I think this an other way to use the tell I am a human trait. To me it is the question of the possibility of the network being able to validate a human only as a human and unique. So not identifying a user, that is another issue, I agree.
A worldwide voting system of humans would be lobby resistant AFAIK, of course marketing etc. plays a part, but not lobbying. I think democracy or consensus is a powerful tool for any community.
Opt ion could be a nice way to not force this on everyone, a voting app for instance could choose then to only use validated humans.
Of course the technical issue of doing this is huge as well as the way the network could use it. The technical issue is here I am focussing my mind just now, how that power is wielded though is important and will need a ton of debate.
Hi my first post on the maidsafe.org forum. Have been reading all the threads and this one on proof and ranking has me a bit puzzled. I second Blindsite2k question - is this proof of human really needed - and is it actually constructive? Some thoughts and questions:
Identifying humans as humans - a security risk and arms race rolled into one?
Proposals above such as paying (traceable) money, voice prints, face recognition etc seems a bit odd to be sending (i.e. storing) all this personally identifiable information to a network that aims to protect identity. Even if it can be done securely it will create suspicion. In addition, all the approaches suggested are (or very soon will be) script-able/gamable - Amazing AI advancement announcements in deep learning nearly every other week now.
Ranking and Voting System: What exactly is being ranked?
If we talking about ranking actual data posted on the network then what one community ranks highly (say right wing authoritarians to choose a black-white example:) another left wing community will rank very low. People will rank out of spite, on emotion etc. Ranking is very group-think prone and community/application specific. Are there more specifics on the proposal somewhere (I checked github MaidSafe Papers section for ranking could not see anything). Not saying ranking is a bad idea, just that tends to work better at the community/application level although finding a balance against group think is hard (and in some communities - unwanted).
What risks do âbotsâ - the ability to create many accounts - really pose?
If each account can only use the space proportional to what the account provides itself isnât this already a limiting factor? If bad actors (bots or otherwise) are detected corrupting or messing with data then clients will start dropping them from their routing tables so a bot would only be useful as long as it actually provided reliable space to the network? It appear to me a much more powerful way of assessing the worth of Safe accounts is tying the privileged of being in my clients routing table to the resource they provide. Step out of line, corrupt data, fail to respond frequently, flood me with unwanted data then your dropped.
As an aside, how does âlimiting the number of accounts per personâ relate to application level âaccountâ creation for, say, a Facebook/G+ clone. Taking google circles one step further and the need to create many disconnected social network accounts. For example a person wants their political activism profile, work, bodybuilding on steroids, and flower pressing âcirclesâ completely separate with no way to tie the three back to the same person unless they themselves do it. I assume we are talking about different type of low level MaidSafe account here (still learning only get a few hours a week to catch up on MaidSafe development so feel free to point out my ignorance
I donât think this is how it would work. Please correct me if Iâm wrong, but when I connect to my Time Warner account, Iâm not that user to the internet, Iâve just logged in through my modem. My modem isnât a user on Facebook and Google. So I donât think your login to the Maidsafe network would necessarily be your login to other things.
The basic premise of the SAFE network is simple. The client doesnât trust the network, and the network doesnât trust the client. Any of these ideas that have been suggested live by this same principle, so none of it should be traceable or itâs off the table. You are right about common perception: people might not fully understand the technology behind it and assume their biometrics are traceable. Also granted, I think it was Chris A. who pointed out that for now, we have not solved this problem yet.
This is the solid backbone SAFE has built in. From previous discussion however we want to boldly go where no network has gone before. We decouple safecoin from the proof-of-resource, and allow every account to store a Network Storage Limit. This frees the network from management overhead, so it will run smoother, AND it gives everyone access to store on the network, regardless of whether you (can!) contribute disk space. rather the farmer can earn safecoins for net contribution he provides to the network.
This does however open up an easy attack-vector: bots can create accounts and just plummet the network with useless data. This is why we are asking this question: how to hold off bots in the best way!
Your login to the network is anonymous, hence MaidSafe Anonymous ID (MAID) - you only have one of this. For every action you take âpubliclyâ (ie sharing with other people) you have an unlimited number of MaidSafe Public IDs (MPID).
Other guys responded to the other points so Iâll take this oneâŚ
Anything could be ranked - see Reputation Systems for a curt list of ideas!
You make a good point about different people placing different ranks on the same thing - I hadnât thought of that (because I havenât given this any thought really!) but I think we can cope with that. Different people would use the ranking system to their liking - so multiple perspectives with each group of ârankersâ (say that carefully ;-)) collectively contributing to the system that matches their perspective or purpose. The ranking systems themselves would be ranked!
People can attempt to sabotage a ranking system, but if peoples ability to rank is itself subject to ranking by others using that system, the majority win out. We can see these systems can be made to work (e.g. reddit, StackExchange) you just need more people to care about the system and want to contribute than people who want to troll or sabotage it.
I donât know what the ranking features are that are built in - @dirvine made some mention here but I have a feeling he also stated somewhere I canât find, that some ranking is already provided for, but I donât know the details. David - is there something already envisaged? Is there documentation on this?
The rank at the moment is done on the farmers (lost / stored counts). There is also rank machinery in the routing tables for further granularity of routing based rank.
The ranking of people and systems (like websites) is still under discussion though. I am glad it is there is a load of good comment and debate around this. I like the fear of losing any privacy at all, e need to keep that. Any human identification system will be private, I am very sure of that. I think there is real fear this means identifying humans as individuals, it is really identifying the thing on the computer as a human not as a particular human and not holding any identification on any human.
I think rank is a huge area, like rank data elements of a movie, song etc. this is good and can maybe expose who did the vote or not. Rank of other humans is best left to known humans. Then we just need to know itâs humans voting and then the big problem I have, defense of the minority.
This might sound like a really dumb solution, but I have to ask.
Bots want the NSL (Network Storage Limit) amount, right?
Would it be possible grant NSL⌠after they farmed/paid their first safecoin? The first safecoin grants the NSL amount. So they join the Network with Zero NSL initially, now they can farm for safecoins as a way of earning their NSL amount. Or people can âgiftâ 1 safecoin to them since they already have an account.
While it is an option, people should not have to buy safecoin on a national currency exchange, especially if safecoin is very expensive in 2-3 years. There is still the issue of those who cannot afford resources at all. I think charity/donations should step up in this part. And I would like to donate 10% of my farmed safecoins to the MaidSafe Foundation for that purpose.
If itâs possible, then it would be a compromise and a quick workable solution before launch?
This might be a stupid question but what would a maidsafe bot look like? How would it operate, what would be itâs goals, what challenges would it need to overcome, etc?
Thank you so much for putting your necks out there Maidsafe crew. This is exciting stuff!
First post on this forum! I am very interested in the PoH being proposed. I have a few concerns from what I have heard so far though. The concerns come from the following assumptions (so if its wrong please ignore)-
The PoH would be used to as unique one time âpermissionâ for the creation of MAID, is that correct? I.e. you would need to prove you are a human before you could gain access to the network.
If thats true, then;
The use of speech recognition (or any othe physical identifier for that matter) is probably not a great idea, as they can be coercivly obtained by other people. Case example, a Parent doesnt want there child on the network for some reason, so they force them to create an account that the parent then takes control of. Essentially, then the childs access to the network will be forever withheld from them by the parent. Additionally, others might short sitedly sell there PoH to a bad actor who wants multiple accounts, preventing future access to the network.
If the PoH is used everytime you login to confirm you are human to the network, then someone could easily access your files/resources as the would simply have to threaten you with violence and force you to givr them access (same problem with Iphones and finger print readers).
if PoH is proven by voice recognition, how do verbally disabled peolple access the network? This can be applied to other proof systems as well if they are based on physical abilities of users.
Love to hear a response to any of these if they are relevant. PoH sounds fantastic if it can work out somehow. I would side more with the unlimited identities over single if it came to it though. Thanks!
My definition of a BOT, in relation to this subject, is a scripted program, designed to automate multiple account creation. The purpose of multiple accounts is meant to gain an advantage over others from what is meant to be a fairly equal distributed pool of resource.
People can and do act in the same manner as the above, if they are creating multiple accounts for the same purpose. Unfortunately, there is no perfect solution for this.
The challenges a BOT needs to overcome is set by the rules of the system it is trying to take advantage of.
This is new ground for sure, and there have been lots of ideas, debates, and concerns.
Regarding to your 3 examples mentioned.
Coercion or force is like an ultimate Master Key, assuming the target of such force submits. AFAIK, there is no mechanism, security, that can stop/prevent such an event from happening. The same would apply to someone who threatens a bitcoin owner for their passphrase or privatekey. So I donât see POH as being a solution to this in anyway.
Reread over the thread again, trying to think of other simple solutions to this. In terms of simplicity, Iâm still thinking charging 1 safecoin (some negligible amount for entry, a penny, a fraction of a penny) might be the cleanest solution. People can make accounts for basically free but a bot canât make millions. This doesnât really defer people away because it costs next to nothing. Although itd be ideal it there was a brainless way of transferring to someone. Maybe when you sign up, it gives you the address and you just tell your cohort to send it to that address.
I think my answer at the moment is we cannot answer these questions, but we should certainly seek to. I have some ideas and thoughts, but your points are 100% valid IMHO. Not saying they cannot be overcome and they must. If we can get the tech right these issues will have to be tackled. Along with my worry over minority protections if we did have rank / vote system in place for certain data and actions.
Yes toughest thread so far. I think we are all hurting our heads. Interesting as its clear there is a huge opportunity but we are rightly scared of the risks involved to. Anti bot is one thing, although POH would be another, it would be anti-bot but also bring huge advantages to the network.
Iâm inclined to agree. A simple solution is often the best way. The more complex, the more mess it could create. As per my suggestion above, I would like people to be able to at least join the network, then they have 2 options.
Contribute Resources and farm that safecoin to pay for the NSL.
Have someone âtransferâ 1 safecoin to them to pay for the NSL.
In the future, if safecoin is very expensive in national currency value, it would be better to start an account by providing resource. We want users to contribute resources, yes?
EditâŚ
I am concerned about hitting the safecoin cap down the road and new users may not be able to farm safecoin as easily as we can today. What happens if we end up having 4billion users? Wouldnât that mean our safecoin will be all tied up? Ah, if the safecoin is burned upon NSL payment, then it can be refarmed, yay!
Totally agree! There is one difference to trafitional identification theft though, that is that voice is physically tied to a single user. If then PoH is a one time shot then the potential user looses future access to the network permanently if another obtains their voice pattern. If its not a one time shot, then the traditional threat is still in play as you stated.
In the future perhaps âproof of unique humanâ might be possible as well as desireable. Currently, though, for the purposes of the SAFE network, I donât think it is likely to be either.
I think it would add a layer of complexity that we would be better off not having to tangle with just yet, if the potential bot problem could be handled more simply.
Even if it is possible to do it very securely and certainly, while also being inclusive of most who would wish to join the network, l doubt people would trust that the network is really secure with their anonymity. That, in itself, might not prevent people from accessing (witness Facebook and Google, where personal data whoring is the rule of the day), but it wouldnât foster the concept of anonymity, however anonymous it might actually be. I myself would be hesitant to submit such proof, as Iâm really not sure of the technology and its potential misuse. I do think the complexity and uncertainty would inhibit adoption.
The main concern that I see on this is to prevent bots from making accounts and thus gobbling resources. So proof of human is indeed needed. I think a captcha system would be an appropriate barrier. Is it not possible to make such a thing effectively bot proof? [edit: doubting myself already: How would such a captcha system be maintained and who would maintain it?]
Whatâs to keep humanâs from making bunches of accounts and flooding the system with crap? I think the âfree minimum storageâ would be low enough to make this not worthwhile. 2-10 gb would be pretty easily absorbed, even if quite a few real people spent full time at it. Thatâs enough data to be getting on with at the start. I never did fill up my 2 gb Dropbox account. To use more than the network minimum you have to provide resource, either by farming or by purchase POR from a farmer.
Proof of Unique Human may have really good applications at some point, Iâm not sure. It could always be incorporated at a later stage at an application level for voting, etc. I have my doubts as to whether itâs either necessary or desireable at this time. ( I might be completely in the dark though, so âfor what itâs worthâ.)