Proof of unique human


#306

Like this one:

Whatever proof is used for SAFE, I would think any connection to the clearnet should be disabled during the process…and maybe a phone based call routed into SAFE could be established simultaneously for an extra layer as an option.


#307

How’s Tokenly’s “magic word” strategy working out?


#308

And if I have multihomed PC then I can disable on one connection and present to s/w that clearnet is disabled. Anyhow this proposal requires the “clearnet” since you do not have an account until your ID is approved.


#309

So probably not a good fit for SAFE.

What if we had a multihomed comms device that was so minimal, that you pressed a single button, got prompted for voice and an account was created/ logged on…like a yubikey for voice

I quite like the Paypal security key (credit card sized and piezo activated) for Paypal/ eBay along with Yubikey for Lastpass. I’d rather use those devices in place of PIN/ Password in the launcher.


#310

Yea I like that. I suggested something similar that could be a usb/serial device that can be challenged and respond with a response that can only be generated by use of the right keys.

So you would set up your account with passphrase etc. Then the launcher relays the keys from the group to the device with encryption. When it came time to log on you tell the launcher to use the usb device.

The usb device sends the username/pin to the group with the group’s encryption. The group sends a challenge (eg nonce) encrypted with the device’s public key and the group’s secret key. Then the device encrypts the nonce with the users key and then encrypts with the group’s public key, and sends it off via the launcher to the group. And you are authenticated without trusting the PC. (obviously this is not the whole but to illustrate the basics of the transfer)


#311

Would the fact that the USB protocol itself is compromised, affect this design?


#312

Shouldn’t since all comms over the USB and through the launcher is encrypted with the group’s & devices keys

Only if the device had a bug where it gives up the key to some combination of USB protocol commands. But it shouldn’t since the device would be separate from the device that did the comms. And personally I would use a device that had a USB <–> serial converter and separate device that did the authenticating built into the one enclosure. This way to create a device that used serial comms for say IoT devices could utilise a system that allows the authentication to be provided by a separate device that can be swapped out or supplied by the customer and not embedded in the IoT device.


#313

I was thinking of BadUSB, maybe not relevant for your solution


#314

Yea, that sounds like a USB attack of the computer.

EDIT: and the above description still requires a “clean” PC to set up the keys on the USB device. But secure on unknown PCs for the logon process.


#315

If I want to find out if @happybeing’s vault is online, and @Seneca wants to find out if my vault is online, then I can attempt to pay the @happybeing’s node’s wallet, and if he can prove to me that he owns that safecoin, the I can assume that his vault was online.

Similarly, if @Seneca can pay my vault and I can present him with that proof of ownership, I can verify that his node is online. Now, if @happybeing can pay @Seneca’s vault, and him present the proof of it, then we can conclude that we are now in a Network. And the owners of the nodes are proven to be the personas that present the proof.

This proof exchange must be done out of band though, on an IP-level protocol. This way we can consider that the origin IP address is one that the attacker has control over.[1] If we can verify vault ranking without involving a Network entity as a third party we can determine strength/uptime too.

Since the record of proof (generated after the proof exchange on the recieving party’s end) is local, it can be physical. I’m thinking a keychain-like program stored on an append-only database/filesystem on the reciever’s side.

It may sound like the start of a web-of-trust. A physically secured web-of-trust. The trust that they control a vault with a specific XOR address that is in a network.

Don’t know if that can help uniqueness, but I think it can be a start.

[1] Or be on a registered VPN or on the TOR Network. In which case their trust is diminished, because they do own a vault, but they are protecting their persona - which means we trust them less. They are invested, but anonymous.


#316

The problems for POUH / POI just keep growing with stuff like this…

Real time manipulation to synthesise fake video:


#317

Think long term or even mid term. Proof of unique human is discrimination already. Respect the AI and machinery. :slight_smile: Seriously. Unique human will be near meaningless in a foreseeable future.


#318

Sure, I want my cybernetic servants to do the running around, on SAFE or anywhere else, while I do high-level thinking.


#319

I keep leaning toward “proof of actual one human at this moment” versus unique human At this moment, this person is unique because they are doing what only a human can do as one person not as two at the same time… so I guess that proves unique humaness.


#320

A rather old topic but I’d like to bring this up as there might be something to my thinking. Need to find the holes in it. I have not read every single post in this topic so forgive me if it’s already been discussed.

Recently I’ve purchased and started using a fitbit activity device to help me motivate myself to be at least a little active because you know I hate moving anything but my fingers most of the time. Some devices out there have GPS and heart rate monitor and I think all of them have steps and time.

Imagine a device that has all these features but the data is encrypted. One might be able to make it impossible for one person to have multiple of these devices that are turned on for a set amount of time and them be different enough to seem like different people. Now you have a unique person and their identity is protected. I’m sure there are holes in this so let’s have them.

The only way you can get the data is with your login creds (safe) and the device could display a public key for use in systems of voting and what not.


#321

If the data is encrypted, for proof systems, how could you tell if one data set was sufficiently different than any other?

For that matter, what would sufficiently different look like?

Could you not also generate pseudo-random data in a smart enough algorithm to upload that looks like a plausible human’s own data?


#322

I heard that theres a device that could track the uniqueness of your driving as a signature to identify you.

If this is true, think about how unique each human being’s movement is… :O!


#323

I think this is a very bad idea.

It segues into the concept of an encrypted ankle bracelet.


#324

I could see that, if forced to wear it and use it and not being allowed to use a different one when you decide to change it out…

A distributed app (an AI of sorts) would have to be able to access data or an aggregate of data points could be normalized into a dataset and turned into a hash and figure out if unique.

yes - here is the obvious hole I wasn’t seeing…


#325

@bluebird

I think this is a very bad idea.

It segues into the concept of an encrypted ankle bracelet.

You mean like having fingerprints for example, or some other reason? Can you elaborate?