This is a sign that we should abandon POUH
1 Like
We could just exclude 13 year old Ukrainians no? 
Passing this test is one thing, fooling SAFE network another
It is quite a milestone - and relevant - thanks for the link.
I hope there will be more discussion on this, I think it is imperative to solve this before it eventually becomes a much bigger problem.
Itās too important of an idea to be abandoned. If we can find a cheap, accurate, impossible or expensive to fool biometric then we can do it.
There is the Nymi but itās not open source. There are vein scans but these are expensive.
2 Likes
Monozygotic twins have different finger prints. Maybe a password keyed to an RFID implant? Identification as useful as its been is a misnomer. Concrete division in awareness/consciousness corresponding to concrete pattern in space-time in a discernible way? Solution would be harder than simulating someoneās spouse or mother to the point that most people would never know the difference. Why canāt we design systems that that tolerate ambiguity? Its a launch code and keys type problem.
go to make an account here and enter the game, please it is free.
Upon making an account you enter TUTORIAL ISLAND!
until you complete this tutorial there is no game; though it takes up to 30 minutes and you learn all the basics of using the service, and Iāve played this for 10 years now and running it is loaded with crypto concept to participate -
3 Likes
This is very interesting, proof of it working to, which is really nice.
Yes,
A brief chronology of Rune Scape regarding bot control:
In the first version of this game, the developers created a game where players make their own armour and weapons and battle eachother and very few endgame boss encounters. The game focused on users improving their skills and within those skills this allowed a player to collect scarce items to make even more scarce items and it required the player to train up a skill which was an incredibly tedious task, and required a unique process for each skill. The problem occurred when an all inclusive software was designed and deployed for any user to download and use, and the entire game turned into a game of botsā¦
during this time the goal of botting was to overcome to actual requirement to participate in the proof of work necessary to achieve a high level in skills to make the best items and also to accumulate the highest amount of resources possible while also being able to live a normal life.
The developers of the game then prohibited the use of the bot, and developed an entire array of resources to noticing bot-like activity and directly banning the user; at this stage if someone was accidentally banned, then the person who was banned could if they were clever enough to approach the developers of the game to prove that they were not a bot and pay a fine to be unbanned.
In version 2.0 of this game the developers released random events which would require a unique process to literally āfreeā oneās own character from the random event, and if I was a bot then I would be stuck and probably time out; though my botting goals would not be met. This method works, though it doesnt stop mass bots from doing their thing until the moment of a random event and manually a person would solve the random event and reset the bot. These random events were highly annoying to players, and the tiny reward given in exchange for completing the random event was insignificant as the random event could occur at any moment, except in certain places (like dangerous situations such as a boss fight.)
during this version of the game it became incredibly popular over 200,000 user at any given moment and the motivation for botting was to sell the ingame currency for fiat a highly lucrative business since a bot could bot 1 million gold pieces which costs 4-8 USD and could take up to 2 hours to bot out.
In version 3.0 of this game, the current version there has been an immense deployment in complexity to the way that the user interacts with the game environment. The proof of work type skilling in the game has had additions to accelerate highly involved players where by doing intricate and ādangerousā situations with groups of 30+ a player could gain a significant amount of progress towards certain skills for example. In order to become wealthy within the game there are complex boss fights where if successful there is a quite small chance though the only place in the game environment to acquire the best weapons and armour which also commands the highest ingame currency value. Botting within this environment is lucrative in such a small way that there are only very few, mostly chinese, and they are easily interfered with. Such as the most profitable botting locations are where any player can be killed by any other player and so bots are farmed in this zone as they try to bot items from this zone.
The current state of the game is considerably bot free, mostly since players earn ingame currency through a community effort and the intricacy of use in each aspect of the game has increased considerably and most importantly it does not increase the difficulty or the time for the playerā¦ simply it is more interactive and more pretty the gaming experience. The anti-bot mechanism actually enhance the game.
So once a player has manually used one characterā¦ and took the time to use that character and achieve the skill ratings and accumulated wealth with her or his peers within the gameā¦ to make a new character is absurd simply because you start at 0 and have to redo everything including long drawn out quest lines and also it does not help your community of friends to restart a new character when that time can be put toward making one really nice character as opposed to several lamer ones
3 Likes
Perhaps this could benefit from a serious games approach?
Award points to humans who pass certain tests disguised as games. The questions/activity in the test would be the sort that only human beings are good at. These should happen randomly, and the only way to avoid seeing this randomly would be to pay a fee.
Would that work? If itās not profitable to be a bot then you can avoid the Sybil attack.
The current state of the game is considerably bot free, mostly since players earn ingame currency through a community effort and the intricacy of use in each aspect of the game has increased considerably and most importantly it does not increase the difficulty or the time for the playerā¦ simply it is more interactive and more pretty the gaming experience. The anti-bot mechanism actually enhance the game.
Interesting ideas youāre presenting. Would anyone else be willing to research approaches like this to see where this line of thought can lead?
3 Likes
This could work with user reputations. Where human voting and decisions come into play.
I have played Runescape and found their anti-bot system annoying though somewhat effective.
However, the dangerous Sybil Attack is going to be on farming nodes. I believe most people will be running their vault/farm separately and without supervision. So random āhuman checksā could be more disruptive even damaging. The storage is being handled by the computer anyway, not the person. Farms are basically bots working for a real human owner.
At best, we want a NEW farmer to have the easiest, fastest, way to get a vault up and running without too much hassle.
At worst, we want the FREE user to prove they are human when they use network resources. Perhaps the āserious gameā approach could be incorporated here in a very limited capacity, like when they try to vote on network changes or something serious.
1 Like
In that case they would have to win enough points to earn the right to make a vote. The way to earn these points would be to provide increasing evidence of humanity.
The games should keep changing, be random enough so they cannot be tricked or fooled, be timed so that the game ends if not beaten in a specific time. You could throw Tetris or Pacman up and make them play that for instance and get some points.
As long as the bots have no way to predict in advance what the next game is then the bot would have to somehow be good at all games? Itās not feasible yet. These games combined with some sort of other mechanism and you get enough points.
Iām not entirely confident it could work but itās going to require something truly creative.
I believe @dirvine is looking at the zkSnark stuff with a view to solving this one. If that is so, we may ultimately be left with a much smaller attack surface - more denial of service than anything, and hard enough that it is only available to very large non-profit oriented entities (i.e. governments!)
1 Like
Yes, I think zero-knowledge SNARK makes a big improvement for our Network security.
The 2.0 random events was exactly thisā¦ it would ask like which of the three do not belong - letās call them glorified captchas;
Randomly while doing things that are routinely done by bots would spawn randomly an event which would call to action the solution.
It required virtually no skills besides being able to discern things, or complete a maze;
Though tutorial account creation should be implemented anywayā¦ why should I go to 100 different sources to find information when the service could provide the utility of getting started and also filter out some automated account creation process.
I think the ātutorial methodā would improve the first timerās experience while verifying POH.
Bots rely on repeatable patterns and trigger events. We could make the tutorial lessons random so the interaction cannot be easily repeated by a bot. The human user does jump through some hoops/challenges under the guise of learning how to use the Network. They may not even notice it. Users who have already been through the tutorial will find it annoying, but then again, they are also making multiple accounts. If they do not use the tutorial, then they will not gain points toward POH.
Simple Example
- A user creates a new account for the first time.
- They activate the tutorial to learn how to use MaidSafe.
a) store data, initiate a PUT request.
b) retrieve data, initiate a GET request.
c) delete data, initiate a REMOVE request.
d) browse a random website
e) open your welcome mail.
f) send a messageā¦ This could incorporate random captcha.
g) set up a vault.
Randomize the order of lessons A - G
More lessons/challenges could be added. This is the basic idea of how it could be implemented. I do believe people will find it very helpful. We could also encourage new users to complete the tutorial by awarding them additional storage per lesson.
3 Likes
To add to the complexity, practically any human can make a webpage; And I think it would be exceptional to add part of the tutorial on how a person might make the simplest static webpage; and also at the conclusion of the tutorial, that the user gets a fraction of a safecoin;
this would prove to be an amazing introduction to the network
Also, I wanted to add that the interface of the tutorial ought to be somewhat intricate in order to prevent botting; as in the example of runescapeā¦ a user has to run around, read text, perform unbottable activities etc
5 Likes
Huh. Thatās pretty good. Procedurally generated terrain where the information you need is in a box in a house. Conceptually easy to understand, but if the terrain is procedurally generated, thereād be no way for a non-human to get to it. Thatās kinda brilliant.
4 Likes
No amount of proceduralism or captchas will ultimately thwart strong AI and computer vision algorithms. Period.
Stick to encryption and zero-knowledge proofs.
1 Like
Relying on authentication is a never ending battle - identity determination is a fleeting thing, what works one day will be the subject of attack the next. Furthermore despite protections, such information could be harvested via viruses on the host computer and used against the entity.Ā So, instead of authentication, rely on some form of exchange ā so we have thus far:
- Proof of work.
- Proof of stake.
- Proof of resource.
Others?
Exchange seems to be the only long term way to gain access that wonāt end up having to be patched regularlyā¦and when A.I. is upon us, what then? - Exchange offers a way forward no matter what happens. Furthermore, if we really want anonymity (a must in my view) and we want to be an open network, then letās use one or better yet, all three of the general methods of exchange already devised.
In reverse order:
-
Proof of resource: offer resources to the network - be a farmer.
-
Proof of stake: pay to play - pony up some safecoin every so often - surely a formula can be created based on the market prices for the resources offered by farmers.
-
Proof of work: many possibilities with reputation scoring seem plausible, hereās just one which would be a regular bit of work that would be of value to the maidsafe network. Note: not one-time work! A sapient might create an account and then push it to a bot.Ā Firstly Iām not sure if there is a means of tagging public data on the network yet, but it might be a good idea and would allow the following: - public data uploaders add tags (create or select from a list).Ā With this done we enlist the help of the users to verify that the public data is tagged correctly.Ā Asking new users to put tags on a number of public data uploads blindly (they canāt see how it was originally tagged) and then scoring their efforts against the majority of tags will tell us if they are sapient beings or bots. It will also serve to correctly tag data.Ā This also offers us the ability to push back against those who might load up nasty stuff and put arbitrary or disarming labels on uploads and they can be kicked off the network for putting false tags on public data, hence discouraging bad actors. If an A.I. comes along and can do this task, so what - it is still lending work to the network and is of value.
1 Like
Just because itās a challenge doesnāt mean we should give up. Itās necessary to solve this problem. No solution is perfect but a process of iteration which we can improve.
For some features you need to know a human being is at the other end.
Here is a way to accomplish it. Instead of trying to come up with just one Proof of Identity to rule them all we should just create a decentralized autonomous corporation with a real world office. Human beings would then register in the real world to verify they are human beings. Theyāll be given a code along with a Nymi in person or mailed to their house.
Then they would use the Nymi to log onto SAFE Network, then enter the verification code. After these two operations are complete the human being would be given a certain amount of points which would represent their level of humanness to the SAFE Network. The identity corporation would exist as a DAC on SAFE Network as a decentralized application and would handle the rest.