’s not what biometric authentication systems are for. Perhaps a biometric system could be designed to solve that problem, but no existing biometric authentication system was built with that goal in mind.

Another common mistake people are making is confusing “Proof of Unique Human” with “Proof of Human”. Those aren’t the same thing either. “Proof of Human” is the problem CAPTCHAs are meant to solve. It ensures that only a human can perform some action (like create a new account). “Proof of Unique Human” ensures that not only is the person performing some action a human; but that said person can only perform that action once. Imagine a CAPTCHA that once you’ve solved it once, you can never solve it again in your life, ever. That’s the problem of “Proof of Unique Human”, and none of the solutions proposed in this thread seem anywhere near solving it.

That said, I’m all in favor of alternate solutions to the bot and Sibyl problems. “Proof of Human” type solutions are okay, but difficult to implement. I like the idea of charging a small fee for account creation; that seems like a reasonably reliable and easy to implement solution to me, and it has the advantage of not needing to be constantly updated as AI technology improves.

Also, fun fact: CAPTCHA is an acronym that stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. So basically any solution we come up with here for “Proof of Human” will be a form of CAPTCHA.


#260

And regular CAPTCHAs are now being defeated by bots in real time using “sweat shop” humans to solve them then pass on the response. Sometimes even using fake websites that require a “CAPTCHA” to continue reading the article (or to enter the site). Those are fake sites and if you ever wondered why you answered a CAPTCHA correctly but it says you are wrong and this continues till you give up, then you likely were at a fake site working for a BOT


#261

yeah, popular sites for such captcha mechanical turks are porn sites.
So the actual challenge should be how to identify legitimate users not really if they are human or not.


#262

Haven’t visited this topic in a long time. I love this entire concept.


Proof

100% True. Not “pain in the @$$ to fake” - impossible to fake.

Unique

What makes a life unique? One flower from another, one animal from another, one human from another.

Entropy is a great way to determine a specific point in (what we humans call) time, but it always increases. The entropy that one individual may have today is not the same that they will have tomorrow.

Also, how can you measure such a thing? This would presumably be along the lines of reasoning as to how to determine every moment in an individual’s life to see if their “life experience” has been unique; which is probably the best that we can get at defining individuality. (I’ll review Aristotle and Plato and see if I can come up with anything better) Entropy might as well just be another word to describe this data.

Human

Not robot. Not dog. Not flower. Human.


Ahhh…I love it. Although we may not have an answer until the very last second of the universe, I sincerely do hope that we are able to find out someday.