Verifying unique identity - iris scans and a web of trust?

Someone on the thread about DAOs mentioned the problem of maintaining one vote per member, which I would suppose come down to ensuring one member per person?

An idea I've been thinking of for a while now is to figure out some means of tying accounts to iris scans (as iris scanners get cheaper, this may become feasible), with the iris scans acting as a unique "username", and a private passphrase to access the account. However, the problem with that is preventing people from sending fake data and creating multiple accounts. The solution I've seen suggested for that is to verify them in person, by using other peoples scanners whenever meeting in person - so when you meet them in person, they would scan your iris and check that the hashes match, verifying that it is indeed your data, and the more this occurs, the greater the confidence others can have that it is the "true" account that you have. I presume some sort of web of trust could be implemented, so you could track verifications through the system - so you know that the person you are interacting with has been verified by Alice, who was verified by Bob, who your friend Charlie has verified...

In summary:
- You create an account using your iris scan
- The next time you meet someone, they verify that it is your account using their own scanner
- Someone who has that person as a trusted introducer (?) will now be able to be confident that you are a real person
- Over time, as more and more people verify you, there will be a wider circle of people who trust you to be an actual person.

It would still be vulnerable to large groups of trolls verifying each other, but that should show up as an unusually tight circle of accounts, that would result in a low rating for them.

Possible applications? The one I proposed was for an AltCoin that implements autotaxation and a basic income, to prevent individuals from setting up multiple accounts and taking more than their share, but it could be used for anything requiring identification. The one proposed was for verifying that the person you're dating is actually who they claim to be. The account would contain whatever identity information you chose to give it - age, sex, name etc - and would rely on people you meet to verify that you're telling the truth. Probably have some means to change the data, but do remember that it would remain in your history regardless...

Comments

  • avsaavsa Member Posts: 68 ✭✭
    The web of trust element you propose makes the iris scanning unnecessary. I can meet you and ask what's you identity and that will be enough verification for me and anyone who trusts me. If there's a chain of trust between me and Bob, where everyone on that chain has either verified someone's identity or trusts that a friend/institution has, then it's enough to verify it.

    I prefer it this way because it's more flexible. I can have an identity with one group of people and another in a different group.
  • CerereanCererean Member Posts: 10
    You still could - there is nothing stopping multiple such systems from existing. The aim is to tie each account to a person, and that's where the iris scans come in.
  • CerereanCererean Member Posts: 10
    I'm fairly surprised this hasn't received any discussion, given how important the matter is. Are there any other threads where this is being discusses?
  • StephanTualStephanTual London, EnglandMember, Moderator Posts: 1,282 mod
    edited April 2014
    @Cererean, it's very likely ID systems will be layered. This is exactly how ID systems in meatspace already work today, in order to establish a degree of certainty that an ID is indeed valid.

    I can think of a few options, ranging from 'low certainty' (good enough for a social site) to 'high certainty' (for say, banking)

    - Linking social profiles (google, fb, airbnb, etc)
    - Linking and verifying a phone number
    - Having other, validated users vouch for the new user
    - Submitting utility bills, etc to contracts set up to validate them
    - Linking and verifying a passport (via services like ID scan)

    Etc... My personal favorite is having the user submit a proof of arbitrary action that usually would warrant proof of ID in the real world, this way, anonymity is respected but validation can still occur.
    Post edited by StephanTual on
  • CerereanCererean Member Posts: 10
    That's enough for verifying that you exist, but how do those systems allow me to make sure that you only have one persona on the system? Linking passports would work, but then, that makes the system reliant on an existing centralised ID system...
  • ranfordranford Member Posts: 25 ✭✭
    @Cererean I agree with you Cererean ensuring proof of unique identity is a topic that has received a surprisingly small amount of discussion considering its importance. Especially since an Ethereum based system could put the ownership and control of that ID and all its uses where it rightfully belongs - with the individual. Id love to explore an Ethereum contract that could pay ID owners by charging a small fee to organizations for his proof of ID. I was thinking along these lines but in terms of a range of unique identifiers starting with something becoming more readily accessible - fingerprints - note that phones are now coming out with scanners built in. but also being extendable to a range of biometrics/proofs of unique ID.

    Im envisioning a core personal unique ID system that might require an annual proof of unique ID, so you would fingerprint every year to earn your coin stake. This would tie in nicely to the Basic Income coin @vitalik @karl_Schroeder @Jasper. This could be offered as a service to any future altcoin that needed to distribute fairly to a population without requiring passports or other centralized ID. It could be used as a service for merchants. If each individual was able to approve when their data was used to confirm their ID then I could see them being paid by merchants (through the system) at the point of sale - ironically reversing the payment equation from today. If the contract is secure as a holder of the persons unique ID then why not let a single swipe of his thumb verify his ID and approve the sale from his bitcoin account without any details being stored on any central merchant server. This would be very user friendly, less risk for merchants (possibly less cost) and under the control of the individual through the contract that shares his level of ID as he approves of.

    @Stephan_Tual and yes I agree id systems will be layered, and the more they do the more they reinforce.
  • ranfordranford Member Posts: 25 ✭✭
    @stephan_Tual what I meant to say was that a unique identifier such as this is the fundamental base on which all the other systems could refer to under the users own control

    @avsa it doesnt stop any flexibility - its a choice when its desired, this wouldnt be instead of, but something to be used by layers such as social networks on top of it and so a user can still have multiple personas as needed
  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    Iris scans are useful, but you cant get them connected to ethereum easily!

    The last of the options(for how it is currently done) Stephan_Tual mentioned is particularly centralized. Of course, why not, these systems exist out there and no reason not to make use of it if it presents itself as reliable.

    That said, i like the idea of decentralizing that too.. This is where a web-of-trust -like approach might come in, but it has to be more robust than the GPG one... You dont want to tie it into moneyed interests, but i think it is good to put incentives system for connecting the trust-of-human network and identifying frauds somehow. Such a system could employ things like iris scans, but probably via the people estimating that the iris scans are working correctly and looking at the results, etcetera.

    About monetizing it, i think having a person attached immediately improves trust in transactions regarding attached public keys.(and satelite contracts)

    (a bit aside)If people worry about privacy, I do think features that are hard to use from a distance, like(presumably) iris scans are better than ones than ones that are easy to, like gait analysis, or that you leave traces of everywhere, like fingerprints or DNA.
  • ranfordranford Member Posts: 25 ✭✭
    @cererean , you might like to check out Joel Monegro's ideas at
    https://hackpad.com/Decentralizing-Authentication-With-Ethereum-cNTIhm3V1hY
  • CerereanCererean Member Posts: 10
    @max, that still leaves open the problem of preventing people from opening multiple accounts. That's not a problem for most things, but if we're going to be using it for voting or implementing a currency with built in redistribution, we need something that can't manage that.
  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    Eww the javascript. My firefox cant even read it.. I cant export it.. Sorry :(
  • ranfordranford Member Posts: 25 ✭✭
    @cererean Absolutely, I agree with you that the first data stored on the system would be biometric ID, fingerprints, Iris scans, etc, multiple IDs that can be used under your authority as required. I am actually considering an angel investment in a business offering new fingerprint scanning tech for finance industry and this would be a great service for that company to reduce costs and risks associated with storing the data (which would currently be on a centralised server of course) as it could instead pay a relatively micro transaction fee to the Ethereum service and would also avoid resistance to peoples concern over the security of their private data.

    BTW I do see the redistribution for new cryptocurrencies a serious issue for nascent cryptocurrency area. Peter R on bitcointalk - is trying to hijack every new altcoin by coercing them to use the unspent bitcoin snapshot as the basis for "fair"distribution, calling the idea "spinoffs" I feel its a nuclearbomb for crypto, the sooner a more "fairer" alternative distribution list arises the better. The whole concept would be to perpetuate bitcoin blockchain at the expense of real innovation through a wider cryptocurrency ecology.
  • CerereanCererean Member Posts: 10
    Perhaps the identity system could be built into a RepCoin/Wuffie distribution scheme, where the higher the chance you are who you say you are, the more rep you can give out, starting from 0 at 80% probability (determined by the web of trust... somehow) and asymptotically approaching 100 - and similar for accepting rep. That should offer an incentive to make sure you verify each other whenever you meet a new person, improving the systems reliability. Say, 100 Rep each month, with the Rep possessing a halflife of a month (how would this be performed?), and a global scoreboard measuring the pecking order...
  • CerereanCererean Member Posts: 10
    There's a post by Vinay Gupta that suggests something which I think could be used to implement such an identity system.
  • CerereanCererean Member Posts: 10
    There's a post by Vinay Gupta that suggests something which I think could be used to implement such an identity system.
Sign In or Register to comment.